Package io.quarkus.csrf.reactive.runtime

Class CsrfHandler

  • All Implemented Interfaces:
    org.jboss.resteasy.reactive.server.spi.GenericRuntimeConfigurableServerRestHandler<CsrfReactiveConfig>, org.jboss.resteasy.reactive.server.spi.ServerRestHandler, org.jboss.resteasy.reactive.spi.RestHandler<org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext>
    public class CsrfHandler
extends Object
implements org.jboss.resteasy.reactive.server.spi.GenericRuntimeConfigurableServerRestHandler<CsrfReactiveConfig>

    • Constructor Summary

      Constructors 
      Constructor Description
      CsrfHandler()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void configure​(CsrfReactiveConfig configuration)  
      Class<CsrfReactiveConfig> getConfigurationClass()  
      void handle​(org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext reactiveRequestContext)
      If the request method is safe (GET, HEAD or OPTIONS): Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request. If the request method is unsafe, requires the following: The request contains a valid CSRF token cookie set in response to a previous request (see above). A request entity is present. The request Content-Type is "application/x-www-form-urlencoded". The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.

    • Constructor Detail

      • CsrfHandler

        public CsrfHandler()

    • Method Detail

      • handle

        public void handle​(org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext reactiveRequestContext)
        If the request method is safe (GET, HEAD or OPTIONS):
        • Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request.
        If the request method is unsafe, requires the following:
        • The request contains a valid CSRF token cookie set in response to a previous request (see above).
        • A request entity is present.
        • The request Content-Type is "application/x-www-form-urlencoded".
        • The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.
        Specified by:
        handle in interface org.jboss.resteasy.reactive.spi.RestHandler<org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext>
        Specified by:
        handle in interface org.jboss.resteasy.reactive.server.spi.ServerRestHandler

      • configure

        public void configure​(CsrfReactiveConfig configuration)
        Specified by:
        configure in interface org.jboss.resteasy.reactive.server.spi.GenericRuntimeConfigurableServerRestHandler<CsrfReactiveConfig>

      • getConfigurationClass

        public Class<CsrfReactiveConfig> getConfigurationClass()
        Specified by:
        getConfigurationClass in interface org.jboss.resteasy.reactive.server.spi.GenericRuntimeConfigurableServerRestHandler<CsrfReactiveConfig>