CsrfValidator (Rice KRAD Web Framework 2.6.2 API)

java.lang.Object
- org.kuali.rice.krad.util.CsrfValidator

```
public class CsrfValidator
extends Object
```
Simple utility class that will validate the given request to determine if it has any required CSRF information, setting appropriate response errors if not.

Author:

Eric Westfall

Field Summary

Fields
Modifier and Type Field and Description

static String CSRF_PARAMETER

static String CSRF_SESSION_TOKEN

Fields
Modifier and Type	Field and Description
`static String`	`CSRF_PARAMETER`
`static String`	`CSRF_SESSION_TOKEN`

Constructor Summary

Constructors
Constructor and Description

CsrfValidator()

Constructors
Constructor and Description
`CsrfValidator()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static String`	`getRequestToken(javax.servlet.http.HttpServletRequest request)` Retrieve the CSRF token parameter that is on the given request, or null if the request has none.
`static String`	`getSessionToken(javax.servlet.http.HttpServletRequest request)` Retrieve the CSRF token that is associated with the session for the given request, or null if the session has none.
`static boolean`	`validateCsrf(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Applies CSRF protection for any HTTP method other than GET, HEAD, or OPTIONS.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - CSRF_PARAMETER
```
public static final String CSRF_PARAMETER
```
    See Also:
    
    Constant Field Values
  - CSRF_SESSION_TOKEN
```
public static final String CSRF_SESSION_TOKEN
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CsrfValidator
```
public CsrfValidator()
```
- Method Detail
  - validateCsrf
```
public static boolean validateCsrf(javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response)
```
    Applies CSRF protection for any HTTP method other than GET, HEAD, or OPTIONS.
    
    Parameters:
    
    request - the http request to check
    
    response - the http response associated with the given request
    
    Returns:
    
    true if the request validated successfully, false otherwise. If false is returned, calling code should act immediately to terminate any additional work performed on the response.
  - getSessionToken
```
public static String getSessionToken(javax.servlet.http.HttpServletRequest request)
```
    Retrieve the CSRF token that is associated with the session for the given request, or null if the session has none.
    
    Parameters:
    
    request - the request to check the session for the CSRF token
    
    Returns:
    
    the CSRF token on the request's session, or null if the session has none
  - getRequestToken
```
public static String getRequestToken(javax.servlet.http.HttpServletRequest request)
```
    Retrieve the CSRF token parameter that is on the given request, or null if the request has none.
    
    Parameters:
    
    request - the request to check for the CSRF token parameter
    
    Returns:
    
    the CSRF token parameter on the request, or null if the request has none

Class CsrfValidator

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CSRF_PARAMETER

CSRF_SESSION_TOKEN

Constructor Detail

CsrfValidator

Method Detail

validateCsrf

getSessionToken

getRequestToken