Package io.github.jirkasa.csrfprotection

Class CSRFProtection

java.lang.Object
io.github.jirkasa.servletrouter.Middleware<javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse>
io.github.jirkasa.servletrouter.HttpMiddleware
io.github.jirkasa.csrfprotection.CSRFProtection
All Implemented Interfaces:
io.github.jirkasa.servletrouter.Handler<javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse>
public abstract class CSRFProtection extends io.github.jirkasa.servletrouter.HttpMiddleware
Middleware for CSRF protection. It generates a CSRF token for each session and sets it as an attribute for each request. It also checks that correct CSRF token has been passed for CSRF protected HTTP methods. By default POST, PUT, PATCH and DELETE methods are set as CSRF protected. This can be changed by passing array of HTTP methods to constructor. Name of CSRF token attribute is by default "CSRF_TOKEN", but that can also be changed by passing name to constructor.

  • Constructor Summary

    Constructors
    Constructor
    Description
    CSRFProtection()
    Creates new CSRF protection middleware (protected methods are POST, PUT, PATCH and DELETE; name of CSRF attribute is "CSRF_TOKEN").
    CSRFProtection(String csrfTokenAttributeName)
    Creates new CSRF protection middleware (protected methods are POST, PUT, PATCH and DELETE).
    CSRFProtection(String[] protectedMethods)
    Creates new CSRF protection middleware (name of CSRF attribute is "CSRF_TOKEN").
    CSRFProtection(String csrfTokenAttributeName, String[] protectedMethods)
    Creates new CSRF protection middleware.

  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    generateToken()
     
    boolean
    handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
     
    abstract void
    handleError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Handles request sent with no or bad CSRF token.

    Methods inherited from class io.github.jirkasa.servletrouter.Middleware

    getPathParam, matchesFullPath, setPathParams

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CSRFProtection

      public CSRFProtection()
      Creates new CSRF protection middleware (protected methods are POST, PUT, PATCH and DELETE; name of CSRF attribute is "CSRF_TOKEN").

    • CSRFProtection

      public CSRFProtection(String csrfTokenAttributeName)
      Creates new CSRF protection middleware (protected methods are POST, PUT, PATCH and DELETE).
      Parameters:
      csrfTokenAttributeName - Name of CSRF token attribute.

    • CSRFProtection

      public CSRFProtection(String[] protectedMethods)
      Creates new CSRF protection middleware (name of CSRF attribute is "CSRF_TOKEN").
      Parameters:
      protectedMethods - HTTP methods to be protected.

    • CSRFProtection

      public CSRFProtection(String csrfTokenAttributeName, String[] protectedMethods)
      Creates new CSRF protection middleware.
      Parameters:
      csrfTokenAttributeName - Name of CSRF token attribute.
      protectedMethods - HTTP methods to be protected.

  • Method Details

    • handle

      public boolean handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Exception
      Throws:
      Exception

    • handleError

      public abstract void handleError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Exception
      Handles request sent with no or bad CSRF token.
      Parameters:
      request - Request.
      response - Response.
      Throws:
      Exception

    • generateToken

      public static String generateToken() throws NoSuchAlgorithmException
      Throws:
      NoSuchAlgorithmException