public class CsrfHandler extends Object implements Route.Filter
{ use("*", new CsrfHandler()); }
This filter require a token on POST
, PUT
, PATCH
and
DELETE
requests. A custom policy might be provided via:
requireTokenOn(Predicate)
.
Default token generator, use a UUID.randomUUID()
. A custom token generator might be
provided via: tokenGen(Function)
.
Default token name is: csrf
. If you want to use a different name, just pass the name
to the CsrfHandler(String)
constructor.
The CsrfHandler
handler will read an existing token from Session
(or created a new one
is necessary) and make available as a request local variable via:
Request.set(String, Object)
.
If the incoming request require a token verification, it will extract the token from:
If the extracted token doesn't match the existing token (from Session
) a 403
will be thrown.
Constructor and Description |
---|
CsrfHandler()
Creates a new
CsrfHandler and use csrf as token name. |
CsrfHandler(String name)
Creates a new
CsrfHandler handler and use the given name to save the token in the
Session and or extract the token from incoming requests. |
Modifier and Type | Method and Description |
---|---|
void |
handle(Request req,
Response rsp,
Route.Chain chain)
The
handle method of the Filter is called by the server each time a
request/response pair is passed through the chain due to a client request for a resource at
the end of the chain. |
CsrfHandler |
requireTokenOn(Predicate<Request> requireToken)
Decided whenever or not an incoming request require token verification.
|
CsrfHandler |
tokenGen(Function<Request,String> generator)
Set a custom token generator.
|
public CsrfHandler(String name)
CsrfHandler
handler and use the given name to save the token in the
Session
and or extract the token from incoming requests.name
- Token's name.public CsrfHandler()
CsrfHandler
and use csrf
as token name.public CsrfHandler tokenGen(Function<Request,String> generator)
UUID.randomUUID()
.generator
- A custom token generator.public CsrfHandler requireTokenOn(Predicate<Request> requireToken)
POST
, PUT
, PATCH
and
DELETE
requests.requireToken
- Predicate to use.public void handle(Request req, Response rsp, Route.Chain chain) throws Exception
Route.Filter
handle
method of the Filter is called by the server each time a
request/response pair is passed through the chain due to a client request for a resource at
the end of the chain.
The Route.Chain
passed in to this method allows the Filter to pass on the request and
response to the next entity in the chain.
A typical implementation of this method would follow the following pattern:
Route.Chain
object (chain.next(req, rsp)
),handle
in interface Route.Filter
req
- A HTTP request.rsp
- A HTTP response.chain
- A route chain.Exception
- If something goes wrong.Copyright © 2016. All rights reserved.