Interface XsrfTokenService
- All Known Implementing Classes:
DefaultXsrfTokenService
public interface XsrfTokenService
Service for generating and validating XSRF tokens for any given request.
Tokens are retrieved from the request parameter REQUEST_PARAM_NAME
Requests which have the header OVERRIDE_HEADER_NAME equal to OVERRIDE_HEADER_VALUE will be
exempt from token validation.
- Since:
- 5.1.4
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptiongenerateValidToken(javax.servlet.http.HttpServletRequest request) Generate and bind a token pair to the session.default booleanhasValidToken(javax.servlet.http.HttpServletRequest request) validateToken(javax.servlet.http.HttpServletRequest request) Validate if the given request contains the token bound to the request's session.
-
Field Details
-
REQUEST_PARAM_NAME
- See Also:
-
OVERRIDE_HEADER_NAME
- See Also:
-
OVERRIDE_HEADER_VALUE
- See Also:
-
-
Method Details
-
generateValidToken
Generate and bind a token pair to the session.- Parameters:
request- the request used to identify the session, will be created if none is present- Returns:
- a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part
- Since:
- 8.9
-
validateToken
Validate if the given request contains the token bound to the request's session.- Parameters:
request- the request used to identify the session and containing the token parameter- Returns:
- maybe error messages, thus
!Optional.isPresent()indicates a successful flow - Since:
- 7.0.1
-
hasValidToken
default boolean hasValidToken(javax.servlet.http.HttpServletRequest request) - Since:
- 8.9
-