Package com.cksource.ckfinder.http.request

Class DoubleSubmitCookieCsrfTokenValidator

java.lang.Object

com.cksource.ckfinder.http.request.DoubleSubmitCookieCsrfTokenValidator

All Implemented Interfaces:

CsrfTokenValidator

@Component
public class DoubleSubmitCookieCsrfTokenValidator
extends Object
implements CsrfTokenValidator

Application scoped CSRF token validator service.

Constructor Summary

Constructors

Constructor	Description
DoubleSubmitCookieCsrfTokenValidator()

Method Summary

Modifier and Type	Method	Description
protected static String	getCookieValue(HttpServletRequest request, String name)	Returns the value of cookie with given name.
boolean	isValidRequest(HttpServletRequest request)	Checks if the request contains a valid CSRF token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DoubleSubmitCookieCsrfTokenValidator

public DoubleSubmitCookieCsrfTokenValidator()

Method Details

isValidRequest

public boolean isValidRequest(HttpServletRequest request)

Checks if the request contains a valid CSRF token.

Some requests pass data as JSON. In this case token might be passed as request attribute.

Specified by:

isValidRequest in interface CsrfTokenValidator

Parameters:

request - current HTTP request

Returns:

true if the CSRF token is valid, false otherwise.

See Also:

• JsonDataResolver

getCookieValue

protected static String getCookieValue(HttpServletRequest request,
 String name)

Returns the value of cookie with given name.

Parameters:

request - current HTTP request

name - cookie name

Returns:

cookie value or null