Package org.kuali.rice.krad.util

Class CsrfValidator

java.lang.Object
org.kuali.rice.krad.util.CsrfValidator
public final class CsrfValidator extends Object
Simple utility class that will validate the given request to determine if it has any required CSRF information, setting appropriate response errors if not.
Author:
Eric Westfall

  • Field Details

  • Method Details

    • validateCsrf

      public static boolean validateCsrf(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Applies CSRF protection for any HTTP method other than GET, HEAD, or OPTIONS.
      Parameters:
      request - the http request to check
      response - the http response associated with the given request
      Returns:
      true if the request validated successfully, false otherwise. If false is returned, calling code should act immediately to terminate any additional work performed on the response.

    • getSessionToken

      public static String getSessionToken(javax.servlet.http.HttpServletRequest request)
      Retrieve the CSRF token that is associated with the session for the given request, or null if the session has none.
      Parameters:
      request - the request to check the session for the CSRF token
      Returns:
      the CSRF token on the request's session, or null if the session has none

    • getRequestToken

      public static String getRequestToken(javax.servlet.http.HttpServletRequest request)
      Retrieve the CSRF token parameter that is on the given request, or null if the request has none.
      Parameters:
      request - the request to check for the CSRF token parameter
      Returns:
      the CSRF token parameter on the request, or null if the request has none