SpincastFormsCsrfProtectionFilterDefault (org.spincast:spincast-framework 1.1.0 API)

java.lang.Object
- org.spincast.plugins.formsprotection.csrf.SpincastFormsCsrfProtectionFilterDefault

All Implemented Interfaces:

SpincastFormsCsrfProtectionFilter
```
public class SpincastFormsCsrfProtectionFilterDefault
extends Object
implements SpincastFormsCsrfProtectionFilter
```
CSRF protection filter. Based on: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Field Summary

Fields
Modifier and Type Field and Description

protected org.slf4j.Logger logger

Fields
Modifier and Type	Field and Description
`protected org.slf4j.Logger`	`logger`

Constructor Summary

Constructors
Constructor and Description
`SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig, SpincastCryptoUtils spincastCryptoUtils, SpincastSessionManager spincastSessionManager, SpincastConfig spincastConfig, Dictionary dictionary)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected SpincastCsrfToken`	`createCsrfToken()`
`protected void`	`csrfDoesntMatchAction(RequestContext<?> context, String message)` What to do when the CSRF is not there or not valid? By default, throw a `PublicException` with an HTTP status code of `HttpStatus.SC_BAD_REQUEST` and a public message.
`SpincastCsrfToken`	`getCurrentCsrfToken()` Returns the current CSRF token to use Will be taken from the user session by default.
`SpincastCsrfToken`	`getCurrentCsrfToken(boolean createItIfNoneExists)`
`protected Dictionary`	`getDictionary()`
`protected SpincastConfig`	`getSpincastConfig()`
`protected SpincastCryptoUtils`	`getSpincastCryptoUtils()`
`protected SpincastFormsProtectionConfig`	`getSpincastFormsProtectionConfig()`
`protected SpincastSessionManager`	`getSpincastSessionManager()`
`void`	`handle(RequestContext<?> context)` Filter's handle main method.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

Constructor Detail

SpincastFormsCsrfProtectionFilterDefault

@Inject
public SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig,
                                                         SpincastCryptoUtils spincastCryptoUtils,
                                                         SpincastSessionManager spincastSessionManager,
                                                         SpincastConfig spincastConfig,
                                                         Dictionary dictionary)

Method Detail
- getSpincastFormsProtectionConfig
```
protected SpincastFormsProtectionConfig getSpincastFormsProtectionConfig()
```
- getSpincastCryptoUtils
```
protected SpincastCryptoUtils getSpincastCryptoUtils()
```
- getSpincastSessionManager
```
protected SpincastSessionManager getSpincastSessionManager()
```
- getSpincastConfig
```
protected SpincastConfig getSpincastConfig()
```
- getDictionary
```
protected Dictionary getDictionary()
```
- handle
```
public void handle(RequestContext<?> context)
            throws FormInvalidOriginException,
                   FormInvalidCsrfTokenException
```
  Description copied from interface: SpincastFormsCsrfProtectionFilter
  
  Filter's handle main method.
  
  Specified by:
  
  handle in interface SpincastFormsCsrfProtectionFilter
  
  Throws:
  
  FormInvalidOriginException - if the form was submitted from an invalid orgine.
  
  FormInvalidCsrfTokenException - if the form was submitted with an invalid CRSF token.
- getCurrentCsrfToken
```
public SpincastCsrfToken getCurrentCsrfToken()
```
  Description copied from interface: SpincastFormsCsrfProtectionFilter
  
  Returns the current CSRF token to use Will be taken from the user session by default.
  If there is none, a new one is created and save in the user's session! This will make the session being dirty and saved to the database.
  
  Specified by:
  
  getCurrentCsrfToken in interface SpincastFormsCsrfProtectionFilter
- getCurrentCsrfToken
```
public SpincastCsrfToken getCurrentCsrfToken(boolean createItIfNoneExists)
```
- createCsrfToken
```
protected SpincastCsrfToken createCsrfToken()
```
- csrfDoesntMatchAction
```
protected void csrfDoesntMatchAction(RequestContext<?> context,
                                     String message)
                              throws Exception
```
  What to do when the CSRF is not there or not valid? By default, throw a PublicException with an HTTP status code of HttpStatus.SC_BAD_REQUEST and a public message.
  
  Throws:
  
  Exception

Class SpincastFormsCsrfProtectionFilterDefault

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

logger

Constructor Detail

SpincastFormsCsrfProtectionFilterDefault

Method Detail

getSpincastFormsProtectionConfig

getSpincastCryptoUtils

getSpincastSessionManager

getSpincastConfig

getDictionary

handle

getCurrentCsrfToken

getCurrentCsrfToken

createCsrfToken

csrfDoesntMatchAction