Package jakarta.mvc.security

Interface Csrf

public interface Csrf

Cross Site Request Forgery (CSRF) interface with access to the CSRF header name and the CSRF token value. Implementations of this interface are injectable and accessible from EL via the MvcContext class as mvc.csrf.

Since:

1.0

Author:

Santiago Pericas-Geertsen, Christian Kaltepoth

See Also:

CsrfProtected

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	Csrf.CsrfOptions	Options for property CSRF_PROTECTION.

Field Summary

Fields

Modifier and Type	Field	Description
static String	CSRF_HEADER_NAME	Property that can be used to configure the name of the HTTP header used for the CSRF token.
static String	CSRF_PROTECTION	Property that can be used to globally enable CSRF protection for an application.
static String	DEFAULT_CSRF_HEADER_NAME	The default value for CSRF_HEADER_NAME.

Method Summary

Modifier and Type	Method	Description
String	getName()	Returns the name of the CSRF form field or HTTP request header.
String	getToken()	Returns the value of the CSRF token.

Field Detail

CSRF_PROTECTION

static final String CSRF_PROTECTION

Property that can be used to globally enable CSRF protection for an application. Values of this property must be of type Csrf.CsrfOptions.

See Also:

Constant Field Values

CSRF_HEADER_NAME

static final String CSRF_HEADER_NAME

Property that can be used to configure the name of the HTTP header used for the CSRF token.

See Also:

Constant Field Values

DEFAULT_CSRF_HEADER_NAME

static final String DEFAULT_CSRF_HEADER_NAME

The default value for CSRF_HEADER_NAME.

See Also:

Constant Field Values

Method Detail

getName

String getName()

Returns the name of the CSRF form field or HTTP request header. This name is typically a constant.

Returns:

name of CSRF header.

getToken

String getToken()

Returns the value of the CSRF token.

Returns:

value of CSRF token.