Package jakarta.mvc.security
Interface Csrf
-
public interface Csrf
Cross Site Request Forgery (CSRF) interface with access to the CSRF header name and the CSRF token value. Implementations of this interface are injectable and accessible from EL via theMvcContext
class asmvc.csrf
.- Since:
- 1.0
- Author:
- Santiago Pericas-Geertsen, Christian Kaltepoth
- See Also:
CsrfProtected
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
Csrf.CsrfOptions
Options for propertyCSRF_PROTECTION
.
-
Field Summary
Fields Modifier and Type Field Description static String
CSRF_HEADER_NAME
Property that can be used to configure the name of the HTTP header used for the CSRF token.static String
CSRF_PROTECTION
Property that can be used to globally enable CSRF protection for an application.static String
DEFAULT_CSRF_HEADER_NAME
The default value forCSRF_HEADER_NAME
.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description String
getName()
Returns the name of the CSRF form field or HTTP request header.String
getToken()
Returns the value of the CSRF token.
-
-
-
Field Detail
-
CSRF_PROTECTION
static final String CSRF_PROTECTION
Property that can be used to globally enable CSRF protection for an application. Values of this property must be of typeCsrf.CsrfOptions
.- See Also:
- Constant Field Values
-
CSRF_HEADER_NAME
static final String CSRF_HEADER_NAME
Property that can be used to configure the name of the HTTP header used for the CSRF token.- See Also:
- Constant Field Values
-
DEFAULT_CSRF_HEADER_NAME
static final String DEFAULT_CSRF_HEADER_NAME
The default value forCSRF_HEADER_NAME
.- See Also:
- Constant Field Values
-
-