Package net.shibboleth.idp.ui.csrf.impl
Implementation classes for cross-site request forgery mitigation.
-
Class Summary Class Description CSRFTokenFlowExecutionListener A flow execution lifecycle listener that, if enabled: Sets an anti-CSRF token into the view-scope map on rendering of a suitable view-state Checks the CSRF token in a HTTP request matches that stored in the view-scope map when a suitable view-state event occurs.DefaultEventRequiresCSRFTokenValidationPredicate DefaultBiPredicatefor determining if CSRF token validation should occur from a compatible request context and event.DefaultViewRequiresCSRFTokenPredicate DefaultPredicatefor determining if a CSRF token is required for the given request context.SimpleCSRFToken A default, immutable, implementation of aCSRFToken.