Class CSRFTokenManager


@ThreadSafe public final class CSRFTokenManager extends Object
A thread-safe helper class for dealing with cross-site request forgery tokens.
  • Field Details

    • csrfParameterName

      @Nonnull private String csrfParameterName
      The name of the HTTP parameter that contains the anti-csrf token.
    • tokenGenerationStrategy

      @Nonnull private IdentifierGenerationStrategy tokenGenerationStrategy
      The strategy used to generate a CSRF token value.
    • csrfTokenValidationPredicate

      @Nonnull private BiPredicate<CSRFToken,String> csrfTokenValidationPredicate
      Predicate to validate the CSRF token.
  • Constructor Details

  • Method Details

    • setTokenGenerationStrategy

      public void setTokenGenerationStrategy(@Nonnull IdentifierGenerationStrategy tokenStrategy)
      Set the CSRF token generation strategy.
      tokenStrategy - CSRF token generation strategy
    • setCsrfTokenValidationPredicate

      public void setCsrfTokenValidationPredicate(@Nonnull BiPredicate<CSRFToken,String> tokenValidationPredicate)
      Set the CSRF token validation predicate.
      tokenValidationPredicate - the CSRF token validation predicate.
    • setCsrfParameterName

      public void setCsrfParameterName(@Nonnull @NotEmpty String parameterName)
      Set the CSRF HTTP parameter name.
      parameterName - CSRF parameter name
    • generateCSRFToken

      @Nonnull public CSRFToken generateCSRFToken()
      Generate a CSRFToken using the token generation strategy derived token value. Set the HTTP parameter name from the csrfParameterName field.
      a CSRF token
    • isValidCSRFToken

      public boolean isValidCSRFToken(@Nullable CSRFToken csrfToken, @Nullable String requestCsrfToken)
      Check the CSRF token matches the CSRF token in the request using the csrfTokenValidationPredicate.
      csrfToken - the server side CSRF token.
      requestCsrfToken - the CSRF token from the request.
      true iff the CSRF token value matches the request CSRF token. False if they do not match.