Package net.shibboleth.idp.ui.csrf.impl

Class DefaultEventRequiresCSRFTokenValidationPredicate

java.lang.Object

net.shibboleth.idp.ui.csrf.BaseCSRFTokenPredicate

net.shibboleth.idp.ui.csrf.impl.DefaultEventRequiresCSRFTokenValidationPredicate

All Implemented Interfaces:

BiPredicate<RequestContext,Event>

public class DefaultEventRequiresCSRFTokenValidationPredicate
extends BaseCSRFTokenPredicate
implements BiPredicate<RequestContext,Event>

Default BiPredicate for determining if CSRF token validation should occur from a compatible request context and event. Guaranteed to be in a view-state when tested by the CSRFTokenFlowExecutionListener.

Returns true if the view-state and event requires CSRF token validation. More specifically, returns true iff the state definition does not contain a "csrf_excluded" metadata attribute with a value of true.

Note, as Spring Webflow does not distinguish between HTTP request methods, checking only for POST requests would lead to a bypass using a GET request. Hence HTTP method is not checked.

Field Summary

Fields inherited from class net.shibboleth.idp.ui.csrf.BaseCSRFTokenPredicate

CSRF_EXCLUDED_ATTRIBUTE_NAME

Constructor Summary

Constructors

Constructor	Description
DefaultEventRequiresCSRFTokenValidationPredicate()

Method Summary

Modifier and Type	Method	Description
boolean	test(RequestContext context, Event event)

Methods inherited from class net.shibboleth.idp.ui.csrf.BaseCSRFTokenPredicate

safeGetBooleanStateAttribute

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.util.function.BiPredicate

and, negate, or

Constructor Details

DefaultEventRequiresCSRFTokenValidationPredicate

public DefaultEventRequiresCSRFTokenValidationPredicate()

Method Details

test

public boolean test(@Nonnull
 RequestContext context,
 @Nonnull
 Event event)

Specified by:

test in interface BiPredicate<RequestContext,Event>