net.shibboleth.idp.ui.csrf.impl (Shibboleth Identity Provider 4.3.0 API)

package net.shibboleth.idp.ui.csrf.impl

Implementation classes for cross-site request forgery mitigation.

Related Packages

Package

Description

net.shibboleth.idp.ui.csrf

APIs relating to cross-site request forgery mitigations.
Classes

Class

Description

CSRFTokenFlowExecutionListener

A flow execution lifecycle listener that, if enabled: Sets an anti-CSRF token into the view-scope map on rendering of a suitable view-state Checks the CSRF token in a HTTP request matches that stored in the view-scope map when a suitable view-state event occurs.

DefaultEventRequiresCSRFTokenValidationPredicate

Default BiPredicate for determining if CSRF token validation should occur from a compatible request context and event.

DefaultViewRequiresCSRFTokenPredicate

Default Predicate for determining if a CSRF token is required for the given request context.

SimpleCSRFToken

A default, immutable, implementation of a CSRFToken.