CSRFInterceptor (Bennu Spring 6.0.5-FORK API)

java.lang.Object
- org.fenixedu.bennu.spring.security.CSRFInterceptor

All Implemented Interfaces:

org.springframework.web.servlet.HandlerInterceptor
```
public class CSRFInterceptor
extends Object
implements org.springframework.web.servlet.HandlerInterceptor
```
Interceptor to prevent CSRF attacks on POST, PUT and DELETE methods. Individual controller methods may choose to bypass this verification by annotating the method with SkipCSRF. It will check that any request in the matching conditions contains a CSRFToken associated with it, either by providing a request parameter or header. A token may be obtained via the CSRFTokenRepository.getToken(HttpServletRequest) method.

Author:

João Carvalho (joao.pedro.carvalho@tecnico.ulisboa.pt)

See Also:

CSRFToken, CSRFTokenRepository

Constructor Summary

Constructors
Constructor and Description

CSRFInterceptor(CSRFTokenRepository tokenBean)

Constructors
Constructor and Description
`CSRFInterceptor(CSRFTokenRepository tokenBean)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`afterCompletion(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object handler, Exception ex)`
`void`	`postHandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object handler, org.springframework.web.servlet.ModelAndView modelAndView)`
`boolean`	`preHandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object handler)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CSRFInterceptor

public CSRFInterceptor(CSRFTokenRepository tokenBean)

Method Detail

preHandle

public boolean preHandle(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         Object handler)
                  throws Exception

Specified by:: preHandle in interface org.springframework.web.servlet.HandlerInterceptor
Throws:: Exception

postHandle

public void postHandle(javax.servlet.http.HttpServletRequest request,
                       javax.servlet.http.HttpServletResponse response,
                       Object handler,
                       org.springframework.web.servlet.ModelAndView modelAndView)
                throws Exception

Specified by:: postHandle in interface org.springframework.web.servlet.HandlerInterceptor
Throws:: Exception

afterCompletion

public void afterCompletion(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response,
                            Object handler,
                            Exception ex)
                     throws Exception

Specified by:: afterCompletion in interface org.springframework.web.servlet.HandlerInterceptor
Throws:: Exception

Class CSRFInterceptor

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CSRFInterceptor

Method Detail

preHandle

postHandle

afterCompletion