Package org.apache.nifi.web.security.csrf

Class StandardCookieCsrfTokenRepository

java.lang.Object

org.apache.nifi.web.security.csrf.StandardCookieCsrfTokenRepository

All Implemented Interfaces:

org.springframework.security.web.csrf.CsrfTokenRepository

public class StandardCookieCsrfTokenRepository
extends Object
implements org.springframework.security.web.csrf.CsrfTokenRepository

Standard implementation of CSRF Token Repository using stateless Spring Security double-submit cookie strategy

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static class	StandardCookieCsrfTokenRepository.CsrfApplicationCookieService

Field Summary

Fields

Modifier and Type	Field	Description
private static final ApplicationCookieService	applicationCookieService
private static final String	REQUEST_PARAMETER

Constructor Summary

Constructors

Constructor	Description
StandardCookieCsrfTokenRepository()

Method Summary

Modifier and Type	Method	Description
private String	generateRandomToken()
org.springframework.security.web.csrf.CsrfToken	generateToken(jakarta.servlet.http.HttpServletRequest httpServletRequest)	Generate CSRF Token or return current Token when present in HTTP Servlet Request Cookie header
private org.springframework.security.web.csrf.CsrfToken	getCsrfToken(String token)
org.springframework.security.web.csrf.CsrfToken	loadToken(jakarta.servlet.http.HttpServletRequest httpServletRequest)	Load CSRF Token from HTTP Servlet Request Cookie header
void	saveToken(org.springframework.security.web.csrf.CsrfToken csrfToken, jakarta.servlet.http.HttpServletRequest httpServletRequest, jakarta.servlet.http.HttpServletResponse httpServletResponse)	Save CSRF Token in HTTP Servlet Response using defaults that allow JavaScript read for session cookies

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.web.csrf.CsrfTokenRepository

loadDeferredToken

Field Details

REQUEST_PARAMETER

private static final String REQUEST_PARAMETER

See Also:

• Constant Field Values

applicationCookieService

private static final ApplicationCookieService applicationCookieService

Constructor Details

StandardCookieCsrfTokenRepository

public StandardCookieCsrfTokenRepository()

Method Details

generateToken

public org.springframework.security.web.csrf.CsrfToken generateToken(jakarta.servlet.http.HttpServletRequest httpServletRequest)

Generate CSRF Token or return current Token when present in HTTP Servlet Request Cookie header

Specified by:

generateToken in interface org.springframework.security.web.csrf.CsrfTokenRepository

Parameters:

httpServletRequest - HTTP Servlet Request

Returns:

CSRF Token

saveToken

public void saveToken(org.springframework.security.web.csrf.CsrfToken csrfToken,
 jakarta.servlet.http.HttpServletRequest httpServletRequest,
 jakarta.servlet.http.HttpServletResponse httpServletResponse)

Save CSRF Token in HTTP Servlet Response using defaults that allow JavaScript read for session cookies

Specified by:

saveToken in interface org.springframework.security.web.csrf.CsrfTokenRepository

Parameters:

csrfToken - CSRF Token to be saved or null indicated the token should be removed

httpServletRequest - HTTP Servlet Request

httpServletResponse - HTTP Servlet Response

loadToken

public org.springframework.security.web.csrf.CsrfToken loadToken(jakarta.servlet.http.HttpServletRequest httpServletRequest)

Load CSRF Token from HTTP Servlet Request Cookie header

Specified by:

loadToken in interface org.springframework.security.web.csrf.CsrfTokenRepository

Parameters:

httpServletRequest - HTTP Servlet Request

Returns:

CSRF Token or null when Cookie header not found

getCsrfToken

private org.springframework.security.web.csrf.CsrfToken getCsrfToken(String token)

generateRandomToken

private String generateRandomToken()