Package org.pac4j.core.authorization.authorizer

Class CsrfAuthorizer

java.lang.Object
org.pac4j.core.authorization.authorizer.CsrfAuthorizer
All Implemented Interfaces:
Authorizer
public class CsrfAuthorizer extends Object implements Authorizer
Authorizer that checks CSRF tokens.
Since:
1.8.0
Author:
Jerome Leleu

  • Constructor Details

    • CsrfAuthorizer

      public CsrfAuthorizer()

      Constructor for CsrfAuthorizer.

    • CsrfAuthorizer

      public CsrfAuthorizer(String parameterName, String headerName)

      Constructor for CsrfAuthorizer.

      Parameters:
      parameterName - a String object
      headerName - a String object

    • CsrfAuthorizer

      public CsrfAuthorizer(String parameterName, String headerName, boolean checkAllRequests)

      Constructor for CsrfAuthorizer.

      Parameters:
      parameterName - a String object
      headerName - a String object
      checkAllRequests - a boolean

  • Method Details

    • isAuthorized

      public boolean isAuthorized(WebContext context, SessionStore sessionStore, List<UserProfile> profiles)
      Checks if the user profiles and / or the current web context are authorized.
      Specified by:
      isAuthorized in interface Authorizer
      Parameters:
      context - the web context
      sessionStore - the session store
      profiles - the user profiles
      Returns:
      if the access is authorized

    • hashEquals

      protected boolean hashEquals(String a, String b)

      hashEquals.

      Parameters:
      a - a String object
      b - a String object
      Returns:
      a boolean