Example usage for org.springframework.security.web.csrf InvalidCsrfTokenException InvalidCsrfTokenException

List of usage examples for org.springframework.security.web.csrf InvalidCsrfTokenException InvalidCsrfTokenException

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.csrf.*
  5. InvalidCsrfTokenException
  6. InvalidCsrfTokenException

Introduction

In this page you can find the example usage for org.springframework.security.web.csrf InvalidCsrfTokenException InvalidCsrfTokenException.

Prototype

public InvalidCsrfTokenException(CsrfToken expectedAccessToken, String actualAccessToken)

Source Link

Usage

From source file:cn.imethan.common.security.filter.CsrfFilter.java

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
        FilterChain filterChain) throws ServletException, IOException {
    CsrfToken csrfToken = tokenRepository.loadToken(request);
    final boolean missingToken = csrfToken == null;
    if (missingToken) {
        CsrfToken generatedToken = tokenRepository.generateToken(request);
        csrfToken = new SaveOnAccessCsrfToken(tokenRepository, request, response, generatedToken);
    }// w  w w  . jav  a  2s .  co  m
    request.setAttribute(CsrfToken.class.getName(), csrfToken);
    request.setAttribute(csrfToken.getParameterName(), csrfToken);

    if (!requireCsrfProtectionMatcher.matches(request)) {
        filterChain.doFilter(request, response);
        return;
    }

    String actualToken = request.getHeader(csrfToken.getHeaderName());
    if (actualToken == null) {
        actualToken = request.getParameter(csrfToken.getParameterName());
    }
    if (!csrfToken.getToken().equals(actualToken)) {
        if (logger.isDebugEnabled()) {
            logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request));
        }
        if (missingToken) {
            accessDeniedHandler.handle(request, response, new MissingCsrfTokenException(actualToken));
        } else {
            accessDeniedHandler.handle(request, response,
                    new InvalidCsrfTokenException(csrfToken, actualToken));
        }
        return;
    }

    filterChain.doFilter(request, response);
}

From source file:org.springframework.security.web.csrf.CsrfFilter.java

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
        FilterChain filterChain) throws ServletException, IOException {
    request.setAttribute(HttpServletResponse.class.getName(), response);

    CsrfToken csrfToken = this.tokenRepository.loadToken(request);
    final boolean missingToken = csrfToken == null;
    if (missingToken) {
        csrfToken = this.tokenRepository.generateToken(request);
        this.tokenRepository.saveToken(csrfToken, request, response);
    }//from   w w  w  . j  av  a  2s.  com
    request.setAttribute(CsrfToken.class.getName(), csrfToken);
    request.setAttribute(csrfToken.getParameterName(), csrfToken);

    if (!this.requireCsrfProtectionMatcher.matches(request)) {
        filterChain.doFilter(request, response);
        return;
    }

    String actualToken = request.getHeader(csrfToken.getHeaderName());
    if (actualToken == null) {
        actualToken = request.getParameter(csrfToken.getParameterName());
    }
    if (!csrfToken.getToken().equals(actualToken)) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request));
        }
        if (missingToken) {
            this.accessDeniedHandler.handle(request, response, new MissingCsrfTokenException(actualToken));
        } else {
            this.accessDeniedHandler.handle(request, response,
                    new InvalidCsrfTokenException(csrfToken, actualToken));
        }
        return;
    }

    filterChain.doFilter(request, response);
}