com.zfabrik.util.microweb.actions.XSRFGate

All Implemented Interfaces:: IAction

public class XSRFGate extends Object implements IAction

In order to block Cross-Site Request Forgery attacks, we require that a request provides the current session id as a parameter by the name jsessionid. This blocks attackers that send GETs or POSTs to foreign domain from invoking an action.

Field Summary

Fields

Modifier and Type

Field

Description

static final String[]

XSRF_COOKIES

static final String

XSRF_PASSKEY
Constructor Summary

Constructors

Constructor

Description

XSRFGate(IAction wrapped)
Method Summary

Modifier and Type

Method

Description

static OutCome

check(jakarta.servlet.http.HttpServletRequest req, String passkey)

OutCome

handle(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- XSRF_COOKIES
  
  public static final String[] XSRF_COOKIES
- XSRF_PASSKEY
  
  public static final String XSRF_PASSKEY
  See Also:
  
  Constant Field Values
Constructor Details
- XSRFGate
  
  public XSRFGate(IAction wrapped)
Method Details
- handle
  
  public OutCome handle(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws jakarta.servlet.ServletException, IOException
  
  Specified by:
  
  handle in interface IAction
  
  Throws:
  
  jakarta.servlet.ServletException
  
  IOException
- check
  
  public static OutCome check(jakarta.servlet.http.HttpServletRequest req, String passkey)

Class XSRFGate

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

XSRF_COOKIES

XSRF_PASSKEY

Constructor Details

XSRFGate

Method Details

handle

check