Package org.forgerock.openig.filter

Class CsrfFilterHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.filter.CsrfFilterHeaplet

All Implemented Interfaces:

Heaplet

public class CsrfFilterHeaplet
extends GenericHeaplet

Creates and initializes a CsrfFilter supporting the injection and validation of an anti-CSRF token in the request header.

The CsrfFilterHeaplet has the following configuration:

 {
      "type": "CsrfFilter",
      "config": {
        "cookieName"            : string       [REQUIRED - the session cookie name. ]
        "headerName"            : string       [OPTIONAL - the header used to receive the anti-CSRF token.
                                                  Defaults to "X-CSRF-Token". ]
        "excludeSafeMethods"    : boolean      [OPTIONAL - Whether or not exclude GET, HEAD and OPTION methods.
                                                  Defaults to "true". ]
        "failureHandler"        : Handler      [OPTIONAL - A handler to call when CSRF check fails.
                                                  Defaults to an empty 403 response. ]
      }
 }
 
 

See Also:

• CsrfFilter for more details.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	NAME	Public name used by resolver.

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
CsrfFilterHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

NAME

public static final String NAME

Public name used by resolver.

See Also:

• Constant Field Values

Constructor Details

CsrfFilterHeaplet

public CsrfFilterHeaplet()

Method Details

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.