public class CsrfFilterHeaplet extends GenericHeaplet
CsrfFilter
supporting the injection and validation of an anti-CSRF token
in the request header.
The CsrfFilterHeaplet
has the following configuration:
{
"type": "CsrfFilter",
"config": {
"cookieName" : string [REQUIRED - the session cookie name. ]
"headerName" : string [OPTIONAL - the header used to receive the anti-CSRF token.
Defaults to "X-CSRF-Token". ]
"excludeSafeMethods" : boolean [OPTIONAL - Whether or not exclude GET, HEAD and OPTION methods.
Defaults to "true". ]
"failureHandler" : Handler [OPTIONAL - A handler to call when CSRF check fails.
Defaults to an empty 403 response. ]
}
}
CsrfFilter for more details.
Constructor and Description |
---|
CsrfFilterHeaplet() |
Modifier and Type | Method and Description |
---|---|
Object |
create()
Called to request the heaplet create an object.
|
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start
public Object create() throws HeapException
GenericHeaplet
Heaplet.create(Name, JsonValue, Heap)
after initializing
the protected field members. Implementations should parse configuration
but not acquire resources, start threads, or log any initialization
messages. These tasks should be performed by the GenericHeaplet.start()
method.create
in class GenericHeaplet
HeapException
- if an exception occurred during creation of the heap object
or any of its dependencies.Copyright 2011-2017 ForgeRock AS.