public static class CsrfFilter.Builder extends Object
Modifier and Type | Method and Description |
---|---|
CsrfFilter |
build()
Builds the CSRF filter with the configured settings.
|
CsrfFilter.Builder |
excludeMethods(String... httpMethods)
Excludes a HTTP method from the CSRF filter.
|
CsrfFilter.Builder |
excludePaths(Collection<String> paths)
Excludes the paths from the CSRF filter.
|
CsrfFilter.Builder |
excludePaths(String... paths)
Excludes a path from the CSRF filter.
|
CsrfFilter.Builder |
excludePathsStarting(Collection<String> pathPrefixes)
Excludes paths starting with the given prefixes from the CSRF filter.
|
CsrfFilter.Builder |
excludePathsStarting(String... pathPrefixes)
Excludes paths starting with the given prefixes from the CSRF filter.
|
CsrfFilter.Builder |
excludeRequests(Predicate<Request> predicate)
Excludes requests that match the given predicate from the CSRF filter.
|
CsrfFilter.Builder |
excludeRequests(Predicate<Request> predicate,
String description)
Excludes requests that match the given predicate from the CSRF filter.
|
CsrfFilter.Builder |
excludeSafeMethods()
Excludes HTTP safe methods
that are usually not susceptible to CSRF attacks:
GET , HEAD , and OPTIONS . |
CsrfFilter.Builder |
failureHandler(Handler failureHandler)
Add a handler which will be responsible of creating a response in case of missing/wrong CSRF token.
|
CsrfFilter.Builder |
tokenHeader(String csrfTokenHeader)
Sets the header to use to receive the anti-CSRF token.
|
String |
toString() |
public CsrfFilter.Builder tokenHeader(String csrfTokenHeader)
csrfTokenHeader
- the header to use for the CSRF token.public CsrfFilter.Builder excludeRequests(Predicate<Request> predicate)
predicate
- the predicate to test the request.public CsrfFilter.Builder excludeRequests(Predicate<Request> predicate, String description)
predicate
- the predicate to test the request.description
- a description for the predicate used in debug logging.public CsrfFilter.Builder excludeMethods(String... httpMethods)
httpMethods
- http methods to exclude from the CSRF filter checks.public CsrfFilter.Builder excludeSafeMethods()
GET
, HEAD
, and OPTIONS
. Note: we
do not exclude TRACE
methods by default due to the risk of
Cross-Site Tracing.public CsrfFilter.Builder excludePaths(String... paths)
paths
- the paths to exclude from the CSRF filter.public CsrfFilter.Builder excludePaths(Collection<String> paths)
paths
- the paths to exclude from the CSRF filter.public CsrfFilter.Builder excludePathsStarting(String... pathPrefixes)
pathPrefixes
- the path prefixes to exclude from the CSRF filter.public CsrfFilter.Builder excludePathsStarting(Collection<String> pathPrefixes)
pathPrefixes
- the path prefixes to exclude from the CSRF filter.public CsrfFilter.Builder failureHandler(Handler failureHandler)
failureHandler
- the handler to call in case of CSRF filter failure.public CsrfFilter build()
Copyright 2011-2017 ForgeRock AS.