Module jakarta.mvc

Interface Csrf


public interface Csrf
Cross Site Request Forgery (CSRF) interface with access to the CSRF header name and the CSRF token value. Implementations of this interface are injectable and accessible from EL via the MvcContext class as mvc.csrf.
Since:
1.0
See Also:
  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static enum 
    Options for property CSRF_PROTECTION.
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    Property that can be used to configure the name of the HTTP header used for the CSRF token.
    static final String
    Property that can be used to globally enable CSRF protection for an application.
    static final String
    The default value for CSRF_HEADER_NAME.
  • Method Summary

    Modifier and Type
    Method
    Description
    Returns the name of the CSRF form field or HTTP request header.
    Returns the value of the CSRF token.
  • Field Details

  • Method Details

    • getName

      String getName()
      Returns the name of the CSRF form field or HTTP request header. This name is typically a constant.
      Returns:
      name of CSRF header.
    • getToken

      String getToken()
      Returns the value of the CSRF token.
      Returns:
      value of CSRF token.