Examples with CSRF_COOKIE_NAVN no.nav.sbl.rest.RestUtils.CSRF_COOKIE_NAVN used on opensource projects

Search in sources :

Example 1 with CSRF_COOKIE_NAVN

use of no.nav.sbl.rest.RestUtils.CSRF_COOKIE_NAVN in project common-java-modules by navikt.

the class CsrfDoubleSubmitCookieFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    String path = request.getRequestURI().substring(request.getContextPath().length());
    if (stream(ignoredUrls).noneMatch(path::startsWith)) {
        if (ALLOWED_METHODS.contains(request.getMethod())) {
            if (request.getCookies() == null || stream(request.getCookies()).noneMatch(cookie -> cookie.getName().equals(CSRF_COOKIE_NAVN))) {
                response.addCookie(createCsrfProtectionCookie(request));
            }
        } else if (!cookieMatcherHeader(request)) {
            LOG.warn("Feil i CSRF-sjekk. " + "Bruker du dette filteret må du i frontend sørge for å sende med NAV_CSRF_PROTECTION-cookien som en header med navn NAV_CSRF_PROTECTION og verdien til cookien. " + "Er headeren satt? " + isNotBlank(request.getHeader(CSRF_COOKIE_NAVN)));
            response.sendError(SC_UNAUTHORIZED, "Mangler NAV_CSRF_PROTECTION-cookie!! Du må inkludere cookie-verdien i en header med navn NAV_CSRF_PROTECTION");
            return;
        }
    }
    filterChain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Logger(org.slf4j.Logger) HttpServletResponse(javax.servlet.http.HttpServletResponse) Set(java.util.Set) CSRF_COOKIE_NAVN(no.nav.sbl.rest.RestUtils.CSRF_COOKIE_NAVN) IOException(java.io.IOException) UUID(java.util.UUID) HashSet(java.util.HashSet) javax.servlet(javax.servlet) HttpServletRequest(javax.servlet.http.HttpServletRequest) Stream(java.util.stream.Stream) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) Arrays.asList(java.util.Arrays.asList) LoggerFactory.getLogger(org.slf4j.LoggerFactory.getLogger) Cookie(javax.servlet.http.Cookie) Arrays.stream(java.util.Arrays.stream) SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Aggregations

IOException (java.io.IOException)1 Arrays.asList (java.util.Arrays.asList)1 Arrays.stream (java.util.Arrays.stream)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 UUID (java.util.UUID)1 Stream (java.util.stream.Stream)1 javax.servlet (javax.servlet)1 Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 SC_UNAUTHORIZED (javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)1 CSRF_COOKIE_NAVN (no.nav.sbl.rest.RestUtils.CSRF_COOKIE_NAVN)1 StringUtils.isNotBlank (org.apache.commons.lang3.StringUtils.isNotBlank)1 Logger (org.slf4j.Logger)1 LoggerFactory.getLogger (org.slf4j.LoggerFactory.getLogger)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial