|
Play Framework/Scala example source code file (RequireCSRFCheckAction.java)
The RequireCSRFCheckAction.java Play Framework example source code/* * Copyright (C) 2009-2013 Typesafe Inc. <http://www.typesafe.com> */ package play.filters.csrf; import play.api.mvc.RequestHeader; import play.libs.F; import play.mvc.Action; import play.mvc.Http; import play.mvc.Result; import scala.Option; public class RequireCSRFCheckAction extends Action<RequireCSRFCheck> { private final String tokenName = CSRFConf$.MODULE$.TokenName(); private final Option<String> cookieName = CSRFConf$.MODULE$.CookieName(); private final CSRFAction$ CSRFAction = CSRFAction$.MODULE$; private final CSRF.TokenProvider tokenProvider = CSRFConf$.MODULE$.defaultTokenProvider(); @Override public F.Promise<Result> call(Http.Context ctx) throws Throwable { RequestHeader request = ctx._requestHeader(); // Check for bypass if (CSRFAction.checkCsrfBypass(request)) { return delegate.call(ctx); } else { // Get token from cookie/session Option<String> headerToken = CSRFAction.getTokenFromHeader(request, tokenName, cookieName); if (headerToken.isDefined()) { String tokenToCheck = null; // Get token from query string Option<String> queryStringToken = CSRFAction.getTokenFromQueryString(request, tokenName); if (queryStringToken.isDefined()) { tokenToCheck = queryStringToken.get(); } else { // Get token from body if (ctx.request().body().asFormUrlEncoded() != null) { String[] values = ctx.request().body().asFormUrlEncoded().get(tokenName); if (values != null && values.length > 0) { tokenToCheck = values[0]; } } else if (ctx.request().body().asMultipartFormData() != null) { String[] values = ctx.request().body().asMultipartFormData().asFormUrlEncoded().get(tokenName); if (values != null && values.length > 0) { tokenToCheck = values[0]; } } } if (tokenToCheck != null) { if (tokenProvider.compareTokens(tokenToCheck, headerToken.get())) { return delegate.call(ctx); } else { return F.Promise.pure(handleTokenError("CSRF tokens don't match")); } } else { return F.Promise.pure(handleTokenError("CSRF token not found in body or query string")); } } else { return F.Promise.pure(handleTokenError("CSRF token not found in session")); } } } private Result handleTokenError(String msg) throws Exception { CSRFErrorHandler handler = configuration.error().newInstance(); return handler.handle(msg); } } Other Play Framework source code examplesHere is a short list of links related to this Play Framework RequireCSRFCheckAction.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.