Module io.inverno.mod.security.http
Package io.inverno.mod.security.http.csrf

Class CSRFDoubleSubmitCookieInterceptor.Builder

java.lang.Object
io.inverno.mod.security.http.csrf.CSRFDoubleSubmitCookieInterceptor.Builder
Enclosing class:
CSRFDoubleSubmitCookieInterceptor<A extends ExchangeContext,B extends Exchange<A>>
public static class CSRFDoubleSubmitCookieInterceptor.Builder extends Object

A CSRF double submit cookie interceptor builder.

Since:
1.5
Author:
Jeremy Kuhn

  • Field Details

    • cookieName

      protected String cookieName
      The cookie name.

    • headerName

      protected String headerName
      The header name.

    • parameterName

      protected String parameterName
      The parameter name.

    • maxAge

      protected Integer maxAge
      The CSRF token cookie max age parameter.

    • domain

      protected String domain
      The CSRF token cookie domain parameter.

    • path

      protected String path
      The CSRF token cookie path parameter.

    • secure

      protected Boolean secure
      The CSRF token cookie secure parameter.

    • httpOnly

      protected Boolean httpOnly
      The CSRF token cookie httpOnly parameter.

  • Constructor Details

    • Builder

      protected Builder()

      Creates a CSRF double submit cookie interceptor builder.

  • Method Details

    • cookieName

      public CSRFDoubleSubmitCookieInterceptor.Builder cookieName(String cookieName)

      Specifies the name of the CSRF token cookie.

      Parameters:
      cookieName - a cookie name
      Returns:
      this builder

    • headerName

      public CSRFDoubleSubmitCookieInterceptor.Builder headerName(String headerName)

      Specifies the name of the CSRF token header.

      Parameters:
      headerName - a header name
      Returns:
      this builder

    • parameterName

      public CSRFDoubleSubmitCookieInterceptor.Builder parameterName(String parameterName)

      Specifies the name of the CSRF token parameter.

      Parameters:
      parameterName - a parameter name
      Returns:
      this builder

    • maxAge

      public CSRFDoubleSubmitCookieInterceptor.Builder maxAge(int maxAge)

      Specifies the max age of the CSRF token cookie.

      Parameters:
      maxAge - a max age in seconds
      Returns:
      this builder

    • domain

      public CSRFDoubleSubmitCookieInterceptor.Builder domain(String domain)

      Specifies the domain of the CSRF token cookie.

      Parameters:
      domain - a domain
      Returns:
      this builder

    • path

      public CSRFDoubleSubmitCookieInterceptor.Builder path(String path)

      Specifies the path of the CSRF token cookie.

      Parameters:
      path - a path
      Returns:
      this builder

    • secure

      public CSRFDoubleSubmitCookieInterceptor.Builder secure(boolean secure)

      Specifies the secure flag of the CSRF token cookie.

      If not specified, this is enabled by default which is the recommended behaviour.

      Parameters:
      secure - true to create a secured cookie, false otherwise
      Returns:
      this builder

    • httpOnly

      public CSRFDoubleSubmitCookieInterceptor.Builder httpOnly(boolean httpOnly)

      Specifies the httpOnly flag of the CSRF token cookie.

      If not specified, this is enabled by default which is the recommended behaviour.

      You might need to set this to false when using JavaScript frameworks such as Angular, which requires to access the CSRF cookie token value in order to be able to send it in fetch calls in an HTTP header or a query parameter.

      Parameters:
      httpOnly - true to create an http only cookie, false otherwise
      Returns:
      this builder

    • build

      public <A extends ExchangeContext, B extends Exchange<A>> CSRFDoubleSubmitCookieInterceptor<A,B> build()

      Builds a CSRF double submit cookie interceptor.

      Type Parameters:
      A - the context type
      B - the exchange type
      Returns:
      a CSRF double submit cookie interceptor