Skip to content

Instantly share code, notes, and snippets.

@letenkov

letenkov/HttpHeaderCsrfTokenRepository.java

Created January 9, 2014 08:56
Show Gist options
  • Save letenkov/8331346 to your computer and use it in GitHub Desktop.
Save letenkov/8331346 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
HttpHeaderCsrfTokenRepository.java
/**
* CsrfTokenRepository implementation which duplicates HttpSessionCsrfTokenRepository functionality, but also
* adds the generated token to the response as a header when saving the token.
*
* @author Patrick Grimard
* @since 12/31/2013 3:44 PM
*/
public final class HttpHeaderCsrfTokenRepository implements CsrfTokenRepository {
/* other code left out for brevity */
/*
* (non-Javadoc)
* @see org.springframework.security.web.csrf.CsrfTokenRepository#saveToken(org.springframework.security.web.csrf.CsrfToken, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
public void saveToken(CsrfToken token, HttpServletRequest request,
HttpServletResponse response) {
if(token == null) {
HttpSession session = request.getSession(false);
if(session != null) {
session.removeAttribute(sessionAttributeName);
}
} else {
HttpSession session = request.getSession();
session.setAttribute(sessionAttributeName, token);
// We add the token as a response header
response.addHeader(headerName, token.getToken());
}
}
/* other code left out for brevity */
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment