Created
January 9, 2014 08:56
-
-
Save letenkov/8331346 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* CsrfTokenRepository implementation which duplicates HttpSessionCsrfTokenRepository functionality, but also | |
* adds the generated token to the response as a header when saving the token. | |
* | |
* @author Patrick Grimard | |
* @since 12/31/2013 3:44 PM | |
*/ | |
public final class HttpHeaderCsrfTokenRepository implements CsrfTokenRepository { | |
/* other code left out for brevity */ | |
/* | |
* (non-Javadoc) | |
* @see org.springframework.security.web.csrf.CsrfTokenRepository#saveToken(org.springframework.security.web.csrf.CsrfToken, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) | |
*/ | |
public void saveToken(CsrfToken token, HttpServletRequest request, | |
HttpServletResponse response) { | |
if(token == null) { | |
HttpSession session = request.getSession(false); | |
if(session != null) { | |
session.removeAttribute(sessionAttributeName); | |
} | |
} else { | |
HttpSession session = request.getSession(); | |
session.setAttribute(sessionAttributeName, token); | |
// We add the token as a response header | |
response.addHeader(headerName, token.getToken()); | |
} | |
} | |
/* other code left out for brevity */ | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment