org.owasp.csrfguard.util

Class CsrfGuardUtils

java.lang.Object

org.owasp.csrfguard.util.CsrfGuardUtils

public final class CsrfGuardUtils
extends Object

Various utility methods/helpers.

Method Summary

Modifier and Type	Method and Description
static void	addResponseTokenHeader(CsrfGuard csrfGuard, javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, TokenTO tokenTO)
static <T> Class<T>	forName(String origClassName) Returns the class object.
static String	httpProtocolAndDomain(String url, boolean includeProtocol) for a url, get the protocol and domain, e.g. for url https://a.b/path, will return https://a.b
static boolean	isAjaxRequest(javax.servlet.http.HttpServletRequest request)
static boolean	isPermittedUserAgent(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, CsrfGuard csrfGuard)
static <T> T	newInstance(Class<T> theClass) Construct a class
static String	normalizeResourceURI(javax.servlet.http.HttpServletRequest httpServletRequest)
static String	normalizeResourceURI(String resourceURI)
static String	readFileContent(String fileNameWithAbsolutePath)
static String	readInputStreamContent(InputStream inputStream)
static String	readResourceFileContent(String resourceName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

httpProtocolAndDomain

public static String httpProtocolAndDomain(String url,
                                           boolean includeProtocol)

for a url, get the protocol and domain, e.g. for url https://a.b/path, will return https://a.b

Parameters:

url - a string representing a URL

includeProtocol - whether to include the HTTP or HTTPS protocol in the result

Returns:

the path with or without the protocol

forName

public static <T> Class<T> forName(String origClassName)

Returns the class object.

Type Parameters:

T - the type of the desired class

Parameters:

origClassName - is fully qualified

Returns:

the class

readResourceFileContent

public static String readResourceFileContent(String resourceName)

readFileContent

public static String readFileContent(String fileNameWithAbsolutePath)

newInstance

public static <T> T newInstance(Class<T> theClass)

Construct a class

Type Parameters:

T - template type

Parameters:

theClass - the class on which to invoke newInstance()

Returns:

the instance

addResponseTokenHeader

public static void addResponseTokenHeader(CsrfGuard csrfGuard,
                                          javax.servlet.http.HttpServletRequest httpServletRequest,
                                          javax.servlet.http.HttpServletResponse httpServletResponse,
                                          TokenTO tokenTO)

isAjaxRequest

public static boolean isAjaxRequest(javax.servlet.http.HttpServletRequest request)

normalizeResourceURI

public static String normalizeResourceURI(javax.servlet.http.HttpServletRequest httpServletRequest)

normalizeResourceURI

public static String normalizeResourceURI(String resourceURI)

readInputStreamContent

public static String readInputStreamContent(InputStream inputStream)

isPermittedUserAgent

public static boolean isPermittedUserAgent(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           CsrfGuard csrfGuard)
                                    throws IOException

Throws:

IOException