package org.eclipse.lyo.server.oauth.webapp.services;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

/* loaded from: input_file:WEB-INF/classes/org/eclipse/lyo/server/oauth/webapp/services/CSRFPrevent.class */
public class CSRFPrevent {
    private static final String CSRF_PREVENT_HEADER = "X-CSRF-Prevent";

    public static void check(HttpServletRequest httpServletRequest) {
        if (!httpServletRequest.getSession().getId().equals(httpServletRequest.getHeader(CSRF_PREVENT_HEADER))) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("Request denied due to possible CSRF attack.").type(MediaType.TEXT_PLAIN).build());
        }
    }
}
