public class Util
extends java.lang.Object
Modifier and Type | Method and Description |
---|---|
static <T extends java.lang.annotation.Annotation> |
getClassAnnotation(java.lang.Class<?> clazz,
java.lang.Class<T> annotationClass)
Find an instance of the specified annotation, walking up the inheritance
tree if necessary.
|
static javax.servlet.http.Cookie |
getCookie(javax.servlet.http.HttpServletRequest request,
java.lang.String cookieName,
boolean allowDuplicates)
Retrieves named cookie from supplied request.
|
static boolean |
isMethodXsrfProtected(java.lang.reflect.Method method,
java.lang.Class<? extends java.lang.annotation.Annotation> xsrfAnnotation,
java.lang.Class<? extends java.lang.annotation.Annotation> noXsrfAnnotation,
java.lang.Class<?> xsrfTokenInterface)
Checks if specified method is XSRF protected based on the following logic:
Method level annotations override class level annotations.
|
public static <T extends java.lang.annotation.Annotation> T getClassAnnotation(java.lang.Class<?> clazz, java.lang.Class<T> annotationClass)
AnnotationUtil
.
The super chain is walked first, so if an ancestor superclass has the requested annotation, it will be preferred over a directly implemented interface.
T
- Annotation type to search forclazz
- root class to search, may be nullannotationClass
- class object of Annotation subclass to search forpublic static javax.servlet.http.Cookie getCookie(javax.servlet.http.HttpServletRequest request, java.lang.String cookieName, boolean allowDuplicates)
allowDuplicates
is
set to true
, method will throw IllegalStateException
if
duplicate cookies are found, which can be a sign of a cookie overwrite
attack.request
- HTTP request to retrieve cookie from.cookieName
- Cookie name.allowDuplicates
- if true
duplicate cookies are allowed,
otherwise IllegalStateException
is thrown if duplicate
cookies are detected.Cookie
if specified cookie is present, null
otherwise.java.lang.IllegalArgumentException
- if duplicate cookies are detected.public static boolean isMethodXsrfProtected(java.lang.reflect.Method method, java.lang.Class<? extends java.lang.annotation.Annotation> xsrfAnnotation, java.lang.Class<? extends java.lang.annotation.Annotation> noXsrfAnnotation, java.lang.Class<?> xsrfTokenInterface)
xsrfAnnotation
this
method returns true
noXsrfAnnotation
, this method
returns false
.
xsrfAnnotation
and method is not
annotated, this method returns true
.
noXsrfAnnotation
and method is not
annotated, this method returns false
.
xsrfTokenInterface
, this method returns
true
.
false
.
AbstractXsrfProtectedServiceServlet