packagecom.wangzhixuan.commons.csrf;importjava.util.UUID;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpSession;importcom.wangzhixuan.commons.utils.StringUtils;public final class HttpSessionCsrfTokenRepository implementsCsrfTokenRepository {private static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");private static final String DEFAULT_CACHE_URL_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName().concat(".CACHE_URL");private String parameterName =DEFAULT_CSRF_PARAMETER_NAME;private String headerName =DEFAULT_CSRF_HEADER_NAME;private String sessionAttributeName =DEFAULT_CSRF_TOKEN_ATTR_NAME;private String cacheUrlAttributeName =DEFAULT_CACHE_URL_ATTR_NAME;/** (non-Javadoc)
*
* @see org.springframework.security.web.csrf.CsrfTokenRepository#saveToken(org.
* springframework .security.web.csrf.CsrfToken,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)*/
public voidsaveToken(CsrfTokenBean token, HttpServletRequest request,
HttpServletResponse response) {if (token == null) {
HttpSession session= request.getSession(false);if (session != null) {
session.removeAttribute(this.sessionAttributeName);
}
}else{
HttpSession session=request.getSession();
session.setAttribute(this.sessionAttributeName, token);
}
}/** (non-Javadoc)
*
* @see
* org.springframework.security.web.csrf.CsrfTokenRepository#loadToken(javax.servlet
* .http.HttpServletRequest)*/
publicCsrfTokenBean loadToken(HttpServletRequest request) {
HttpSession session= request.getSession(false);if (session == null) {return null;
}return (CsrfTokenBean) session.getAttribute(this.sessionAttributeName);
}/** (non-Javadoc)
*
* @see org.springframework.security.web.csrf.CsrfTokenRepository#generateToken(javax.
* servlet .http.HttpServletRequest)*/
publicCsrfTokenBean generateToken(HttpServletRequest request) {return new CsrfTokenBean(this.headerName, this.parameterName,
createNewToken());
}privateString createNewToken() {returnUUID.randomUUID().toString();
}
@Overridepublic voidcacheUrl(HttpServletRequest request, HttpServletResponse response) {
String queryString=request.getQueryString();//被拦截前的请求URL
String redirectUrl =request.getRequestURI();if(StringUtils.isNotBlank(queryString)) {
redirectUrl= redirectUrl.concat("?").concat(queryString);
}
HttpSession session=request.getSession();
session.setAttribute(this.cacheUrlAttributeName, redirectUrl);
}
@OverridepublicString getRemoveCacheUrl(HttpServletRequest request, HttpServletResponse response) {
HttpSession session= request.getSession(false);if (session == null) {return null;
}
String redirectUrl= (String) session.getAttribute(this.cacheUrlAttributeName);if(StringUtils.isBlank(redirectUrl)) {return null;
}
session.removeAttribute(this.cacheUrlAttributeName);returnredirectUrl;
}
}