@Override protected Object eval(Object context, Map<String, Object> vars) { if(config.isCsrfEnabled()) { HtplContext hc = (HtplContext)context; RequestBase request = hc.getRequest(); if(null != request) { CsrfToken token = CSRF.getGeneratedToken(request); if(null != token) { hc.setLocalVariable("csrf_token_string", token.getToken()); } return true; } } return false; } });
@Override public State preExecuteAction(ActionContext context, Validation validation) throws Throwable { if(!isEnabled(context)) { return State.CONTINUE; } Request request = context.getRequest(); //Ignore GET request if(request.isMethod(HTTP.Method.GET)) { return State.CONTINUE; } //Check ignored if(CSRF.isIgnored(request.getServletRequest())) { return State.CONTINUE; } CsrfToken token = CSRF.getGeneratedToken(request); checkCsrfToken(request, token); return State.CONTINUE; }