Saturday, February 7, 2026

Invoke Servlet from index.html

 


Servlet

// src/main/java/com/example/web/CsrfStateServlet.java
package com.example.web;

import com.example.security.StateUtil;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.*;

import java.io.IOException;

@WebServlet("/api/oauth/state")
public class CsrfStateServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws IOException {

        HttpSession session = req.getSession(true);
        String state = StateUtil.generateState();
        session.setAttribute("oauth_state", state);

        resp.setContentType("application/json; charset=UTF-8");
        resp.getWriter().printf("{\"state\":\"%s\"}", state);
    }
}

// src/main/java/com/example/security/StateUtil.java
package com.example.security;

import java.security.SecureRandom;
import java.util.Base64;

public final class StateUtil {
    private static final SecureRandom RANDOM = new SecureRandom();

    private StateUtil() {}

    public static String generateState() {
        byte[] bytes = new byte[24]; // 192 bits
        RANDOM.nextBytes(bytes);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
    }
}

Set-Cookie



Posted by at No comments:
Subscribe to: Comments (Atom)