|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.crowd.xwork.SimpleXsrfTokenGenerator
public class SimpleXsrfTokenGenerator
Simple implementation of XsrfTokenGenerator that stores a unique value in the session. The session ID itself isn't used because we don't want to risk compromising the entire session in case we don't protect the XSRF token diligently enough.
Tokens are chosen to be reasonably unique (60 bits) with reasonably short representations (base64 encoded).
Field Summary | |
---|---|
static String |
TOKEN_SESSION_KEY
|
Constructor Summary | |
---|---|
SimpleXsrfTokenGenerator()
|
Method Summary | |
---|---|
String |
generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new form token for the current request. |
String |
getToken(javax.servlet.http.HttpServletRequest request,
boolean create)
Retrieves the token from the request. |
String |
getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request. |
boolean |
validateToken(javax.servlet.http.HttpServletRequest request,
String token)
Validate a form token received as part of a web request |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String TOKEN_SESSION_KEY
Constructor Detail |
---|
public SimpleXsrfTokenGenerator()
Method Detail |
---|
public String getToken(javax.servlet.http.HttpServletRequest request, boolean create)
XsrfTokenGenerator
getToken
in interface XsrfTokenGenerator
request
- the request the token is retrieved fromcreate
- if true, a token will be created if it doesn't already exist
public String generateToken(javax.servlet.http.HttpServletRequest request)
XsrfTokenGenerator
generateToken
in interface XsrfTokenGenerator
request
- the request the token is being generated for
public String getXsrfTokenName()
XsrfTokenGenerator
getXsrfTokenName
in interface XsrfTokenGenerator
public boolean validateToken(javax.servlet.http.HttpServletRequest request, String token)
XsrfTokenGenerator
validateToken
in interface XsrfTokenGenerator
request
- the request the token was received intoken
- the token
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |