|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface XsrfTokenGenerator
Interface for generating anti-XSRF tokens for web forms.
The default implementationSimpleXsrfTokenGenerator
should be good enough for anyone, but this interface is
provided just in case anyone wants to implement their own token generation strategy.
Field Summary | |
---|---|
static String |
TOKEN_HTTP_SESSION_KEY
The name of the XSRF token put ino the HTTP session |
static String |
TOKEN_WEB_PARAMETER_KEY
The name of the XSRF token parameter sent in on a web request |
Method Summary | |
---|---|
String |
generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new form token for the current request. |
String |
generateToken(VelocityRequestContext request)
Generate a new form token for the current request. |
String |
getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request. |
boolean |
validateToken(javax.servlet.http.HttpServletRequest request,
String token)
Validate a form token received as part of a web request |
Field Detail |
---|
static final String TOKEN_HTTP_SESSION_KEY
static final String TOKEN_WEB_PARAMETER_KEY
Method Detail |
---|
String generateToken(javax.servlet.http.HttpServletRequest request)
request
- the request the token is being generated for
String generateToken(VelocityRequestContext request)
request
- the request the token is being generated for
String getXsrfTokenName()
boolean validateToken(javax.servlet.http.HttpServletRequest request, String token)
request
- the request the token was received intoken
- the token
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |