|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface XsrfTokenGenerator
Interface for generating anti-XSRF tokens for web forms.
The default implementationSimpleXsrfTokenGenerator
should be good enough for anyone, but this interface is
provided just in case anyone wants to implement their own token generation strategy.
Field Summary | |
---|---|
static String |
TOKEN_HTTP_SESSION_KEY
The name of the XSRF token put ino the HTTP session |
static String |
TOKEN_WEB_PARAMETER_KEY
The name of the XSRF token parameter sent in on a web request |
Method Summary | |
---|---|
boolean |
generatedByAuthenticatedUser(String token)
This returns true of the token was generated by an authenticated user |
String |
generateToken()
Generate a new form token for the underlying current request. |
String |
generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new form token for the current request. |
String |
generateToken(VelocityRequestContext request)
Deprecated. since 4.3 - use the other two forms of generateToken() |
String |
getToken(javax.servlet.http.HttpServletRequest request)
Gets the token from the request. |
String |
getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request. |
boolean |
validateToken(javax.servlet.http.HttpServletRequest request,
String token)
Validate a form token received as part of a web request |
Field Detail |
---|
static final String TOKEN_HTTP_SESSION_KEY
static final String TOKEN_WEB_PARAMETER_KEY
Method Detail |
---|
String generateToken()
String generateToken(javax.servlet.http.HttpServletRequest request)
request
- the request the token is being generated for
String getToken(javax.servlet.http.HttpServletRequest request)
request
- request that contains the form token.
@Deprecated String generateToken(VelocityRequestContext request)
request
- the request the token is being generated for
String getXsrfTokenName()
boolean validateToken(javax.servlet.http.HttpServletRequest request, String token)
request
- the request the token was received intoken
- the token
boolean generatedByAuthenticatedUser(String token)
token
- the XSRF token in question
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |