|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface XsrfTokenGenerator
Interface for generating anti-XSRF tokens for web forms.
The default implementation (available viw dependency injection) should be good enough for anyone, but this interface is provided just in case anyone wants to implement their own token generation strategy.
Field Summary | |
---|---|
static String |
TOKEN_HTTP_SESSION_KEY
The name of the XSRF token put ino the HTTP session |
static String |
TOKEN_WEB_PARAMETER_KEY
The name of the XSRF token parameter sent in on a web request |
Method Summary | |
---|---|
boolean |
generatedByAuthenticatedUser(String token)
This returns true of the token was generated by an authenticated user |
String |
generateToken()
Gets the token from the current request, generating a new one if none is found |
String |
generateToken(boolean create)
Gets the token from the current request, optionally generating a new one if none is found |
String |
generateToken(javax.servlet.http.HttpServletRequest request)
Gets the token from the current request, generating a new one if none is found |
String |
generateToken(javax.servlet.http.HttpServletRequest request,
boolean create)
Gets the token from the current request, optionally generating a new one if none is found |
String |
generateToken(VelocityRequestContext request)
Deprecated. since 4.3 - use the other two forms of generateToken() |
String |
getToken(javax.servlet.http.HttpServletRequest request)
Gets the token from the current request, generating a new one if none is found |
String |
getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request. |
boolean |
validateToken(javax.servlet.http.HttpServletRequest request,
String token)
Validate a form token received as part of a web request |
Field Detail |
---|
static final String TOKEN_HTTP_SESSION_KEY
static final String TOKEN_WEB_PARAMETER_KEY
Method Detail |
---|
String generateToken()
String generateToken(boolean create)
create
- true to create token if none is found
String generateToken(javax.servlet.http.HttpServletRequest request)
request
- the request the token is being generated for
String generateToken(javax.servlet.http.HttpServletRequest request, boolean create)
request
- the request the token is being generated forcreate
- true to create token if none is found
String getToken(javax.servlet.http.HttpServletRequest request)
request
- request that contains the form token.
@Deprecated String generateToken(VelocityRequestContext request)
request
- the request the token is being generated for
String getXsrfTokenName()
boolean validateToken(javax.servlet.http.HttpServletRequest request, String token)
request
- the request the token was received intoken
- the token
boolean generatedByAuthenticatedUser(String token)
token
- the XSRF token in question
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |