Package com.google.refine.commands

Class CSRFTokenFactory

java.lang.Object
com.google.refine.commands.CSRFTokenFactory
public class CSRFTokenFactory extends Object
Generates CSRF tokens and checks their validity.
Author:
Antonin Delpeuch

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final SecureRandom
    rng
    Random number generator used to create tokens
    protected final long
    timeToLive
    Time to live for tokens, in seconds
    protected final com.google.common.cache.LoadingCache<String,Instant>
    tokenCache
    Maps each token to the time it was generated
    protected final int
    tokenLength
    Length of the tokens to generate

  • Constructor Summary

    Constructors
    Constructor
    Description
    CSRFTokenFactory(long timeToLive, int tokenLength)
    Constructs a new CSRF token factory.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getFreshToken()
    Generates a fresh CSRF token, which will remain valid for the configured amount of time.
    boolean
    validToken(String token)
    Checks that a given CSRF token is valid.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • tokenCache

      protected final com.google.common.cache.LoadingCache<String,Instant> tokenCache
      Maps each token to the time it was generated

    • timeToLive

      protected final long timeToLive
      Time to live for tokens, in seconds

    • tokenLength

      protected final int tokenLength
      Length of the tokens to generate

    • rng

      protected final SecureRandom rng
      Random number generator used to create tokens

  • Constructor Details

    • CSRFTokenFactory

      public CSRFTokenFactory(long timeToLive, int tokenLength)
      Constructs a new CSRF token factory.
      Parameters:
      timeToLive - Time to live for tokens, in seconds
      tokenLength - Length of the tokens generated

  • Method Details

    • getFreshToken

      public String getFreshToken()
      Generates a fresh CSRF token, which will remain valid for the configured amount of time.

    • validToken

      public boolean validToken(String token)
      Checks that a given CSRF token is valid.
      Parameters:
      token - the token to verify
      Returns:
      true if the token is valid