SynchronizerToken (otter 1.3 API)

java.lang.Object
- org.rootservices.otter.security.csrf.SynchronizerToken

All Implemented Interfaces:: Csrf

public class SynchronizerToken
extends java.lang.Object
implements Csrf

Created by tommackenzie on 4/9/16.

Field Summary

Fields
Modifier and Type Field Description

protected static java.lang.String CHALLENGE_TOKEN_FORM_NAME

protected static java.lang.String CHALLENGE_TOKEN_SESSION_NAME

Fields
Modifier and Type	Field	Description
`protected static java.lang.String`	`CHALLENGE_TOKEN_FORM_NAME`
`protected static java.lang.String`	`CHALLENGE_TOKEN_SESSION_NAME`

Constructor Summary

Constructors
Constructor Description

SynchronizerToken(RandomString randomString)

Constructors
Constructor	Description
`SynchronizerToken(RandomString randomString)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`checkTokens(javax.servlet.http.HttpServletRequest httpRequest)`
`protected boolean`	`doTokensMatch(java.util.Optional<java.lang.String> sessionChallengeToken, java.util.Optional<java.lang.String> formChallengeToken)`
`protected java.util.Optional<java.lang.String>`	`getChallengeTokenFromForm(javax.servlet.http.HttpServletRequest request)`
`protected java.util.Optional<java.lang.String>`	`getChallengeTokenFromSession(javax.servlet.http.HttpServletRequest request)`
`protected void`	`insertChallengeTokenIntoSession(javax.servlet.http.HttpServletRequest request)`
`protected boolean`	`requestMethodRequiresChallengeToken(java.lang.String method)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CHALLENGE_TOKEN_SESSION_NAME

protected static java.lang.String CHALLENGE_TOKEN_SESSION_NAME

CHALLENGE_TOKEN_FORM_NAME

protected static java.lang.String CHALLENGE_TOKEN_FORM_NAME

Constructor Detail

SynchronizerToken

public SynchronizerToken(RandomString randomString)

Method Detail

checkTokens

public void checkTokens(javax.servlet.http.HttpServletRequest httpRequest)
                 throws CsrfException

Specified by:: checkTokens in interface Csrf
Throws:: CsrfException

doTokensMatch

protected boolean doTokensMatch(java.util.Optional<java.lang.String> sessionChallengeToken,
                                java.util.Optional<java.lang.String> formChallengeToken)

requestMethodRequiresChallengeToken

protected boolean requestMethodRequiresChallengeToken(java.lang.String method)

getChallengeTokenFromSession

protected java.util.Optional<java.lang.String> getChallengeTokenFromSession(javax.servlet.http.HttpServletRequest request)

insertChallengeTokenIntoSession

protected void insertChallengeTokenIntoSession(javax.servlet.http.HttpServletRequest request)
                                        throws CsrfException

Throws:: CsrfException

getChallengeTokenFromForm

protected java.util.Optional<java.lang.String> getChallengeTokenFromForm(javax.servlet.http.HttpServletRequest request)

Class SynchronizerToken

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CHALLENGE_TOKEN_SESSION_NAME

CHALLENGE_TOKEN_FORM_NAME

Constructor Detail

SynchronizerToken

Method Detail

checkTokens

doTokensMatch

requestMethodRequiresChallengeToken

getChallengeTokenFromSession

insertChallengeTokenIntoSession

getChallengeTokenFromForm