Package org.rootservices.otter.security.csrf

Class SynchronizerToken

  • All Implemented Interfaces:
    Csrf
    public class SynchronizerToken
extends java.lang.Object
implements Csrf
    Created by tommackenzie on 4/9/16.

    • Method Summary

      Modifier and Type Method Description
      void checkTokens​(javax.servlet.http.HttpServletRequest httpRequest)  
      protected boolean doTokensMatch​(java.util.Optional<java.lang.String> sessionChallengeToken, java.util.Optional<java.lang.String> formChallengeToken)  
      protected java.util.Optional<java.lang.String> getChallengeTokenFromForm​(javax.servlet.http.HttpServletRequest request)  
      protected java.util.Optional<java.lang.String> getChallengeTokenFromSession​(javax.servlet.http.HttpServletRequest request)  
      protected void insertChallengeTokenIntoSession​(javax.servlet.http.HttpServletRequest request)  
      protected boolean requestMethodRequiresChallengeToken​(java.lang.String method)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • CHALLENGE_TOKEN_SESSION_NAME

        protected static java.lang.String CHALLENGE_TOKEN_SESSION_NAME

      • CHALLENGE_TOKEN_FORM_NAME

        protected static java.lang.String CHALLENGE_TOKEN_FORM_NAME

    • Constructor Detail

      • SynchronizerToken

        public SynchronizerToken​(RandomString randomString)

    • Method Detail

      • doTokensMatch

        protected boolean doTokensMatch​(java.util.Optional<java.lang.String> sessionChallengeToken,
                                java.util.Optional<java.lang.String> formChallengeToken)

      • requestMethodRequiresChallengeToken

        protected boolean requestMethodRequiresChallengeToken​(java.lang.String method)

      • getChallengeTokenFromSession

        protected java.util.Optional<java.lang.String> getChallengeTokenFromSession​(javax.servlet.http.HttpServletRequest request)

      • insertChallengeTokenIntoSession

        protected void insertChallengeTokenIntoSession​(javax.servlet.http.HttpServletRequest request)
                                        throws CsrfException
        Throws:
        CsrfException

      • getChallengeTokenFromForm

        protected java.util.Optional<java.lang.String> getChallengeTokenFromForm​(javax.servlet.http.HttpServletRequest request)