Package com.webmethods.caf.faces.render.xsrf

Class SessionBasedAXSRFTVendingMachine

java.lang.Object

com.webmethods.caf.faces.render.xsrf.BaseAXSRFTVendingMachine

com.webmethods.caf.faces.render.xsrf.SessionBasedAXSRFTVendingMachine

All Implemented Interfaces:

IAXSRFTVendingMachine

public class SessionBasedAXSRFTVendingMachine
extends BaseAXSRFTVendingMachine

Anti-cross-site-request-forgery-token manager which uses per-session tokens.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	SESSION_TOKEN

Fields inherited from class com.webmethods.caf.faces.render.xsrf.BaseAXSRFTVendingMachine

m_whitelist

Constructor Summary

Constructors

Constructor	Description
SessionBasedAXSRFTVendingMachine()

Method Summary

Modifier and Type	Method	Description
boolean	acceptToken(FacesContext context, String token)	Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.
boolean	acceptToken(HttpServletRequest request, String token)	Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.
protected boolean	acceptToken(HttpSession session, String token)	Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.
protected String	generateToken()	Generates a new random token.
String	produceToken(String user)	Produces an anti-cross-site-request-forgery token for the specified user.
String	produceToken(FacesContext context)	Produces an anti-cross-site-request-forgery token for the specified user.
String	produceToken(HttpServletRequest request)	Produces an anti-cross-site-request-forgery token for the specified user.
protected String	produceToken(HttpSession session)	Produces an anti-cross-site-request-forgery token for the specified user.

Methods inherited from class com.webmethods.caf.faces.render.xsrf.BaseAXSRFTVendingMachine

getRequest, getWhitelist, inWhitelist, parseWhitelist, setWhitelist

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SESSION_TOKEN

protected static final String SESSION_TOKEN

Constructor Details

SessionBasedAXSRFTVendingMachine

public SessionBasedAXSRFTVendingMachine()

Method Details

produceToken

public String produceToken(FacesContext context)

Produces an anti-cross-site-request-forgery token for the specified user.

produceToken

public String produceToken(HttpServletRequest request)

Produces an anti-cross-site-request-forgery token for the specified user.

produceToken

public String produceToken(String user)

Produces an anti-cross-site-request-forgery token for the specified user.

acceptToken

public boolean acceptToken(FacesContext context,
 String token)

Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.

acceptToken

public boolean acceptToken(HttpServletRequest request,
 String token)

Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.

produceToken

protected String produceToken(HttpSession session)

Produces an anti-cross-site-request-forgery token for the specified user.

acceptToken

protected boolean acceptToken(HttpSession session,
 String token)

Returns true if the specified anti-cross-site-request-forgery token is valid for the specified user.

generateToken

protected String generateToken()

Generates a new random token.