public abstract class AbstractCsrfTokenManager extends AbstractLoggableComponent implements CsrfTokenManager
|Constructor and Description|
|Modifier and Type||Method and Description|
Checks if the given
createLogger, doInitialize, getLogger
doInitialized, getInitializationState, initialize
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
currentToken- is the current
CsrfTokenthat has previously been generated and may be updated.
currentToken(same instance) to keep the token or a new instance of
CsrfTokento replace the current token and expect the next request from the client to provide that new token (e.g. to implement one-time tokens for highest level of protection).
public void validateToken(CsrfToken token) throws SecurityException
public boolean isValidToken(CsrfToken token)
CsrfTokenthat has been sent from the client is valid. This method has to correspond to
CsrfTokenManager.generateUpdateToken(CsrfToken). In case a remote invocation is invoked that is secured (requires authentication and typically also authorization), the
CsrfTokenhas to be checked. A value of
nullis never valid and will always fail. Only in case of a secured invocation and the presence of
CsrfTokenthis method is invoked.
Copyright © 2001–2014 mmm-Team. All rights reserved.