java.lang.Object

org.apache.ofbiz.security.CsrfDefenseStrategy

All Implemented Interfaces:: ICsrfDefenseStrategy

public class CsrfDefenseStrategy extends Object implements ICsrfDefenseStrategy

Constructor Summary

Constructors

Constructor

Description

CsrfDefenseStrategy()
Method Summary

Modifier and Type

Method

Description

String

generateToken()

void

invalidTokenResponse(String requestUri, HttpServletRequest request)

boolean

keepTokenAfterUse(String requestUri, String requestMethod)

Whether to reuse the token after it is consumed

int

maxSubFolderInRequestUrlForTokenMapLookup(String requestUri)

Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.

boolean

modifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken)

Override security csrf-token value in request map

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CsrfDefenseStrategy
  
  public CsrfDefenseStrategy()
Method Details
- generateToken
  
  public String generateToken()
  
  Specified by:
  
  generateToken in interface ICsrfDefenseStrategy
- maxSubFolderInRequestUrlForTokenMapLookup
  
  public int maxSubFolderInRequestUrlForTokenMapLookup(String requestUri)
  
  Description copied from interface: ICsrfDefenseStrategy
  
  Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.
  
  Specified by:
  
  maxSubFolderInRequestUrlForTokenMapLookup in interface ICsrfDefenseStrategy
  
  Returns:
- modifySecurityCsrfToken
  
  public boolean modifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken)
  
  Description copied from interface: ICsrfDefenseStrategy
  
  Override security csrf-token value in request map
  
  Specified by:
  
  modifySecurityCsrfToken in interface ICsrfDefenseStrategy
  
  requestMapMethod - get, post or all
  
  Returns:
- keepTokenAfterUse
  
  public boolean keepTokenAfterUse(String requestUri, String requestMethod)
  
  Description copied from interface: ICsrfDefenseStrategy
  
  Whether to reuse the token after it is consumed
  
  Specified by:
  
  keepTokenAfterUse in interface ICsrfDefenseStrategy
  
  requestMethod - GET, POST, or PUT
  
  Returns:
- invalidTokenResponse
  
  public void invalidTokenResponse(String requestUri, HttpServletRequest request) throws RequestHandlerExceptionAllowExternalRequests
  
  Specified by:
  
  invalidTokenResponse in interface ICsrfDefenseStrategy
  
  Throws:
  
  RequestHandlerExceptionAllowExternalRequests

Class CsrfDefenseStrategy

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

CsrfDefenseStrategy

Method Details

generateToken

maxSubFolderInRequestUrlForTokenMapLookup

modifySecurityCsrfToken

keepTokenAfterUse

invalidTokenResponse