Package org.apache.ofbiz.security
Interface ICsrfDefenseStrategy
- All Known Implementing Classes:
CsrfDefenseStrategy
,NoCsrfDefenseStrategy
public interface ICsrfDefenseStrategy
-
Method Summary
Modifier and TypeMethodDescriptionvoid
invalidTokenResponse
(String requestUri, HttpServletRequest request) boolean
keepTokenAfterUse
(String requestUri, String requestMethod) Whether to reuse the token after it is consumedint
maxSubFolderInRequestUrlForTokenMapLookup
(String requestUri) Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.boolean
modifySecurityCsrfToken
(String requestUri, String requestMapMethod, String securityCsrfToken) Override security csrf-token value in request map
-
Method Details
-
generateToken
String generateToken() -
maxSubFolderInRequestUrlForTokenMapLookup
Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.- Parameters:
requestUri
-- Returns:
-
modifySecurityCsrfToken
boolean modifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken) Override security csrf-token value in request map- Parameters:
requestUri
-requestMapMethod
- get, post or allsecurityCsrfToken
-- Returns:
-
keepTokenAfterUse
Whether to reuse the token after it is consumed- Parameters:
requestUri
-requestMethod
- GET, POST, or PUT- Returns:
-
invalidTokenResponse
void invalidTokenResponse(String requestUri, HttpServletRequest request) throws RequestHandlerExceptionAllowExternalRequests
-