Package org.apache.ofbiz.security
Interface ICsrfDefenseStrategy
- All Known Implementing Classes:
CsrfDefenseStrategy,NoCsrfDefenseStrategy
public interface ICsrfDefenseStrategy
-
Method Summary
Modifier and TypeMethodDescriptionvoidinvalidTokenResponse(String requestUri, HttpServletRequest request) booleankeepTokenAfterUse(String requestUri, String requestMethod) Whether to reuse the token after it is consumedintmaxSubFolderInRequestUrlForTokenMapLookup(String requestUri) Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.booleanmodifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken) Override security csrf-token value in request map
-
Method Details
-
generateToken
String generateToken() -
maxSubFolderInRequestUrlForTokenMapLookup
Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.- Parameters:
requestUri-- Returns:
-
modifySecurityCsrfToken
boolean modifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken) Override security csrf-token value in request map- Parameters:
requestUri-requestMapMethod- get, post or allsecurityCsrfToken-- Returns:
-
keepTokenAfterUse
Whether to reuse the token after it is consumed- Parameters:
requestUri-requestMethod- GET, POST, or PUT- Returns:
-
invalidTokenResponse
void invalidTokenResponse(String requestUri, HttpServletRequest request) throws RequestHandlerExceptionAllowExternalRequests
-