Package org.apache.ofbiz.security
Class CsrfUtil
java.lang.Object
org.apache.ofbiz.security.CsrfUtil
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
addOrUpdateTokenInQueryString
(String link, String csrfToken) static String
addOrUpdateTokenInUrl
(String link, String csrfToken) static void
checkToken
(HttpServletRequest request, String path) static void
cleanupTokenMap
(HttpSession session) static String
generateTokenForAjax
(HttpServletRequest request) generate csrf token for AJAX and add it as value to token cachestatic String
generateTokenForNonAjax
(HttpServletRequest request, String pathOrRequestUri) Generate CSRF token for non-ajax request if required and add it as key to token map in session When token map size limit is reached, the eldest entry will be deleted each time a new entry is added.static ICsrfDefenseStrategy
static String
getTokenForAjax
(HttpSession session) get csrf token for AJAXgetTokenMap
(HttpServletRequest request, String targetContextPath) static String
static void
setStrategy
(ICsrfDefenseStrategy strategy) static void
setTokenNameNonAjax
(String tokenNameNonAjax)
-
Method Details
-
getTokenMap
-
generateTokenForNonAjax
Generate CSRF token for non-ajax request if required and add it as key to token map in session When token map size limit is reached, the eldest entry will be deleted each time a new entry is added. Token only generated for up to 3 subfolders in the path so 'entity/find/Budget/0001' and 'entity/find/Budget/0002' should share the same CSRF token.- Parameters:
request
-pathOrRequestUri
-- Returns:
- csrf token
-
generateTokenForAjax
generate csrf token for AJAX and add it as value to token cache- Parameters:
request
-- Returns:
- csrf token
-
getTokenForAjax
get csrf token for AJAX- Parameters:
session
-- Returns:
- csrf token
-
addOrUpdateTokenInUrl
-
addOrUpdateTokenInQueryString
-
checkToken
public static void checkToken(HttpServletRequest request, String path) throws RequestHandlerException, RequestHandlerExceptionAllowExternalRequests -
cleanupTokenMap
-
getTokenNameNonAjax
- Returns:
- the tokenNameNonAjax
-
setTokenNameNonAjax
- Parameters:
tokenNameNonAjax
- the tokenNameNonAjax to set
-
getStrategy
- Returns:
- the strategy
-
setStrategy
- Parameters:
strategy
- the strategy to set
-