java.lang.Object

org.apache.ofbiz.security.CsrfUtil

public final class CsrfUtil extends Object

Method Summary

Modifier and Type

Method

Description

static String

addOrUpdateTokenInQueryString(String link, String csrfToken)

static String

addOrUpdateTokenInUrl(String link, String csrfToken)

static void

checkToken(HttpServletRequest request, String path)

static void

cleanupTokenMap(HttpSession session)

static String

generateTokenForAjax(HttpServletRequest request)

generate csrf token for AJAX and add it as value to token cache

static String

generateTokenForNonAjax(HttpServletRequest request, String pathOrRequestUri)

Generate CSRF token for non-ajax request if required and add it as key to token map in session When token map size limit is reached, the eldest entry will be deleted each time a new entry is added.

static ICsrfDefenseStrategy

getStrategy()

static String

getTokenForAjax(HttpSession session)

get csrf token for AJAX

static Map<String,String>

getTokenMap(HttpServletRequest request, String targetContextPath)

static String

getTokenNameNonAjax()

static void

setStrategy(ICsrfDefenseStrategy strategy)

static void

setTokenNameNonAjax(String tokenNameNonAjax)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- getTokenMap
  
  public static Map<String,String> getTokenMap(HttpServletRequest request, String targetContextPath)
- generateTokenForNonAjax
  
  public static String generateTokenForNonAjax(HttpServletRequest request, String pathOrRequestUri)
  
  Generate CSRF token for non-ajax request if required and add it as key to token map in session When token map size limit is reached, the eldest entry will be deleted each time a new entry is added. Token only generated for up to 3 subfolders in the path so 'entity/find/Budget/0001' and 'entity/find/Budget/0002' should share the same CSRF token.
  
  Parameters:
  
  request -
  
  pathOrRequestUri -
  
  Returns:
  
  csrf token
- generateTokenForAjax
  
  public static String generateTokenForAjax(HttpServletRequest request)
  
  generate csrf token for AJAX and add it as value to token cache
  
  Parameters:
  
  request -
  
  Returns:
  
  csrf token
- getTokenForAjax
  
  public static String getTokenForAjax(HttpSession session)
  
  get csrf token for AJAX
  
  Parameters:
  
  session -
  
  Returns:
  
  csrf token
- addOrUpdateTokenInUrl
  
  public static String addOrUpdateTokenInUrl(String link, String csrfToken)
- addOrUpdateTokenInQueryString
  
  public static String addOrUpdateTokenInQueryString(String link, String csrfToken)
- checkToken
  
  public static void checkToken(HttpServletRequest request, String path) throws RequestHandlerException, RequestHandlerExceptionAllowExternalRequests
  
  Throws:
  
  RequestHandlerException
  
  RequestHandlerExceptionAllowExternalRequests
- cleanupTokenMap
  
  public static void cleanupTokenMap(HttpSession session)
- getTokenNameNonAjax
  
  public static String getTokenNameNonAjax()
  
  Returns:
  
  the tokenNameNonAjax
- setTokenNameNonAjax
  
  public static void setTokenNameNonAjax(String tokenNameNonAjax)
  
  Parameters:
  
  tokenNameNonAjax - the tokenNameNonAjax to set
- getStrategy
  
  public static ICsrfDefenseStrategy getStrategy()
  
  Returns:
  
  the strategy
- setStrategy
  
  public static void setStrategy(ICsrfDefenseStrategy strategy)
  
  Parameters:
  
  strategy - the strategy to set

Class CsrfUtil

Method Summary

Methods inherited from class java.lang.Object

Method Details

getTokenMap

generateTokenForNonAjax

generateTokenForAjax

getTokenForAjax

addOrUpdateTokenInUrl

addOrUpdateTokenInQueryString

checkToken

cleanupTokenMap

getTokenNameNonAjax

setTokenNameNonAjax

getStrategy

setStrategy