Package org.apache.ofbiz.security
Class NoCsrfDefenseStrategy
java.lang.Object
org.apache.ofbiz.security.NoCsrfDefenseStrategy
- All Implemented Interfaces:
ICsrfDefenseStrategy
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
invalidTokenResponse
(String requestUri, HttpServletRequest request) boolean
keepTokenAfterUse
(String requestUri, String requestMethod) Whether to reuse the token after it is consumedint
maxSubFolderInRequestUrlForTokenMapLookup
(String requestUri) Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.boolean
modifySecurityCsrfToken
(String requestUri, String requestMapMethod, String securityCsrfToken) Override security csrf-token value in request map
-
Constructor Details
-
NoCsrfDefenseStrategy
public NoCsrfDefenseStrategy()
-
-
Method Details
-
generateToken
- Specified by:
generateToken
in interfaceICsrfDefenseStrategy
-
maxSubFolderInRequestUrlForTokenMapLookup
Description copied from interface:ICsrfDefenseStrategy
Limit the number of subfolders in request uri to reduce the number of CSRF tokens needed.- Specified by:
maxSubFolderInRequestUrlForTokenMapLookup
in interfaceICsrfDefenseStrategy
- Returns:
-
modifySecurityCsrfToken
public boolean modifySecurityCsrfToken(String requestUri, String requestMapMethod, String securityCsrfToken) Description copied from interface:ICsrfDefenseStrategy
Override security csrf-token value in request map- Specified by:
modifySecurityCsrfToken
in interfaceICsrfDefenseStrategy
requestMapMethod
- get, post or all- Returns:
-
keepTokenAfterUse
Description copied from interface:ICsrfDefenseStrategy
Whether to reuse the token after it is consumed- Specified by:
keepTokenAfterUse
in interfaceICsrfDefenseStrategy
requestMethod
- GET, POST, or PUT- Returns:
-
invalidTokenResponse
- Specified by:
invalidTokenResponse
in interfaceICsrfDefenseStrategy
-