net.sf.mmm.service.base.server

Class AbstractCsrfTokenManager

java.lang.Object

net.sf.mmm.util.component.base.AbstractComponent

net.sf.mmm.util.component.base.AbstractLoggableComponent

net.sf.mmm.service.base.server.AbstractCsrfTokenManager

All Implemented Interfaces:

CsrfTokenManager, Security

Direct Known Subclasses:

CsrfTokenManagerDefaultImpl

public abstract class AbstractCsrfTokenManager
extends AbstractLoggableComponent
implements CsrfTokenManager

This is the abstract base implementation of CsrfTokenManager.

Since:

1.0.0

Author:

Joerg Hohwiller (hohwille at users.sourceforge.net)

Constructor Summary

Constructors

Constructor and Description
AbstractCsrfTokenManager() The constructor.

Method Summary

Modifier and Type	Method and Description
CsrfToken	generateUpdateToken(CsrfToken currentToken) This method generates a new CsrfToken or updates an existing one-time CsrfToken.
boolean	isValidToken(CsrfToken token) Checks if the given CsrfToken that has been sent from the client is valid.
void	validateToken(CsrfToken token)

Methods inherited from class net.sf.mmm.util.component.base.AbstractLoggableComponent

createLogger, doInitialize, getLogger

Methods inherited from class net.sf.mmm.util.component.base.AbstractComponent

doInitialized, getInitializationState, initialize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.sf.mmm.service.base.server.CsrfTokenManager

generateInitialToken

Constructor Detail

AbstractCsrfTokenManager

public AbstractCsrfTokenManager()

The constructor.

Method Detail

generateUpdateToken

public CsrfToken generateUpdateToken(CsrfToken currentToken)

This method generates a new CsrfToken or updates an existing one-time CsrfToken.

Specified by:

generateUpdateToken in interface CsrfTokenManager

Parameters:

currentToken - is the current CsrfToken that has previously been generated and may be updated.

Returns:

the currentToken (same instance) to keep the token or a new instance of CsrfToken to replace the current token and expect the next request from the client to provide that new token (e.g. to implement one-time tokens for highest level of protection).

See Also:

CsrfTokenManager.generateInitialToken()

validateToken

public void validateToken(CsrfToken token)
                   throws SecurityException

Specified by:

validateToken in interface CsrfTokenManager

Parameters:

token - is the token to validate.

Throws:

SecurityException - if the token is not valid.

See Also:

CsrfTokenManager.isValidToken(CsrfToken)

isValidToken

public boolean isValidToken(CsrfToken token)

Checks if the given CsrfToken that has been sent from the client is valid. This method has to correspond to CsrfTokenManager.generateInitialToken() and CsrfTokenManager.generateUpdateToken(CsrfToken). In case a remote invocation is invoked that is secured (requires authentication and typically also authorization), the CsrfToken has to be checked. A value of null is never valid and will always fail. Only in case of a secured invocation and the presence of CsrfToken this method is invoked.

Specified by:

isValidToken in interface CsrfTokenManager

Parameters:

token - is the CsrfToken send from the client. Will not be null.

Returns:

true if the given token is valid, false otherwise (in case of an CSRF attack or some technical bug).