Class SynchronizerToken

  • All Implemented Interfaces:
    Serializable, Token

    @TokenGenerator(SynchronizerTokenGenerator.class)
    public class SynchronizerToken
    extends Object
    implements Token
    A synchronizer token is for protecting a user session or a Web resource. The token is used to check the requester is valid (and therefore can be trusted). Such tokens are usually generated from some information about the user or the protected resource so the token validity can also be checked with these data. The aim of the synchronizer token is to be carried within each request emitted by a client in order to be compared with the token that is expected at this point or from this client. If the tokens don't match, then a possible CSRF attack (Cross-Site Request Forgery) is suspected and then the request is rejected and the client isn't more trusted.
    Author:
    mmoquillon
    See Also:
    Serialized Form
    • Field Detail

      • NoneToken

        public static final SynchronizerToken NoneToken
        Represents none token to replace in more typing way the null keyword.
    • Constructor Detail

      • SynchronizerToken

        protected SynchronizerToken​(String value)
        Constructs a new synchronizer token with the specified value.
        Parameters:
        value - the value of the token.
      • SynchronizerToken

        protected SynchronizerToken​(String value,
                                    List<String> parameters)
        Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.
        Parameters:
        value - the value of the token.
        parameters - the parameters used in its generation.
    • Method Detail

      • setValue

        protected void setValue​(String newValue)
        Sets a new value to this token.
        Parameters:
        newValue - the new token value.
      • getValue

        public String getValue()
        Description copied from interface: Token
        Gets the String representation of this token.
        Specified by:
        getValue in interface Token
        Returns:
        the value of the token (id est its String representation).
      • isDefined

        public boolean isDefined()
        Description copied from interface: Token
        Is this token defined? A token is defined if it was generated and represents correctly a well-valued token. If it is empty (a none token), then it is considered as undefined. It is expected a token can be never null and a none-token concept is used instead. This method is to check the token is not a none-token, that is to say it is well initialized.
        Specified by:
        isDefined in interface Token
        Returns:
        true if this token is well-initialized, false otherwise.
      • getGenerationParameters

        public List<String> getGenerationParameters()
        Gets the parameters that were used in the generation of this token.
        Returns:
        the parameters used in the generation of this token.