Class SynchronizerToken
- java.lang.Object
-
- org.silverpeas.core.security.token.synchronizer.SynchronizerToken
-
- All Implemented Interfaces:
Serializable
,Token
@TokenGenerator(SynchronizerTokenGenerator.class) public class SynchronizerToken extends Object implements Token
A synchronizer token is for protecting a user session or a Web resource. The token is used to check the requester is valid (and therefore can be trusted). Such tokens are usually generated from some information about the user or the protected resource so the token validity can also be checked with these data. The aim of the synchronizer token is to be carried within each request emitted by a client in order to be compared with the token that is expected at this point or from this client. If the tokens don't match, then a possible CSRF attack (Cross-Site Request Forgery) is suspected and then the request is rejected and the client isn't more trusted.- Author:
- mmoquillon
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static SynchronizerToken
NoneToken
Represents none token to replace in more typing way the null keyword.
-
Constructor Summary
Constructors Modifier Constructor Description protected
SynchronizerToken(String value)
Constructs a new synchronizer token with the specified value.protected
SynchronizerToken(String value, List<String> parameters)
Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>
getGenerationParameters()
Gets the parameters that were used in the generation of this token.String
getValue()
Gets the String representation of this token.boolean
isDefined()
Is this token defined?protected void
setValue(String newValue)
Sets a new value to this token.
-
-
-
Field Detail
-
NoneToken
public static final SynchronizerToken NoneToken
Represents none token to replace in more typing way the null keyword.
-
-
Constructor Detail
-
SynchronizerToken
protected SynchronizerToken(String value)
Constructs a new synchronizer token with the specified value.- Parameters:
value
- the value of the token.
-
SynchronizerToken
protected SynchronizerToken(String value, List<String> parameters)
Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.- Parameters:
value
- the value of the token.parameters
- the parameters used in its generation.
-
-
Method Detail
-
setValue
protected void setValue(String newValue)
Sets a new value to this token.- Parameters:
newValue
- the new token value.
-
getValue
public String getValue()
Description copied from interface:Token
Gets the String representation of this token.
-
isDefined
public boolean isDefined()
Description copied from interface:Token
Is this token defined? A token is defined if it was generated and represents correctly a well-valued token. If it is empty (a none token), then it is considered as undefined. It is expected a token can be never null and a none-token concept is used instead. This method is to check the token is not a none-token, that is to say it is well initialized.
-
-