public class SecretBasedAXSRFTVendingMachine extends BaseAXSRFTVendingMachine
removeOldSecrets(long)
and then addNewSecret()
on a timed schedule (which will update the secrets list).Modifier and Type | Class and Description |
---|---|
static class |
SecretBasedAXSRFTVendingMachine.Secret |
Modifier and Type | Field and Description |
---|---|
protected static String |
CURRENT_TOKEN |
protected List<SecretBasedAXSRFTVendingMachine.Secret> |
m_secrets |
m_whitelist
Constructor and Description |
---|
SecretBasedAXSRFTVendingMachine() |
Modifier and Type | Method and Description |
---|---|
boolean |
acceptToken(FacesContext context,
String token)
Returns true if the specified anti-cross-site-request-forgery token is valid
for the specified user.
|
boolean |
acceptToken(HttpServletRequest request,
String token)
Returns true if the specified anti-cross-site-request-forgery token is valid
for the specified user.
|
void |
addNewSecret()
Generates a new random secret, and adds it to the list of secrets.
|
protected String |
digest(SecretBasedAXSRFTVendingMachine.Secret secret,
String user)
Digests user + secret.
|
protected SecretBasedAXSRFTVendingMachine.Secret |
generateNewSecret()
Generates a new random secret.
|
protected String |
generateToken(String user)
Generates a token for this user.
|
List<SecretBasedAXSRFTVendingMachine.Secret> |
getSecrets() |
protected String |
getUser(FacesContext context) |
protected String |
getUser(HttpServletRequest request) |
String |
produceToken(FacesContext context)
Produces an anti-cross-site-request-forgery token for the specified user.
|
String |
produceToken(HttpServletRequest request)
Produces an anti-cross-site-request-forgery token for the specified user.
|
String |
produceToken(String user)
Produces an anti-cross-site-request-forgery token for the specified user.
|
void |
removeOldSecrets(long oldestAllowed) |
void |
setSecrets(List<SecretBasedAXSRFTVendingMachine.Secret> secrets) |
protected boolean |
validateToken(String user,
String token)
Validates the token for this user.
|
getRequest, getWhitelist, inWhitelist, parseWhitelist, setWhitelist
protected static final String CURRENT_TOKEN
protected List<SecretBasedAXSRFTVendingMachine.Secret> m_secrets
public String produceToken(FacesContext context)
public String produceToken(HttpServletRequest request)
public String produceToken(String user)
public boolean acceptToken(FacesContext context, String token)
public boolean acceptToken(HttpServletRequest request, String token)
public void addNewSecret()
public void removeOldSecrets(long oldestAllowed)
protected SecretBasedAXSRFTVendingMachine.Secret generateNewSecret()
protected boolean validateToken(String user, String token)
protected String digest(SecretBasedAXSRFTVendingMachine.Secret secret, String user)
protected String getUser(FacesContext context)
protected String getUser(HttpServletRequest request)
public List<SecretBasedAXSRFTVendingMachine.Secret> getSecrets()
public void setSecrets(List<SecretBasedAXSRFTVendingMachine.Secret> secrets)