public class SessionBasedAXSRFTVendingMachine extends BaseAXSRFTVendingMachine
| Modifier and Type | Field and Description |
|---|---|
protected static String |
SESSION_TOKEN |
m_whitelist| Constructor and Description |
|---|
SessionBasedAXSRFTVendingMachine() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
acceptToken(FacesContext context,
String token)
Returns true if the specified anti-cross-site-request-forgery token is valid
for the specified user.
|
boolean |
acceptToken(HttpServletRequest request,
String token)
Returns true if the specified anti-cross-site-request-forgery token is valid
for the specified user.
|
protected boolean |
acceptToken(HttpSession session,
String token)
Returns true if the specified anti-cross-site-request-forgery token is valid
for the specified user.
|
protected String |
generateToken()
Generates a new random token.
|
String |
produceToken(FacesContext context)
Produces an anti-cross-site-request-forgery token for the specified user.
|
String |
produceToken(HttpServletRequest request)
Produces an anti-cross-site-request-forgery token for the specified user.
|
protected String |
produceToken(HttpSession session)
Produces an anti-cross-site-request-forgery token for the specified user.
|
String |
produceToken(String user)
Produces an anti-cross-site-request-forgery token for the specified user.
|
getRequest, getWhitelist, inWhitelist, parseWhitelist, setWhitelistprotected static final String SESSION_TOKEN
public String produceToken(FacesContext context)
public String produceToken(HttpServletRequest request)
public String produceToken(String user)
public boolean acceptToken(FacesContext context, String token)
public boolean acceptToken(HttpServletRequest request, String token)
protected String produceToken(HttpSession session)
protected boolean acceptToken(HttpSession session, String token)
protected String generateToken()