org.kohsuke.stapler
Class CrumbIssuer

java.lang.Object
  extended by org.kohsuke.stapler.CrumbIssuer

public abstract class CrumbIssuer
extends java.lang.Object

Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.

We send this with each JavaScript proxy and verify them when we receive a request.

Author:
Kohsuke Kawaguchi
See Also:
WebApp.getCrumbIssuer(), WebApp.setCrumbIssuer(CrumbIssuer)

Field Summary
static CrumbIssuer DEFAULT
          Default crumb issuer.
 
Constructor Summary
CrumbIssuer()
           
 
Method Summary
 java.lang.String issueCrumb()
           
abstract  java.lang.String issueCrumb(StaplerRequest request)
          Issues a crumb for the given request.
 void validateCrumb(StaplerRequest request, java.lang.String submittedCrumb)
          Validates a crumb that was submitted along with the request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT

public static final CrumbIssuer DEFAULT
Default crumb issuer.

Constructor Detail

CrumbIssuer

public CrumbIssuer()
Method Detail

issueCrumb

public abstract java.lang.String issueCrumb(StaplerRequest request)
Issues a crumb for the given request.


issueCrumb

public final java.lang.String issueCrumb()

validateCrumb

public void validateCrumb(StaplerRequest request,
                          java.lang.String submittedCrumb)
Validates a crumb that was submitted along with the request.

Parameters:
request - The request that submitted the crumb
submittedCrumb - The submitted crumb value to be validated.
Throws:
java.lang.Exception - If the crumb doesn't match and the request processing should abort.


Copyright © 2012. All Rights Reserved.