Package sk.iway.iwcm.system.stripes
Class CSRF
java.lang.Object
sk.iway.iwcm.system.stripes.CSRF
CSRF.java - trieda pre zakladnu ochranu pred CSRF utokmi
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic StringgetCsrfToken(javax.servlet.http.HttpSession session, boolean saveToSession) Vrati CSRF token pre vlozenie do formularustatic StringgetCsrfTokenInputFiled(javax.servlet.http.HttpSession session) Vrati CSRF input field ktory sa vlozi do formularustatic StringgetCsrfTokenInputFiled(javax.servlet.http.HttpSession session, boolean saveToSession) Vrati CSRF input field ktory sa vlozi do formularustatic StringgetCSRFTokenQuery(javax.servlet.http.HttpSession session, boolean saveToSession) Vrati meno parametra aj s CSRF tokenom pre vlozenie do url ako parameterstatic StringReturns CSRF token parameter namestatic booleanverifyTokenAjax(javax.servlet.http.HttpServletRequest request) Verifikuje token v session, pouzit "iba" pri Ajax-ovych volaniach, Token sa nemaze po pouziti.static booleanverifyTokenAjax(javax.servlet.http.HttpSession session, String tokenValue) Verifikuje token v session, pouzit "iba" pri Ajax-ovych volaniach, Token sa nemaze po pouziti.static booleanverifyTokenAndDeleteIt(javax.servlet.http.HttpServletRequest request) Verifikuje a nasledne zmaze aby sa znova nedal pouzit token v sessionstatic booleanverifyTokenAndDeleteIt(javax.servlet.http.HttpSession session, String tokenValue) Verifikuje a nasledne zmaze aby sa znova nedal pouzit token v sessionstatic voidwriteCsrfTokenInputFiled(javax.servlet.http.HttpSession session, javax.servlet.jsp.JspWriter out) Zapise input pole do formularu, vola sa priamo vo FormTag
-
Constructor Details
-
CSRF
public CSRF()
-
-
Method Details
-
writeCsrfTokenInputFiled
public static void writeCsrfTokenInputFiled(javax.servlet.http.HttpSession session, javax.servlet.jsp.JspWriter out) Zapise input pole do formularu, vola sa priamo vo FormTag- Parameters:
session-out-
-
getCsrfTokenInputFiled
Vrati CSRF input field ktory sa vlozi do formularu- Parameters:
session-- Returns:
-
getCsrfTokenInputFiled
public static String getCsrfTokenInputFiled(javax.servlet.http.HttpSession session, boolean saveToSession) Vrati CSRF input field ktory sa vlozi do formularu- Parameters:
session-saveToSession- - ak je true, aj sa ulozi na verifikaciu, false sa pouziva pre obfuscovanu verziu pre boty vo WriteTagu- Returns:
-
getCsrfToken
Vrati CSRF token pre vlozenie do formularu- Parameters:
session-saveToSession-- Returns:
-
verifyTokenAndDeleteIt
public static boolean verifyTokenAndDeleteIt(javax.servlet.http.HttpServletRequest request) Verifikuje a nasledne zmaze aby sa znova nedal pouzit token v session- Parameters:
request-- Returns:
-
verifyTokenAndDeleteIt
public static boolean verifyTokenAndDeleteIt(javax.servlet.http.HttpSession session, String tokenValue) Verifikuje a nasledne zmaze aby sa znova nedal pouzit token v session- Parameters:
session-tokenValue- - CSRF token- Returns:
-
verifyTokenAjax
public static boolean verifyTokenAjax(javax.servlet.http.HttpServletRequest request) Verifikuje token v session, pouzit "iba" pri Ajax-ovych volaniach, Token sa nemaze po pouziti.- Parameters:
request-- Returns:
-
verifyTokenAjax
Verifikuje token v session, pouzit "iba" pri Ajax-ovych volaniach, Token sa nemaze po pouziti.- Parameters:
session-tokenValue- - hodnota tokenu- Returns:
-
getCSRFTokenQuery
public static String getCSRFTokenQuery(javax.servlet.http.HttpSession session, boolean saveToSession) Vrati meno parametra aj s CSRF tokenom pre vlozenie do url ako parameter- Parameters:
session-saveToSession-- Returns:
-
getParameterName
Returns CSRF token parameter name- Returns:
-