hudson.security.csrf
Class CrumbIssuer

java.lang.Object
  extended by hudson.security.csrf.CrumbIssuer
All Implemented Interfaces:
ExtensionPoint, Describable<CrumbIssuer>
Direct Known Subclasses:
DefaultCrumbIssuer

@ExportedBean
public abstract class CrumbIssuer
extends Object
implements Describable<CrumbIssuer>, ExtensionPoint

A CrumbIssuer represents an algorithm to generate a nonce value, known as a crumb, to counter cross site request forgery exploits. Crumbs are typically hashes incorporating information that uniquely identifies an agent that sends a request, along with a guarded secret so that the crumb value cannot be forged by a third party.

Author:
dty
See Also:
http://en.wikipedia.org/wiki/XSRF

Nested Class Summary
 
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
 
Constructor Summary
CrumbIssuer()
           
 
Method Summary
static DescriptorExtensionList<CrumbIssuer,Descriptor<CrumbIssuer>> all()
          Returns all the registered CrumbIssuer descriptors.
 Api getApi()
           
 String getCrumb()
          Get a crumb value based on user specific information in the current request.
 String getCrumb(javax.servlet.ServletRequest request)
          Get a crumb value based on user specific information in the request.
 String getCrumbRequestField()
          Get the name of the request parameter the crumb will be stored in.
 CrumbIssuerDescriptor<CrumbIssuer> getDescriptor()
          Access global configuration for the crumb issuer.
 boolean validateCrumb(javax.servlet.ServletRequest request)
          Get a crumb from a request parameter and validate it against other data in the current request.
 boolean validateCrumb(javax.servlet.ServletRequest request, MultipartFormDataParser parser)
          Get a crumb from multipart form data and validate it against other data in the current request.
abstract  boolean validateCrumb(javax.servlet.ServletRequest request, String salt, String crumb)
          Validate a previously created crumb against information in the current request.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CrumbIssuer

public CrumbIssuer()
Method Detail

getCrumbRequestField

@Exported
public String getCrumbRequestField()
Get the name of the request parameter the crumb will be stored in. Exposed here for the remote API.


getCrumb

@Exported
public String getCrumb()
Get a crumb value based on user specific information in the current request. Intended for use only by the remote API.

Returns:

getCrumb

public String getCrumb(javax.servlet.ServletRequest request)
Get a crumb value based on user specific information in the request.

Parameters:
request -
Returns:

validateCrumb

public boolean validateCrumb(javax.servlet.ServletRequest request)
Get a crumb from a request parameter and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.

Parameters:
request -
Returns:

validateCrumb

public boolean validateCrumb(javax.servlet.ServletRequest request,
                             MultipartFormDataParser parser)
Get a crumb from multipart form data and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.

Parameters:
request -
parser -
Returns:

validateCrumb

public abstract boolean validateCrumb(javax.servlet.ServletRequest request,
                                      String salt,
                                      String crumb)
Validate a previously created crumb against information in the current request.

Parameters:
request -
salt -
crumb - The previously generated crumb to validate against information in the current request
Returns:

getDescriptor

public CrumbIssuerDescriptor<CrumbIssuer> getDescriptor()
Access global configuration for the crumb issuer.

Specified by:
getDescriptor in interface Describable<CrumbIssuer>

all

public static DescriptorExtensionList<CrumbIssuer,Descriptor<CrumbIssuer>> all()
Returns all the registered CrumbIssuer descriptors.


getApi

public Api getApi()


Copyright © 2004-2013 Hudson. All Rights Reserved.