Package org.kohsuke.stapler
Class CrumbIssuer
- java.lang.Object
-
- org.kohsuke.stapler.CrumbIssuer
-
public abstract class CrumbIssuer extends Object
Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.We send this with each JavaScript proxy and verify them when we receive a request.
- Author:
- Kohsuke Kawaguchi
- See Also:
WebApp.getCrumbIssuer()
,WebApp.setCrumbIssuer(CrumbIssuer)
-
-
Field Summary
Fields Modifier and Type Field Description static CrumbIssuer
DEFAULT
Default crumb issuer.
-
Constructor Summary
Constructors Constructor Description CrumbIssuer()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description HttpResponse
doCrumb()
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.String
issueCrumb()
abstract String
issueCrumb(StaplerRequest request)
Issues a crumb for the given request.void
validateCrumb(StaplerRequest request, String submittedCrumb)
Validates a crumb that was submitted along with the request.
-
-
-
Field Detail
-
DEFAULT
public static final CrumbIssuer DEFAULT
Default crumb issuer.
-
-
Method Detail
-
issueCrumb
public abstract String issueCrumb(StaplerRequest request)
Issues a crumb for the given request.
-
issueCrumb
public final String issueCrumb()
-
doCrumb
public HttpResponse doCrumb()
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.
-
validateCrumb
public void validateCrumb(StaplerRequest request, String submittedCrumb)
Validates a crumb that was submitted along with the request.- Parameters:
request
- The request that submitted the crumbsubmittedCrumb
- The submitted crumb value to be validated.- Throws:
SecurityException
- If the crumb doesn't match and the request processing should abort.
-
-