Package org.kohsuke.stapler
Class CrumbIssuer
java.lang.Object
org.kohsuke.stapler.CrumbIssuer
Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.
We send this with each JavaScript proxy and verify them when we receive a request.
- Author:
- Kohsuke Kawaguchi
- See Also:
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptiondoCrumb()
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.final String
issueCrumb
(StaplerRequest request) Deprecated.issueCrumb
(StaplerRequest2 request) Issues a crumb for the given request.void
validateCrumb
(StaplerRequest2 request, String submittedCrumb) Validates a crumb that was submitted along with the request.void
validateCrumb
(StaplerRequest request, String submittedCrumb) Deprecated.
-
Field Details
-
DEFAULT
Default crumb issuer.
-
-
Constructor Details
-
CrumbIssuer
public CrumbIssuer()
-
-
Method Details
-
issueCrumb
Issues a crumb for the given request. -
issueCrumb
Deprecated. -
issueCrumb
-
doCrumb
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest. -
validateCrumb
Validates a crumb that was submitted along with the request.- Parameters:
request
- The request that submitted the crumbsubmittedCrumb
- The submitted crumb value to be validated.- Throws:
SecurityException
- If the crumb doesn't match and the request processing should abort.
-
validateCrumb
Deprecated.
-
issueCrumb(StaplerRequest2)