Class CrumbIssuer


public abstract class CrumbIssuer extends Object
Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.

We send this with each JavaScript proxy and verify them when we receive a request.

Kohsuke Kawaguchi
See Also:
  • Field Details


      public static final CrumbIssuer DEFAULT
      Default crumb issuer.
  • Constructor Details

    • CrumbIssuer

      public CrumbIssuer()
  • Method Details

    • issueCrumb

      public abstract String issueCrumb(StaplerRequest request)
      Issues a crumb for the given request.
    • issueCrumb

      public final String issueCrumb()
    • doCrumb

      public HttpResponse doCrumb()
      Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.
    • validateCrumb

      public void validateCrumb(StaplerRequest request, String submittedCrumb)
      Validates a crumb that was submitted along with the request.
      request - The request that submitted the crumb
      submittedCrumb - The submitted crumb value to be validated.
      SecurityException - If the crumb doesn't match and the request processing should abort.