Package org.kohsuke.stapler
Class CrumbIssuer
- java.lang.Object
-
- org.kohsuke.stapler.CrumbIssuer
-
public abstract class CrumbIssuer extends Object
Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.We send this with each JavaScript proxy and verify them when we receive a request.
- Author:
- Kohsuke Kawaguchi
- See Also:
WebApp.getCrumbIssuer(),WebApp.setCrumbIssuer(CrumbIssuer)
-
-
Field Summary
Fields Modifier and Type Field Description static CrumbIssuerDEFAULTDefault crumb issuer.
-
Constructor Summary
Constructors Constructor Description CrumbIssuer()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description HttpResponsedoCrumb()Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.StringissueCrumb()abstract StringissueCrumb(StaplerRequest request)Issues a crumb for the given request.voidvalidateCrumb(StaplerRequest request, String submittedCrumb)Validates a crumb that was submitted along with the request.
-
-
-
Field Detail
-
DEFAULT
public static final CrumbIssuer DEFAULT
Default crumb issuer.
-
-
Method Detail
-
issueCrumb
public abstract String issueCrumb(StaplerRequest request)
Issues a crumb for the given request.
-
issueCrumb
public final String issueCrumb()
-
doCrumb
public HttpResponse doCrumb()
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.
-
validateCrumb
public void validateCrumb(StaplerRequest request, String submittedCrumb)
Validates a crumb that was submitted along with the request.- Parameters:
request- The request that submitted the crumbsubmittedCrumb- The submitted crumb value to be validated.- Throws:
SecurityException- If the crumb doesn't match and the request processing should abort.
-
-