Class DefaultCrumbIssuer

All Implemented Interfaces:
ExtensionPoint, Describable<CrumbIssuer>

public class DefaultCrumbIssuer extends CrumbIssuer
A crumb issuing algorithm based on the request principal and the remote address.
  • Field Details


      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean EXCLUDE_SESSION_ID
  • Constructor Details

    • DefaultCrumbIssuer

      @DataBoundConstructor public DefaultCrumbIssuer(boolean excludeClientIPFromCrumb)
  • Method Details

    • isExcludeClientIPFromCrumb

      public boolean isExcludeClientIPFromCrumb()
    • issueCrumb

      protected String issueCrumb(javax.servlet.ServletRequest request, String salt)
      Description copied from class: CrumbIssuer
      Create a crumb value based on user specific information in the request. The crumb should be generated by building a cryptographic hash of:
      • relevant information in the request that can uniquely identify the client
      • the salt value
      • an implementation specific guarded secret.
      Specified by:
      issueCrumb in class CrumbIssuer
    • validateCrumb

      public boolean validateCrumb(javax.servlet.ServletRequest request, String salt, String crumb)
      Description copied from class: CrumbIssuer
      Validate a previously created crumb against information in the current request.
      Specified by:
      validateCrumb in class CrumbIssuer
      crumb - The previously generated crumb to validate against information in the current request