Package org.silverpeas.core.security.token.synchronizer

Class SynchronizerToken

java.lang.Object

org.silverpeas.core.security.token.synchronizer.SynchronizerToken

All Implemented Interfaces:

Serializable, Token

@TokenGenerator(SynchronizerTokenGenerator.class)
public class SynchronizerToken
extends Object
implements Token

A synchronizer token is for protecting a user session or a Web resource. The token is used to check the requester is valid (and therefore can be trusted). Such tokens are usually generated from some information about the user or the protected resource so the token validity can also be checked with these data. The aim of the synchronizer token is to be carried within each request emitted by a client in order to be compared with the token that is expected at this point or from this client. If the tokens don't match, then a possible CSRF attack (Cross-Site Request Forgery) is suspected and then the request is rejected and the client isn't more trusted.

Author:

mmoquillon

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static SynchronizerToken	NoneToken	Represents none token to replace in more typing way the null keyword.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SynchronizerToken(String value)	Constructs a new synchronizer token with the specified value.
protected	SynchronizerToken(String value, List<String> parameters)	Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.

Method Summary

Modifier and Type	Method	Description
List<String>	getGenerationParameters()	Gets the parameters that were used in the generation of this token.
String	getValue()	Gets the String representation of this token.
boolean	isDefined()	Is this token defined?
protected void	setValue(String newValue)	Sets a new value to this token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NoneToken

public static final SynchronizerToken NoneToken

Represents none token to replace in more typing way the null keyword.

Constructor Detail

SynchronizerToken

protected SynchronizerToken(String value)

Constructs a new synchronizer token with the specified value.

Parameters:

value - the value of the token.

SynchronizerToken

protected SynchronizerToken(String value,
                            List<String> parameters)

Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.

Parameters:

value - the value of the token.

parameters - the parameters used in its generation.

Method Detail

setValue

protected void setValue(String newValue)

Sets a new value to this token.

Parameters:

newValue - the new token value.

getValue

public String getValue()

Description copied from interface: Token

Gets the String representation of this token.

Specified by:

getValue in interface Token

Returns:

the value of the token (id est its String representation).

isDefined

public boolean isDefined()

Description copied from interface: Token

Is this token defined? A token is defined if it was generated and represents correctly a well-valued token. If it is empty (a none token), then it is considered as undefined. It is expected a token can be never null and a none-token concept is used instead. This method is to check the token is not a none-token, that is to say it is well initialized.

Specified by:

isDefined in interface Token

Returns:

true if this token is well-initialized, false otherwise.

getGenerationParameters

public List<String> getGenerationParameters()

Gets the parameters that were used in the generation of this token.

Returns:

the parameters used in the generation of this token.