org.silverpeas.token.synchronizer
Class SynchronizerToken

java.lang.Object
  extended by org.silverpeas.token.synchronizer.SynchronizerToken
All Implemented Interfaces:
Serializable, Token

@TokenGenerator(value=SynchronizerTokenGenerator.class)
public class SynchronizerToken
extends Object
implements Token

A synchronizer token is for protecting a user session or a Web resource. The token is used to check the requester is valid (and therefore can be trusted). Such tokens are usually generated from some information about the user or the protected resource so the token validity can also be checked with these data. The aim of the synchronizer token is to be carried within each request emitted by a client in order to be compared with the token that is expected at this point or from this client. If the tokens don't match, then a possible CSRF attack (Cross-Site Request Forgery) is suspected and then the request is rejected and the client isn't more trusted.

Author:
mmoquillon
See Also:
Serialized Form

Field Summary
static SynchronizerToken NoneToken
          Represents none token to replace in more typing way the null keyword.
 
Constructor Summary
protected SynchronizerToken(String value)
          Constructs a new synchronizer token with the specified value.
protected SynchronizerToken(String value, List<String> parameters)
          Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.
 
Method Summary
 List<String> getGenerationParameters()
          Gets the parameters that were used in the generation of this token.
 String getValue()
          Gets the String representation of this token.
 boolean isDefined()
          Is this token defined?
protected  void setValue(String newValue)
          Sets a new value to this token.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NoneToken

public static final SynchronizerToken NoneToken
Represents none token to replace in more typing way the null keyword.

Constructor Detail

SynchronizerToken

protected SynchronizerToken(String value)
Constructs a new synchronizer token with the specified value.

Parameters:
value - the value of the token.

SynchronizerToken

protected SynchronizerToken(String value,
                            List<String> parameters)
Constructs a new synchronizer token with the specified value and with the specified parameters used in for its generation.

Parameters:
value - the value of the token.
parameters - the parameters used in its generation.
Method Detail

setValue

protected void setValue(String newValue)
Sets a new value to this token.

Parameters:
newValue - the new token value.

getValue

public String getValue()
Description copied from interface: Token
Gets the String representation of this token.

Specified by:
getValue in interface Token
Returns:
the value of the token (id est its String representation).

isDefined

public boolean isDefined()
Description copied from interface: Token
Is this token defined? A token is defined if it was generated and represents correctly a well-valued token. If it is empty (a none token), then it is considered as undefined. It is expected a token can be never null and a none-token concept is used instead. This method is to check the token is not a none-token, that is to say it is well initialized.

Specified by:
isDefined in interface Token
Returns:
true if this token is well-initialized, false otherwise.

getGenerationParameters

public List<String> getGenerationParameters()
Gets the parameters that were used in the generation of this token.

Returns:
the parameters used in the generation of this token.


Copyright © 2016 Silverpeas. All Rights Reserved.