|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.silverpeas.web.token.SynchronizerTokenService
public class SynchronizerTokenService
A service to manage the synchronizer tokens used in Silverpeas to protect the user sessions or the web resources published by Silverpeas. Each resource in Silverpeas and accessible through the Web can be protected by one or more security tokens. These tokens are named synchronizer token as they are transmitted within each request and must match the ones expected by Silverpeas to access the asked resource. This service provides the functions to generate, to validate and to set such tokens for the Web resource in Silverpeas to protect (not all resources require to be protected in Silverpeas).
Field Summary | |
---|---|
static String |
NAVIGATION_TOKEN_KEY
|
static String |
SESSION_TOKEN_KEY
|
Constructor Summary | |
---|---|
protected |
SynchronizerTokenService()
|
Method Summary | |
---|---|
Token |
getNavigationToken(javax.servlet.http.HttpServletRequest request)
Gets the current one-time synchronizer token used to protect the web navigation within which the specified request is sent. |
Token |
getSessionToken(javax.servlet.http.HttpServletRequest request)
Gets the synchronizer token used to protect the session of the user behind the specified request. |
Token |
getSessionToken(SessionInfo session)
Gets the synchronizer token used to protect the specified user session. |
protected boolean |
isAProtectedResource(javax.servlet.http.HttpServletRequest request)
Is the resource targeted by the specified request must be protected by a synchronizer token? |
void |
setUpNavigationTokens(javax.servlet.http.HttpServletRequest request)
Sets up a navigation token for the user behind the specified request. |
void |
setUpSessionTokens(SessionInfo session)
Sets up a session token for the specified Silverpeas session. |
void |
validate(javax.servlet.http.HttpServletRequest request)
Validates the request to a Silverpeas web resource can be trusted. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String SESSION_TOKEN_KEY
public static final String NAVIGATION_TOKEN_KEY
Constructor Detail |
---|
protected SynchronizerTokenService()
Method Detail |
---|
public void setUpSessionTokens(SessionInfo session)
session
- the user session to protect with a synchronizer token.public void setUpNavigationTokens(javax.servlet.http.HttpServletRequest request)
request
- an HTTP request from which the navigation to protect is identified.public void validate(javax.servlet.http.HttpServletRequest request) throws TokenValidationException
request
- the HTTP request to check.
TokenValidationException
- if the specified request cannot be trusted.protected boolean isAProtectedResource(javax.servlet.http.HttpServletRequest request)
request
- the request to a possibly protected resource.
public Token getSessionToken(javax.servlet.http.HttpServletRequest request)
request
- an HTTP request.
public Token getSessionToken(SessionInfo session)
session
- an opened session of a user in Silverpeas
public Token getNavigationToken(javax.servlet.http.HttpServletRequest request)
request
- an HTTP request.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |