com.redhat.rhn.common.security

Class CSRFTokenValidator

java.lang.Object

com.redhat.rhn.common.security.CSRFTokenValidator

public final class CSRFTokenValidator
extends java.lang.Object

This is a utility class containing static methods for handling creation and validation of security tokens used for preventing from CSRF attacks.

Method Summary

Modifier and Type	Method and Description
static java.lang.String	getToken(javax.servlet.http.HttpSession session) Return the CSRF token from the given session, create a new token if there is currently none associated with this session.
static void	validate(javax.servlet.http.HttpServletRequest request) Validate a given request within its own session, throws a runtime exception leading to internal server error in case of failure.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getToken

public static java.lang.String getToken(javax.servlet.http.HttpSession session)

Return the CSRF token from the given session, create a new token if there is currently none associated with this session.

Parameters:

session - HttpSession to retrieve the token from

Returns:

token Security token retrieved from the session

validate

public static void validate(javax.servlet.http.HttpServletRequest request)
                     throws CSRFTokenException

Validate a given request within its own session, throws a runtime exception leading to internal server error in case of failure.

Parameters:

request - HTTPServletRequest to validate the token for

Throws:

CSRFTokenException - In case the validation failed