Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

hudson.security.csrf
Class CrumbIssuer

java.lang.Object
  extended by hudson.security.csrf.CrumbIssuer
All Implemented Interfaces:
ExtensionPoint, Describable<CrumbIssuer>
Direct Known Subclasses:
DefaultCrumbIssuer, TestCrumbIssuer
@ExportedBean
public abstract class CrumbIssuer
extends Object
implements Describable<CrumbIssuer>, ExtensionPoint

A CrumbIssuer represents an algorithm to generate a nonce value, known as a crumb, to counter cross site request forgery exploits. Crumbs are typically hashes incorporating information that uniquely identifies an agent that sends a request, along with a guarded secret so that the crumb value cannot be forged by a third party.

Author:
dty
See Also:
http://en.wikipedia.org/wiki/XSRF

Nested Class Summary
static class CrumbIssuer.RestrictedApi
           
 
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
 
Constructor Summary
CrumbIssuer()
           
 
Method Summary
static DescriptorExtensionList<CrumbIssuer,Descriptor<CrumbIssuer>> all()
          Returns all the registered CrumbIssuer descriptors.
 Api getApi()
           
 String getCrumb()
          Get a crumb value based on user specific information in the current request.
 String getCrumb(javax.servlet.ServletRequest request)
          Get a crumb value based on user specific information in the request.
 String getCrumbRequestField()
          Get the name of the request parameter the crumb will be stored in.
 CrumbIssuerDescriptor<CrumbIssuer> getDescriptor()
          Access global configuration for the crumb issuer.
static void initStaplerCrumbIssuer()
          Sets up Stapler to use our crumb issuer.
protected abstract  String issueCrumb(javax.servlet.ServletRequest request, String salt)
          Create a crumb value based on user specific information in the request.
 boolean validateCrumb(javax.servlet.ServletRequest request)
          Get a crumb from a request parameter and validate it against other data in the current request.
 boolean validateCrumb(javax.servlet.ServletRequest request, MultipartFormDataParser parser)
          Get a crumb from multipart form data and validate it against other data in the current request.
abstract  boolean validateCrumb(javax.servlet.ServletRequest request, String salt, String crumb)
          Validate a previously created crumb against information in the current request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CrumbIssuer

public CrumbIssuer()
Method Detail

getCrumbRequestField

@Exported
public String getCrumbRequestField()
Get the name of the request parameter the crumb will be stored in. Exposed here for the remote API.

getCrumb

@Exported
public String getCrumb()
Get a crumb value based on user specific information in the current request. Intended for use only by the remote API.

Returns:

getCrumb

public String getCrumb(javax.servlet.ServletRequest request)
Get a crumb value based on user specific information in the request.

Parameters:
request -
Returns:

issueCrumb

protected abstract String issueCrumb(javax.servlet.ServletRequest request,
                                     String salt)
Create a crumb value based on user specific information in the request. The crumb should be generated by building a cryptographic hash of:

Parameters:
request -
salt -
Returns:

validateCrumb

public boolean validateCrumb(javax.servlet.ServletRequest request)
Get a crumb from a request parameter and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.

Parameters:
request -
Returns:

validateCrumb

public boolean validateCrumb(javax.servlet.ServletRequest request,
                             MultipartFormDataParser parser)
Get a crumb from multipart form data and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.

Parameters:
request -
parser -
Returns:

validateCrumb

public abstract boolean validateCrumb(javax.servlet.ServletRequest request,
                                      String salt,
                                      String crumb)
Validate a previously created crumb against information in the current request.

Parameters:
request -
salt -
crumb - The previously generated crumb to validate against information in the current request
Returns:

getDescriptor

public CrumbIssuerDescriptor<CrumbIssuer> getDescriptor()
Access global configuration for the crumb issuer.

Specified by:
getDescriptor in interface Describable<CrumbIssuer>

all

public static DescriptorExtensionList<CrumbIssuer,Descriptor<CrumbIssuer>> all()
Returns all the registered CrumbIssuer descriptors.

getApi

public Api getApi()

initStaplerCrumbIssuer

@Initializer
public static void initStaplerCrumbIssuer()
Sets up Stapler to use our crumb issuer.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2013. All Rights Reserved.