Class CrumbIssuer

  • public abstract class CrumbIssuer
    extends Object
    Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.

    We send this with each JavaScript proxy and verify them when we receive a request.

    Kohsuke Kawaguchi
    See Also:
    WebApp.getCrumbIssuer(), WebApp.setCrumbIssuer(CrumbIssuer)
    • Field Detail

      • DEFAULT

        public static final CrumbIssuer DEFAULT
        Default crumb issuer.
    • Constructor Detail

      • CrumbIssuer

        public CrumbIssuer()
    • Method Detail

      • issueCrumb

        public abstract String issueCrumb​(StaplerRequest request)
        Issues a crumb for the given request.
      • issueCrumb

        public final String issueCrumb()
      • doCrumb

        public HttpResponse doCrumb()
        Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.
      • validateCrumb

        public void validateCrumb​(StaplerRequest request,
                                  String submittedCrumb)
        Validates a crumb that was submitted along with the request.
        request - The request that submitted the crumb
        submittedCrumb - The submitted crumb value to be validated.
        SecurityException - If the crumb doesn't match and the request processing should abort.