Package org.kohsuke.stapler
Class CrumbIssuer
java.lang.Object
org.kohsuke.stapler.CrumbIssuer
Generates a nonce value that allows us to protect against cross-site request forgery (CSRF) attacks.
We send this with each JavaScript proxy and verify them when we receive a request.
- Author:
- Kohsuke Kawaguchi
- See Also:
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiondoCrumb()Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest.final Stringabstract StringissueCrumb(StaplerRequest request) Issues a crumb for the given request.voidvalidateCrumb(StaplerRequest request, String submittedCrumb) Validates a crumb that was submitted along with the request.
-
Field Details
-
DEFAULT
Default crumb issuer.
-
-
Constructor Details
-
CrumbIssuer
public CrumbIssuer()
-
-
Method Details
-
issueCrumb
Issues a crumb for the given request. -
issueCrumb
-
doCrumb
Sends the crumb value in plain text, enabling retrieval through XmlHttpRequest. -
validateCrumb
Validates a crumb that was submitted along with the request.- Parameters:
request- The request that submitted the crumbsubmittedCrumb- The submitted crumb value to be validated.- Throws:
SecurityException- If the crumb doesn't match and the request processing should abort.
-