Class CrumbIssuer

java.lang.Object
hudson.security.csrf.CrumbIssuer
All Implemented Interfaces:
ExtensionPoint, Describable<CrumbIssuer>
Direct Known Subclasses:
DefaultCrumbIssuer

@ExportedBean @StaplerAccessibleType public abstract class CrumbIssuer extends Object implements Describable<CrumbIssuer>, ExtensionPoint
A CrumbIssuer represents an algorithm to generate a nonce value, known as a crumb, to counter cross site request forgery exploits. Crumbs are typically hashes incorporating information that uniquely identifies an agent that sends a request, along with a guarded secret so that the crumb value cannot be forged by a third party.
Author:
dty
See Also:
  • Field Details

    • DEFAULT_CRUMB_NAME

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String DEFAULT_CRUMB_NAME
      See Also:
  • Constructor Details

    • CrumbIssuer

      public CrumbIssuer()
  • Method Details

    • getCrumbRequestField

      @Exported public String getCrumbRequestField()
      Get the name of the request parameter the crumb will be stored in. Exposed here for the remote API.
    • getCrumb

      @Exported public String getCrumb()
      Get a crumb value based on user specific information in the current request. Intended for use only by the remote API.
    • getCrumb

      public String getCrumb(jakarta.servlet.ServletRequest request)
      Get a crumb value based on user specific information in the request.
    • getCrumb

      @Deprecated public String getCrumb(javax.servlet.ServletRequest request)
      Deprecated.
    • issueCrumb

      protected String issueCrumb(jakarta.servlet.ServletRequest request, String salt)
      Create a crumb value based on user specific information in the request. The crumb should be generated by building a cryptographic hash of:
      • relevant information in the request that can uniquely identify the client
      • the salt value
      • an implementation specific guarded secret.
    • issueCrumb

      @Deprecated protected String issueCrumb(javax.servlet.ServletRequest request, String salt)
    • validateCrumb

      public boolean validateCrumb(jakarta.servlet.ServletRequest request)
      Get a crumb from a request parameter and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.
    • validateCrumb

      public boolean validateCrumb(jakarta.servlet.ServletRequest request, MultipartFormDataParser parser)
      Get a crumb from multipart form data and validate it against other data in the current request. The salt and request parameter that is used is defined by the current configuration.
    • validateCrumb

      @Deprecated public boolean validateCrumb(javax.servlet.ServletRequest request, MultipartFormDataParser parser)
    • validateCrumb

      public boolean validateCrumb(jakarta.servlet.ServletRequest request, String salt, String crumb)
      Validate a previously created crumb against information in the current request.
      Parameters:
      crumb - The previously generated crumb to validate against information in the current request
    • validateCrumb

      @Deprecated public boolean validateCrumb(javax.servlet.ServletRequest request, String salt, String crumb)
    • getDescriptor

      public CrumbIssuerDescriptor<CrumbIssuer> getDescriptor()
      Access global configuration for the crumb issuer.
      Specified by:
      getDescriptor in interface Describable<CrumbIssuer>
    • all

      Returns all the registered CrumbIssuer descriptors.
    • getApi

      public Api getApi()
    • initStaplerCrumbIssuer

      @Initializer public static void initStaplerCrumbIssuer()
      Sets up Stapler to use our crumb issuer.