Class SimpleCSRFToken

java.lang.Object
net.shibboleth.idp.ui.csrf.impl.SimpleCSRFToken
All Implemented Interfaces:
Serializable, CSRFToken

@Immutable
public class SimpleCSRFToken
extends Object
implements CSRFToken
A default, immutable, implementation of a CSRFToken.
See Also:
Serialized Form
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      Serial UID.
      See Also:
      Constant Field Values
    • token

      @Nonnull @NotEmpty private String token
      The anti-csrf token value.
    • parameterName

      @Nonnull @NotEmpty private String parameterName
      The HTTP parameter that holds the token value.
  • Constructor Details

    • SimpleCSRFToken

      public SimpleCSRFToken​(@Nonnull @NotEmpty String csrfToken, @Nonnull @NotEmpty String paramName)
      Constructor.
      Parameters:
      csrfToken - the anti-csrf token value
      paramName - the HTTP parameter name that holds the anti-csrf token.
  • Method Details

    • getParameterName

      public String getParameterName()
      The name to be used in HTML form input elements to store the CSRF token value. Expected to be present as a parameter in a HTTP request.
      Specified by:
      getParameterName in interface CSRFToken
      Returns:
      the HTTP parameter name that contains the value of the token.
    • getToken

      public String getToken()
      The anti-CSRF token value. The token should be cryptographically strong.
      Specified by:
      getToken in interface CSRFToken
      Returns:
      the anti-CSRF token.