Package net.shibboleth.idp.ui.csrf.impl

Class SimpleCSRFToken

java.lang.Object
net.shibboleth.idp.ui.csrf.impl.SimpleCSRFToken
All Implemented Interfaces:
Serializable, CSRFToken
@Immutable public class SimpleCSRFToken extends Object implements CSRFToken
A default, immutable, implementation of a CSRFToken.
See Also:

  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      Serial UID.
      See Also:

    • token

      @Nonnull @NotEmpty private String token
      The anti-csrf token value.

    • parameterName

      @Nonnull @NotEmpty private String parameterName
      The HTTP parameter that holds the token value.

  • Constructor Details

    • SimpleCSRFToken

      public SimpleCSRFToken(@Nonnull @NotEmpty String csrfToken, @Nonnull @NotEmpty String paramName)
      Constructor.
      Parameters:
      csrfToken - the anti-csrf token value
      paramName - the HTTP parameter name that holds the anti-csrf token.

  • Method Details

    • getParameterName

      public String getParameterName()
      The name to be used in HTML form input elements to store the CSRF token value. Expected to be present as a parameter in a HTTP request.
      Specified by:
      getParameterName in interface CSRFToken
      Returns:
      the HTTP parameter name that contains the value of the token.

    • getToken

      public String getToken()
      The anti-CSRF token value. The token should be cryptographically strong.
      Specified by:
      getToken in interface CSRFToken
      Returns:
      the anti-CSRF token.