Package org.owasp.csrfguard.token.storage.impl

Class InMemoryToken

  • All Implemented Interfaces:
    Token
    public class InMemoryToken
extends Object
implements Token

    • Constructor Detail

      • InMemoryToken

        public InMemoryToken​(String masterToken)

      • InMemoryToken

        public InMemoryToken​(String masterToken,
                     org.apache.commons.lang3.tuple.Pair<String,​String> pageToken)

    • Method Detail

      • getMasterToken

        public String getMasterToken()
        Description copied from interface: Token
        Returns the master token
        Specified by:
        getMasterToken in interface Token
        Returns:
        the current master token

      • setMasterToken

        public void setMasterToken​(String masterToken)
        Description copied from interface: Token
        Sets the new master token
        Specified by:
        setMasterToken in interface Token
        Parameters:
        masterToken - the new master token

      • getPageToken

        public String getPageToken​(String uri)
        Specified by:
        getPageToken in interface Token
        Parameters:
        uri - the URI to which the page token should be returned
        Returns:
        the page token for the requested uri

      • getTimedPageToken

        public PageTokenValue getTimedPageToken​(String uri)
        Specified by:
        getTimedPageToken in interface Token
        Parameters:
        uri - the URI to which the timed page token should be returned
        Returns:
        a timed page token containing a page token and its creation date

      • setPageToken

        public void setPageToken​(String uri,
                         String pageToken)
        Specified by:
        setPageToken in interface Token
        Parameters:
        uri - the URI to which the page token should be associated
        pageToken - the new page token

      • setPageTokenIfAbsent

        public String setPageTokenIfAbsent​(String uri,
                                   Supplier<String> valueSupplier)
        Specified by:
        setPageTokenIfAbsent in interface Token
        Parameters:
        uri - the URI to which the page token should be associated
        valueSupplier - a supplier that generates new, unique tokens at each invocation
        Returns:
        the newly generated token

      • getPageTokens

        public Map<String,​String> getPageTokens()
        Specified by:
        getPageTokens in interface Token
        Returns:
        a map of URIs and their associated page tokens

      • setPageTokens

        public void setPageTokens​(Map<String,​String> pageTokens)
        Description copied from interface: Token
        Initialize or overwrite the entire page-token map
        Specified by:
        setPageTokens in interface Token
        Parameters:
        pageTokens - a map of URIs and their associated page tokens

      • rotateAllPageTokens

        public void rotateAllPageTokens​(Supplier<String> tokenValueSupplier)
        Description copied from interface: Token
        Rotates all the existing page token values
        Specified by:
        rotateAllPageTokens in interface Token
        Parameters:
        tokenValueSupplier - a supplier that generates new, unique tokens at each invocation

      • regenerateUsedPageToken

        public void regenerateUsedPageToken​(String tokenFromRequest,
                                    Supplier<String> tokenValueSupplier)
        Description copied from interface: Token
        TODO is it worth the added performance penalty in case of a large application with a lot of pages? What would be the risk if this would be contextual to the assigned resource? Disposes the current token from all the stored valid page tokens, disregarding to which resource it was assigned and replaces with a newly generated one.
        Specified by:
        regenerateUsedPageToken in interface Token
        Parameters:
        tokenFromRequest - the current token which needs to be rotated
        tokenValueSupplier - a supplier that generates new, unique tokens at each invocation