Class InMemoryTokenHolder
- java.lang.Object
-
- org.owasp.csrfguard.token.storage.impl.InMemoryTokenHolder
-
- All Implemented Interfaces:
TokenHolder
public class InMemoryTokenHolder extends Object implements TokenHolder
-
-
Constructor Summary
Constructors Constructor Description InMemoryTokenHolder()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringcreateMasterTokenIfAbsent(String sessionKey, Supplier<String> valueSupplier)Creates and returns a new master token bound to the provided session key if there wasn't any or returns the existing value.StringcreatePageTokenIfAbsent(String sessionKey, String resourceUri, Supplier<String> valueSupplier)Creates and returns a new page token bound to the provided resource URI and mapped to the session key if there wasn't any or returns the existing value.StringgetPageToken(String sessionKey, String resourceUri)Returns the page token based on the desired HTTP resource URI and logical session keyMap<String,String>getPageTokens(String sessionKey)Returns all page tokens associated to the provided logical session keyTokengetToken(String sessionKey)Returns the master and page tokens associated to a logical session keyvoidregenerateUsedPageToken(String sessionKey, String tokenFromRequest, Supplier<String> tokenValueSupplier)Re-generates the value of a used page tokenvoidremove(String sessionKey)Removes all tokens related to a specific logical session keyvoidrotateAllPageTokens(String sessionKey, Supplier<String> tokenValueSupplier)Re-generates all existing tokens associated to the provided logical session keyvoidsetMasterToken(String sessionKey, String value)Sets or overwrites the master token bound to a specific session key.voidsetPageToken(String sessionKey, String resourceUri, String value)Sets the value of a page token based on the desired HTTP resource URI and logical session keyvoidsetPageTokens(String sessionKey, Map<String,String> pageTokens)Sets/overwrites the page tokens with the provided values
-
-
-
Method Detail
-
setMasterToken
public void setMasterToken(String sessionKey, String value)
Description copied from interface:TokenHolderSets or overwrites the master token bound to a specific session key. It does not overwrite the session key associated page tokens.- Specified by:
setMasterTokenin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelyvalue- the value to be used as master token
-
createMasterTokenIfAbsent
public String createMasterTokenIfAbsent(String sessionKey, Supplier<String> valueSupplier)
Description copied from interface:TokenHolderCreates and returns a new master token bound to the provided session key if there wasn't any or returns the existing value.- Specified by:
createMasterTokenIfAbsentin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelyvalueSupplier- produces a new master token value lazily/on demand- Returns:
- the created master token
-
createPageTokenIfAbsent
public String createPageTokenIfAbsent(String sessionKey, String resourceUri, Supplier<String> valueSupplier)
Description copied from interface:TokenHolderCreates and returns a new page token bound to the provided resource URI and mapped to the session key if there wasn't any or returns the existing value. If there are no tokens associated to the session key it also creates a new master token.- Specified by:
createPageTokenIfAbsentin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelyresourceUri- the URI of the desired HTTP resourcevalueSupplier- produces a new page token value lazily/on demand- Returns:
- the existing or newly created page token
-
getToken
public Token getToken(String sessionKey)
Description copied from interface:TokenHolderReturns the master and page tokens associated to a logical session key- Specified by:
getTokenin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquely- Returns:
- a token object containing the master and page tokens
-
getPageToken
public String getPageToken(String sessionKey, String resourceUri)
Description copied from interface:TokenHolderReturns the page token based on the desired HTTP resource URI and logical session key- Specified by:
getPageTokenin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelyresourceUri- the URI of the desired HTTP resource- Returns:
- a page token bound to a resource URI and associated to a logical session key or NULL if there is no token with identified by the session key
-
setPageToken
public void setPageToken(String sessionKey, String resourceUri, String value)
Description copied from interface:TokenHolderSets the value of a page token based on the desired HTTP resource URI and logical session key- Specified by:
setPageTokenin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelyresourceUri- the URI of the desired HTTP resourcevalue- the value to be used as token for the page
-
setPageTokens
public void setPageTokens(String sessionKey, Map<String,String> pageTokens)
Description copied from interface:TokenHolderSets/overwrites the page tokens with the provided values- Specified by:
setPageTokensin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelypageTokens- page tokens mapped to their resource URIs
-
getPageTokens
public Map<String,String> getPageTokens(String sessionKey)
Description copied from interface:TokenHolderReturns all page tokens associated to the provided logical session key- Specified by:
getPageTokensin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquely- Returns:
- page tokens mapped to their resource URIs
-
remove
public void remove(String sessionKey)
Description copied from interface:TokenHolderRemoves all tokens related to a specific logical session key- Specified by:
removein interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquely
-
rotateAllPageTokens
public void rotateAllPageTokens(String sessionKey, Supplier<String> tokenValueSupplier)
Description copied from interface:TokenHolderRe-generates all existing tokens associated to the provided logical session key- Specified by:
rotateAllPageTokensin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelytokenValueSupplier- produces a new page token value lazily/on demand
-
regenerateUsedPageToken
public void regenerateUsedPageToken(String sessionKey, String tokenFromRequest, Supplier<String> tokenValueSupplier)
Description copied from interface:TokenHolderRe-generates the value of a used page token- Specified by:
regenerateUsedPageTokenin interfaceTokenHolder- Parameters:
sessionKey- identifies the current logical session uniquelytokenFromRequest- the token extracted from the requesttokenValueSupplier- produces a new page token value lazily/on demand
-
-