TokenService (OWASP CSRFGuard 4.5.0 API)

java.lang.Object
- org.owasp.csrfguard.token.service.TokenService

public class TokenService
extends Object

Constructor Summary

Constructors
Constructor and Description

TokenService(CsrfGuard csrfGuard)

Constructors
Constructor and Description
`TokenService(CsrfGuard csrfGuard)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`createMasterTokenIfAbsent(String logicalSessionKey)` Creates master token if it does not exist already.
`void`	`generateProtectedPageTokens(String logicalSessionKey)` Generates new random tokens for configured protected pages.
`String`	`generateTokensIfAbsent(String logicalSessionKey, String httpMethod, String requestURI)` Generates master token and page token for the current resource if the token-per-page configuration is enabled
`String`	`getMasterToken(String logicalSessionKey)` Returns the master token assigned to the unique identifier extracted from the current request.
`Map<String,String>`	`getPageTokens(String logicalSessionKey)` Return the page tokens if the functionality is enabled and the client has already accessed a protected resource, or if the token pre-creation is enabled.
`String`	`getTokenValue(String logicalSessionKey, String resourceUri)` Returns the master or the page token for the associated resource depending on whether the token-per-page configuration is enabled or not.
`void`	`invalidate(LogicalSession logicalSession)` Invalidates the logical session and removes all tokens from the storage
`void`	`rotateAllTokens(String logicalSessionKey)` Rotates (re-generates) the master token and all page tokens if the token-per-page functionality is enabled.
`TokenTO`	`rotateUsedToken(String logicalSessionKey, String requestURI, TokenBO usedValidToken)` Rotates the used master or the currently requested page token if the token-per-page functionality is enabled.
`TokenBO`	`verifyToken(javax.servlet.http.HttpServletRequest request, String resourceIdentifier, String logicalSessionKey, String masterToken)` Verifies the validity of the current request.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - TokenService
```
public TokenService(CsrfGuard csrfGuard)
```
- Method Detail
  - invalidate
```
public void invalidate(LogicalSession logicalSession)
```
    Invalidates the logical session and removes all tokens from the storage
    
    Parameters:
    
    logicalSession - a not null logical session implementation
  - getMasterToken
```
public String getMasterToken(String logicalSessionKey)
```
    Returns the master token assigned to the unique identifier extracted from the current request. This identifier could be for example the sessionId of the current user, or the username extracted from a JWT token
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
    
    Returns:
    
    the master token
  - getPageTokens
```
public Map<String,String> getPageTokens(String logicalSessionKey)
```
    Return the page tokens if the functionality is enabled and the client has already accessed a protected resource, or if the token pre-creation is enabled.
    Note: this method returns a copy of the page tokens in order to prevent outside modification.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
    
    Returns:
    
    the page tokens or an empty map
  - generateTokensIfAbsent
```
public String generateTokensIfAbsent(String logicalSessionKey,
                                     String httpMethod,
                                     String requestURI)
```
    Generates master token and page token for the current resource if the token-per-page configuration is enabled
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
    
    httpMethod - the current HTTP method used to request the resource
    
    requestURI - the URI of the desired HTTP resource
    
    Returns:
    
    returns the generated page or master token
  - createMasterTokenIfAbsent
```
public void createMasterTokenIfAbsent(String logicalSessionKey)
```
    Creates master token if it does not exist already.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
  - generateProtectedPageTokens
```
public void generateProtectedPageTokens(String logicalSessionKey)
```
    Generates new random tokens for configured protected pages. This method creates a new master token if it did not exist previously. Existing page tokens with the same session key will be overwritten.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
  - rotateUsedToken
```
public TokenTO rotateUsedToken(String logicalSessionKey,
                               String requestURI,
                               TokenBO usedValidToken)
```
    Rotates the used master or the currently requested page token if the token-per-page functionality is enabled.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
    
    requestURI - the URI of the desired HTTP resource
    
    usedValidToken - a verified token that has validated the current request
    
    Returns:
    
    a TokenTO transfer object containing the updated token values that will be sent back to the client
  - rotateAllTokens
```
public void rotateAllTokens(String logicalSessionKey)
```
    Rotates (re-generates) the master token and all page tokens if the token-per-page functionality is enabled.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
  - getTokenValue
```
public String getTokenValue(String logicalSessionKey,
                            String resourceUri)
```
    Returns the master or the page token for the associated resource depending on whether the token-per-page configuration is enabled or not.
    If the token does not currently exists, it creates a new one.
    
    Parameters:
    
    logicalSessionKey - identifies the current logical session uniquely
    
    resourceUri - the URI of the desired HTTP resource
    
    Returns:
    
    a valid token for the specified resourceUri
  - verifyToken
```
public TokenBO verifyToken(javax.servlet.http.HttpServletRequest request,
                           String resourceIdentifier,
                           String logicalSessionKey,
                           String masterToken)
                    throws CsrfGuardException
```
    Verifies the validity of the current request.
    
    Parameters:
    
    request - current HTTP Servlet Request
    
    resourceIdentifier - the requested resource identifier
    
    logicalSessionKey - identifies the current logical session uniquely
    
    masterToken - the master token
    
    Returns:
    
    The TokenBO business object that contains the updated tokens and the token used to validate the current request
    
    Throws:
    
    CsrfGuardException - if the request does not have a valid token associated

Class TokenService

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

TokenService

Method Detail

invalidate

getMasterToken

getPageTokens

generateTokensIfAbsent

createMasterTokenIfAbsent

generateProtectedPageTokens

rotateUsedToken

rotateAllTokens

getTokenValue

verifyToken