org.apache.jackrabbit.webdav.util
Class CSRFUtil

java.lang.Object
  extended by org.apache.jackrabbit.webdav.util.CSRFUtil

public class CSRFUtil
extends Object

CSRFUtil...


Field Summary
static String DISABLED
          Constant used to
 
Constructor Summary
CSRFUtil(String config)
          Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows: If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
 
Method Summary
 boolean isValidRequest(HttpServletRequest request)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DISABLED

public static final String DISABLED
Constant used to

See Also:
Constant Field Values
Constructor Detail

CSRFUtil

public CSRFUtil(String config)
Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows:
  1. If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host
  2. A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
  3. The value DISABLED may be used to disable the referrer checking altogether

Parameters:
config - The configuration value which may be any of the following:
  • null or empty string for the default behaviour, which only allows requests with an empty referrer header or a referrer host equal to the server host
  • A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
  • DISABLED in order to disable the referrer checking altogether
Method Detail

isValidRequest

public boolean isValidRequest(HttpServletRequest request)
                       throws MalformedURLException
Throws:
MalformedURLException


Copyright © 2011-2013 Adobe Systems Incorporated. All Rights Reserved.