Coverage Report - net.sourceforge.pebble.web.security.SecurityTokenValidator
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityTokenValidator
N/A
N/A
1
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 package net.sourceforge.pebble.web.security;
 33  
 
 34  
 import net.sourceforge.pebble.web.action.Action;
 35  
 
 36  
 import javax.servlet.http.HttpServletRequest;
 37  
 import javax.servlet.http.HttpServletResponse;
 38  
 import java.util.Map;
 39  
 
 40  
 /**
 41  
  * Validator for XSRF security tokens
 42  
  *
 43  
  * @author James Roper
 44  
  */
 45  
 public interface SecurityTokenValidator {
 46  
 
 47  
   /**
 48  
    * Validate the security token for this request, if necessary, setting up the security token cookie if it doesn't
 49  
    * exist
 50  
    *
 51  
    * @param request  The request to validate
 52  
    * @param response The response
 53  
    * @param action   The action to validate
 54  
    * @return true if the request can proceed, false if not
 55  
    */
 56  
   boolean validateSecurityToken(HttpServletRequest request, HttpServletResponse response, Action action);
 57  
 
 58  
   /**
 59  
    * Hashes the given query parameters by sorting the keys alphabetically and then hashing the & separated query String
 60  
    * that would be generated by having the keys in that order, concatinated with the salt
 61  
    *
 62  
    * @param params The parameters in the query String
 63  
    * @param salt   The secret salt
 64  
    * @return The hash in base64
 65  
    */
 66  
   String hashRequest(String servletPath, Map<String, String[]> params, String salt);
 67  
 
 68  
   /**
 69  
    * Generate a signed query string
 70  
    *
 71  
    * @param params The parameters in the query string.  This method assumes the parameters are not URL encoded
 72  
    * @param salt   The salt to sign it with
 73  
    * @return The HTML escaped signed query string
 74  
    */
 75  
   String generateSignedQueryString(String servletPath, Map<String, String[]> params, String salt);
 76  
 }