Package google.registry.security

Class XsrfTokenManager

java.lang.Object

google.registry.security.XsrfTokenManager

public final class XsrfTokenManager
extends Object

Helper class for generating and validate XSRF tokens.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	P_CSRF_TOKEN	POST parameter used for transmitting XSRF tokens.
static final String	X_CSRF_TOKEN	HTTP header or cookie name used for transmitting XSRF tokens.

Constructor Summary

Constructors

Constructor	Description
XsrfTokenManager(Clock clock, com.google.appengine.api.users.UserService userService)

Method Summary

Modifier and Type	Method	Description
String	generateToken(String email)	Generates an XSRF token for a given user based on email address.
boolean	validateToken(String token)	Validates an XSRF token against the current logged-in user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

X_CSRF_TOKEN

public static final String X_CSRF_TOKEN

HTTP header or cookie name used for transmitting XSRF tokens.

See Also:

• Constant Field Values

P_CSRF_TOKEN

public static final String P_CSRF_TOKEN

POST parameter used for transmitting XSRF tokens.

See Also:

• Constant Field Values

Constructor Details

XsrfTokenManager

@Inject
public XsrfTokenManager(Clock clock,
 com.google.appengine.api.users.UserService userService)

Method Details

generateToken

public String generateToken(String email)

Generates an XSRF token for a given user based on email address.

validateToken

public boolean validateToken(String token)

Validates an XSRF token against the current logged-in user.