org.owasp.esapi.reference
Class RandomAccessReferenceMap
java.lang.Object
org.owasp.esapi.reference.AbstractAccessReferenceMap<String>
org.owasp.esapi.reference.RandomAccessReferenceMap
- All Implemented Interfaces:
- Serializable, AccessReferenceMap<String>
public class RandomAccessReferenceMap
- extends AbstractAccessReferenceMap<String>
Reference implementation of the AccessReferenceMap interface. This
implementation generates random 6 character alphanumeric strings for indirect
references. It is possible to use simple integers as indirect references, but
the random string approach provides a certain level of protection from CSRF
attacks, because an attacker would have difficulty guessing the indirect
reference.
- Since:
- June 1, 2007
- Author:
- Jeff Williams ([email protected]), Chris Schmidt ([email protected])
- See Also:
AccessReferenceMap
,
Serialized Form
Method Summary |
protected String |
getUniqueReference()
Returns a Unique Reference Key to be associated with a new directReference being
inserted into the AccessReferenceMap. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RandomAccessReferenceMap
public RandomAccessReferenceMap(int initialSize)
RandomAccessReferenceMap
public RandomAccessReferenceMap()
- This AccessReferenceMap implementation uses short random strings to
create a layer of indirection. Other possible implementations would use
simple integers as indirect references.
RandomAccessReferenceMap
public RandomAccessReferenceMap(Set<Object> directReferences)
RandomAccessReferenceMap
public RandomAccessReferenceMap(Set<Object> directReferences,
int initialSize)
getUniqueReference
protected final String getUniqueReference()
- Returns a Unique Reference Key to be associated with a new directReference being
inserted into the AccessReferenceMap.
Note: this is final as redefinition by subclasses can lead to use
before initialization issues as
RandomAccessReferenceMap(Set)
and
RandomAccessReferenceMap(Set,int)
both call it internally.
- Specified by:
getUniqueReference
in class AbstractAccessReferenceMap<String>
- Returns:
- Reference Identifier
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.