Class RandomAccessReferenceMap

  extended by org.owasp.esapi.reference.AbstractAccessReferenceMap<java.lang.String>
      extended by org.owasp.esapi.reference.RandomAccessReferenceMap
All Implemented Interfaces:, AccessReferenceMap<java.lang.String>

public class RandomAccessReferenceMap
extends AbstractAccessReferenceMap<java.lang.String>

Reference implementation of the AccessReferenceMap interface. This implementation generates random 6 character alphanumeric strings for indirect references. It is possible to use simple integers as indirect references, but the random string approach provides a certain level of protection from CSRF attacks, because an attacker would have difficulty guessing the indirect reference.

June 1, 2007
Jeff Williams ([email protected]), Chris Schmidt ([email protected])
See Also:
AccessReferenceMap, Serialized Form

Field Summary
Fields inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
dtoi, itod
Constructor Summary
          This AccessReferenceMap implementation uses short random strings to create a layer of indirection.
RandomAccessReferenceMap(int initialSize)
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences, int initialSize)
Method Summary
protected  java.lang.String getUniqueReference()
          Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap. Note: this is final as redefinition by subclasses can lead to use before initialization issues as RandomAccessReferenceMap(Set) and RandomAccessReferenceMap(Set,int) both call it internally.
Methods inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
addDirectReference, getDirectReference, getIndirectReference, iterator, removeDirectReference, update
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public RandomAccessReferenceMap(int initialSize)


public RandomAccessReferenceMap()
This AccessReferenceMap implementation uses short random strings to create a layer of indirection. Other possible implementations would use simple integers as indirect references.


public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)


public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences,
                                int initialSize)
Method Detail


protected final java.lang.String getUniqueReference()
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap. Note: this is final as redefinition by subclasses can lead to use before initialization issues as RandomAccessReferenceMap(Set) and RandomAccessReferenceMap(Set,int) both call it internally.

Specified by:
getUniqueReference in class AbstractAccessReferenceMap<java.lang.String>
Reference Identifier

Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.