Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.reference
Class RandomAccessReferenceMap

java.lang.Object
  extended by org.owasp.esapi.reference.AbstractAccessReferenceMap<java.lang.String>
      extended by org.owasp.esapi.reference.RandomAccessReferenceMap
All Implemented Interfaces:
java.io.Serializable, AccessReferenceMap<java.lang.String>
public class RandomAccessReferenceMap
extends AbstractAccessReferenceMap<java.lang.String>

Reference implementation of the AccessReferenceMap interface. This implementation generates random 6 character alphanumeric strings for indirect references. It is possible to use simple integers as indirect references, but the random string approach provides a certain level of protection from CSRF attacks, because an attacker would have difficulty guessing the indirect reference.

Since:
June 1, 2007
Author:
Jeff Williams ([email protected]), Chris Schmidt ([email protected])
See Also:
AccessReferenceMap, Serialized Form

Field Summary
 
Fields inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
dtoi, itod
 
Constructor Summary
RandomAccessReferenceMap()
          This AccessReferenceMap implementation uses short random strings to create a layer of indirection.
RandomAccessReferenceMap(int initialSize)
           
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)
           
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences, int initialSize)
           
 
Method Summary
protected  java.lang.String getUniqueReference()
          Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
 
Methods inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
addDirectReference, getDirectReference, getIndirectReference, iterator, removeDirectReference, update
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RandomAccessReferenceMap

public RandomAccessReferenceMap(int initialSize)

RandomAccessReferenceMap

public RandomAccessReferenceMap()
This AccessReferenceMap implementation uses short random strings to create a layer of indirection. Other possible implementations would use simple integers as indirect references.

RandomAccessReferenceMap

public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)

RandomAccessReferenceMap

public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences,
                                int initialSize)
Method Detail

getUniqueReference

protected final java.lang.String getUniqueReference()
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap. Note: this is final as redefinition by subclasses can lead to use before initialization issues as RandomAccessReferenceMap(Set) and RandomAccessReferenceMap(Set,int) both call it internally.

Specified by:
getUniqueReference in class AbstractAccessReferenceMap<java.lang.String>
Returns:
Reference Identifier
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.