Package org.owasp.esapi.reference
Class RandomAccessReferenceMap
- java.lang.Object
-
- org.owasp.esapi.reference.AbstractAccessReferenceMap<java.lang.String>
-
- org.owasp.esapi.reference.RandomAccessReferenceMap
-
- All Implemented Interfaces:
java.io.Serializable
,AccessReferenceMap<java.lang.String>
public class RandomAccessReferenceMap extends AbstractAccessReferenceMap<java.lang.String>
Reference implementation of the AccessReferenceMap interface. This implementation generates random 6 character alphanumeric strings for indirect references. It is possible to use simple integers as indirect references, but the random string approach provides a certain level of protection from CSRF attacks, because an attacker would have difficulty guessing the indirect reference.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams@aspectsecurity.com), Chris Schmidt (chrisisbeef@gmail.com)
- See Also:
AccessReferenceMap
, Serialized Form
-
-
Field Summary
-
Fields inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
dtoi, itod
-
-
Constructor Summary
Constructors Constructor Description RandomAccessReferenceMap()
This AccessReferenceMap implementation uses short random strings to create a layer of indirection.RandomAccessReferenceMap(int initialSize)
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)
RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences, int initialSize)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.lang.String
getUniqueReference()
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.-
Methods inherited from class org.owasp.esapi.reference.AbstractAccessReferenceMap
addDirectReference, getDirectReference, getIndirectReference, iterator, removeDirectReference, update
-
-
-
-
Constructor Detail
-
RandomAccessReferenceMap
public RandomAccessReferenceMap(int initialSize)
-
RandomAccessReferenceMap
public RandomAccessReferenceMap()
This AccessReferenceMap implementation uses short random strings to create a layer of indirection. Other possible implementations would use simple integers as indirect references.
-
RandomAccessReferenceMap
public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences)
-
RandomAccessReferenceMap
public RandomAccessReferenceMap(java.util.Set<java.lang.Object> directReferences, int initialSize)
-
-
Method Detail
-
getUniqueReference
protected final java.lang.String getUniqueReference()
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap. Note: this is final as redefinition by subclasses can lead to use before initialization issues asRandomAccessReferenceMap(Set)
andRandomAccessReferenceMap(Set,int)
both call it internally.- Specified by:
getUniqueReference
in classAbstractAccessReferenceMap<java.lang.String>
- Returns:
- Reference Identifier
-
-