Package com.emc.documentum.rest.context.jc

Class CSRFRuntime

java.lang.Object

com.emc.documentum.rest.context.jc.SecurityRuntimeBase

com.emc.documentum.rest.context.jc.CSRFRuntime

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean

@Configuration
@PropertySource("classpath:rest-api-runtime.properties")
public class CSRFRuntime
extends com.emc.documentum.rest.context.jc.SecurityRuntimeBase
implements org.springframework.beans.factory.InitializingBean

Default security runtime properties values. Properties set in 'rest-api-runtime.properties' will override the default. Please refer to 'rest-api-runtime.properties.template' for the detail explanation of runtime properties.

Field Summary

Fields

Modifier and Type	Field	Description
Boolean	enabled	Property value for 'rest.security.csrf.enabled'.
String	headerName	Property value for 'rest.security.csrf.header_name'.
String	httpMethods	Property value for 'rest.security.csrf.http_methods'.
String	method	Property value for 'rest.security.csrf.generation.method'.
static final String	METHOD_CLIENT	Method to generate CSRF token from client side.
static final String	METHOD_SERVER	Method to generate CSRF token from server side.
String	parameterName	Property value for 'rest.security.csrf.parameter_name'.
protected Set<String>	supportedMethods
Integer	tokenLength	Property value for 'rest.security.csrf.token.length'.

Constructor Summary

Constructors

Constructor	Description
CSRFRuntime()

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()
boolean	isClientSideGenerate()
Boolean	isCSRFProtectionEnabled()
boolean	isServerSideGenerate()
boolean	supportMethod(String httpMethod)

Methods inherited from class com.emc.documentum.rest.context.jc.SecurityRuntimeBase

propertyPlaceholderConfigurer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

METHOD_SERVER

public static final String METHOD_SERVER

Method to generate CSRF token from server side.

See Also:

• Constant Field Values

METHOD_CLIENT

public static final String METHOD_CLIENT

Method to generate CSRF token from client side.

See Also:

• Constant Field Values

supportedMethods

protected Set<String> supportedMethods

enabled

@Value("${rest.security.csrf.enabled:true}")
public Boolean enabled

Property value for 'rest.security.csrf.enabled'. Defaults to true.

method

@Value("${rest.security.csrf.generation.method:server}")
public String method

Property value for 'rest.security.csrf.generation.method'. Defaults to 'server'.

httpMethods

@Value("${rest.security.csrf.http_methods:DELETE,POST,PUT}")
public String httpMethods

Property value for 'rest.security.csrf.http_methods'. Defaults to 'DELETE,POST,PUT'.

headerName

@Value("${rest.security.csrf.header_name:DOCUMENTUM-CSRF-TOKEN}")
public String headerName

Property value for 'rest.security.csrf.header_name'. Defaults to "DOCUMENTUM-CSRF-TOKEN".

parameterName

@Value("${rest.security.csrf.parameter_name:csrf-token}")
public String parameterName

Property value for 'rest.security.csrf.parameter_name'. Defaults to 'csrf-token'.

tokenLength

@Value("${rest.security.csrf.token.length:256}")
public Integer tokenLength

Property value for 'rest.security.csrf.token.length'. Defaults to 256.

Constructor Details

CSRFRuntime

public CSRFRuntime()

Method Details

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

isCSRFProtectionEnabled

public Boolean isCSRFProtectionEnabled()

isClientSideGenerate

public boolean isClientSideGenerate()

isServerSideGenerate

public boolean isServerSideGenerate()

supportMethod

public boolean supportMethod(String httpMethod)