package jp.sourceforge.rabbitBTS.interceptors;
-import java.util.List;
import java.util.Date;
import java.util.LinkedList;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
}
}
- class CsrfChecker{
- private HttpServletRequest req;
+ class CsrfChecker {
+ private final HttpServletRequest req;
private List<Object> tokenList;
- public CsrfChecker(HttpServletRequest request){
+
+ public CsrfChecker(HttpServletRequest request) {
this.req = request;
- this.tokenList = (List)request.getSession().getAttribute("tokenList");
- if(this.tokenList == null){
+ this.tokenList = (List) request.getSession().getAttribute(
+ "tokenList");
+ if (this.tokenList == null) {
this.tokenList = new LinkedList<Object>();
request.getSession().setAttribute("tokenList", this.tokenList);
}
/**
* トークンをセッションに保存する。
+ *
* @return 保存された新規トークン
*/
- public String saveNewToken(){
+ public String saveNewToken() {
final String token = RandomStringUtils.randomAlphanumeric(128);
this.tokenList.add(token);
this.tokenList.add(new Date());
return token;
}
- public boolean checkTokenValid(){
+ public boolean checkTokenValid() {
final String reqToken = this.req.getParameter("secureToken");
boolean found = false;
- for(int i = 0; i < tokenList.size(); i+=2){
- final String token = (String)this.tokenList.get(i);
- if(token.equals(reqToken)){
+ for (int i = 0; i < this.tokenList.size(); i += 2) {
+ final String token = (String) this.tokenList.get(i);
+ if (token.equals(reqToken)) {
// TODO:期限チェック
found = true;
break;