Class RandomAccessReferenceMap

  • All Implemented Interfaces:
    java.io.Serializable, AccessReferenceMap<java.lang.String>

    public class RandomAccessReferenceMap
    extends AbstractAccessReferenceMap<java.lang.String>
    Reference implementation of the AccessReferenceMap interface. This implementation generates random 6 character alphanumeric strings for indirect references. It is possible to use simple integers as indirect references, but the random string approach provides a certain level of protection from CSRF attacks, because an attacker would have difficulty guessing the indirect reference.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams@aspectsecurity.com), Chris Schmidt (chrisisbeef@gmail.com)
    See Also:
    AccessReferenceMap, Serialized Form
    • Constructor Detail

      • RandomAccessReferenceMap

        public RandomAccessReferenceMap​(int initialSize)
      • RandomAccessReferenceMap

        public RandomAccessReferenceMap()
        This AccessReferenceMap implementation uses short random strings to create a layer of indirection. Other possible implementations would use simple integers as indirect references.
      • RandomAccessReferenceMap

        public RandomAccessReferenceMap​(java.util.Set<java.lang.Object> directReferences)
      • RandomAccessReferenceMap

        public RandomAccessReferenceMap​(java.util.Set<java.lang.Object> directReferences,
                                        int initialSize)