org.spincast.plugins.formsprotection.config

Interface SpincastFormsProtectionConfig

All Known Implementing Classes:

SpincastFormsProtectionConfigDefault

public interface SpincastFormsProtectionConfig

Configurations for the Spincast Forms Protection plugin.

Field Summary

Fields

Modifier and Type	Field and Description
static String	SESSION_VARIABLE_NAME_CSRF_TOKEN The name of the session variable used to store the CSRF token id of the user.

Method Summary

Modifier and Type	Method and Description
boolean	autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob() Should this plugin automatically register a cron that will call SpincastFormsDoubleSubmitProtectionRepository.deleteOldFormsProtectionIds(int) for cleanup?
int	getDeleteOldDoubleSubmitProtectionIdsCronRunEveryNbrMinutes() If autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob() is enabled, the cleanup of old saved protection ids should runs every X minutes.
String	getFormCsrfProtectionIdFieldName() The "name" of the hidden field in which a generated CSRF protection id will be saved in the HTML form.
String	getFormDoubleSubmitDisableProtectionIdFieldName() The "name" of the hidden field to add to disable the Double Submit protection on a specific form.
int	getFormDoubleSubmitFormValidForNbrMinutes() If the SpincastFormsDoubleSubmitProtectionFilter filter is used, this is the number of minutes maximum of form will be considered as valid.
String	getFormDoubleSubmitProtectionIdFieldName() The "name" of the hidden field in which a generated Double Submit protection id will be saved in the HTML form.

Field Detail

SESSION_VARIABLE_NAME_CSRF_TOKEN

static final String SESSION_VARIABLE_NAME_CSRF_TOKEN

The name of the session variable used to store the CSRF token id of the user.

Method Detail

getFormCsrfProtectionIdFieldName

String getFormCsrfProtectionIdFieldName()

The "name" of the hidden field in which a generated CSRF protection id will be saved in the HTML form.

getFormDoubleSubmitProtectionIdFieldName

String getFormDoubleSubmitProtectionIdFieldName()

The "name" of the hidden field in which a generated Double Submit protection id will be saved in the HTML form.

getFormDoubleSubmitDisableProtectionIdFieldName

String getFormDoubleSubmitDisableProtectionIdFieldName()

The "name" of the hidden field to add to disable the Double Submit protection on a specific form. (use any value such as "1" for the field.)

autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob

boolean autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob()

Should this plugin automatically register a cron that will call SpincastFormsDoubleSubmitProtectionRepository.deleteOldFormsProtectionIds(int) for cleanup?

Note that wathever the value, the cron will only be registered if a proper implementation of SpincastFormsDoubleSubmitProtectionFilter was bound in the first place.

If disabled, you are responsible to register the cron job by yourself, or at least delete those old ids by yourself.

Defaults to true.

getDeleteOldDoubleSubmitProtectionIdsCronRunEveryNbrMinutes

int getDeleteOldDoubleSubmitProtectionIdsCronRunEveryNbrMinutes()

If autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob() is enabled, the cleanup of old saved protection ids should runs every X minutes.

getFormDoubleSubmitFormValidForNbrMinutes

int getFormDoubleSubmitFormValidForNbrMinutes()

If the SpincastFormsDoubleSubmitProtectionFilter filter is used, this is the number of minutes maximum of form will be considered as valid. Older than that, it will be refused.

If autoRegisterDeleteOldDoubleSubmitProtectionIdsCronJob() is enabled, the cron will also use this value to decide when to delete old protection ids.

Defaults to 120 minutes (2 hours).