1 /* 2 * Copyright 2006-2011 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with 5 * the License. You may obtain a copy of the License at 6 * 7 * https://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on 10 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the 11 * specific language governing permissions and limitations under the License. 12 */ 13 package org.springframework.security.oauth2.client.filter.state; 14 15 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; 16 17 /** 18 * Stategy for generating random keys for state. The state key is important protection for client apps against 19 * cross-site request forgery. 20 * 21 * @author Dave Syer 22 * 23 */ 24 public interface StateKeyGenerator { 25 26 /** 27 * Generate a key. 28 * 29 * @param resource the resource to generate the key for 30 * @return a unique key for the state. Never null. 31 */ 32 String generateKey(OAuth2ProtectedResourceDetails resource); 33 34 }