XsrfTokenService (Atlassian Confluence 7.8.1 API)

All Known Implementing Classes:

DefaultXsrfTokenService
```
public interface XsrfTokenService
```
To be used in scenarios where the XsrfTokenInterceptor can not be applied.
The above mentioned XsrfTokenInterceptor, configured in the default stack, is the preferred method for securing XWork controllers (actions) against XSRF abuse.
This service should be used for the following scenarios instead:
- Servlets, as they have no notion of XWork
- Controllers handling Content-Type: multipart/form-data, as the underlying MultiPartRequestWrapper decoding the parts may escape on construction due to e.g. exceeding the maximum file size. Since the token will be encoded in a part, the token check would fail thus hiding the root cause.
Since:

5.1.4

Method Summary

All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods
Modifier and Type	Method and Description
`com.atlassian.fugue.Pair<String,String>`	`generate(javax.servlet.http.HttpServletRequest request)` Deprecated. since 7.0.1. Use `generateToken(HttpServletRequest)`
`default io.atlassian.fugue.Pair<String,String>`	`generateToken(javax.servlet.http.HttpServletRequest request)` Generate and bind a token pair to the session.
`com.atlassian.fugue.Maybe<Message>`	`validate(javax.servlet.http.HttpServletRequest request)` Deprecated. since 7.0.1. Use `validateToken(HttpServletRequest)`
`default Optional<Message>`	`validateToken(javax.servlet.http.HttpServletRequest request)` Validate if the given request contains the token bound to the request's session.

- Method Detail
  - generate
```
@Deprecated
com.atlassian.fugue.Pair<String,String> generate(javax.servlet.http.HttpServletRequest request)
```
    Deprecated. since 7.0.1. Use generateToken(HttpServletRequest)
    
    Generate and bind a token pair to the session.
    
    Parameters:
    
    request - the request used to identify the session, will be created if none is present
    
    Returns:
    
    a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part
  - generateToken
```
default io.atlassian.fugue.Pair<String,String> generateToken(javax.servlet.http.HttpServletRequest request)
```
    Generate and bind a token pair to the session.
    
    Parameters:
    
    request - the request used to identify the session, will be created if none is present
    
    Returns:
    
    a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part
    
    Since:
    
    7.0.1
  - validate
```
@Deprecated
com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
```
    Deprecated. since 7.0.1. Use validateToken(HttpServletRequest)
    
    Validate if the given request contains the token bound to the request's session.
    
    Parameters:
    
    request - the request used to identify the session and containing the token parameter
    
    Returns:
    
    maybe error messages, thus Maybe.isEmpty() indicates a successful flow
  - validateToken
```
default Optional<Message> validateToken(javax.servlet.http.HttpServletRequest request)
```
    Validate if the given request contains the token bound to the request's session.
    
    Parameters:
    
    request - the request used to identify the session and containing the token parameter
    
    Returns:
    
    maybe error messages, thus !Optional.isPresent() indicates a successful flow
    
    Since:
    
    7.0.1

Interface XsrfTokenService

Method Summary

Method Detail

generate

generateToken

validate

validateToken