java.lang.Object
- com.atlassian.confluence.impl.webapp.security.enforcer.XsrfTokenEnforcer

All Implemented Interfaces:

SecurityEnforcer
```
public final class XsrfTokenEnforcer
extends Object
implements SecurityEnforcer
```
Enforces XSRF token checks for protected actions. The lower level implementation is in XsrfTokenValidationManager.

Since:

8.8

Field Summary
- Fields inherited from interface com.atlassian.confluence.impl.webapp.security.SecurityEnforcer
  LOGIN_PATH, NOT_PERMITTED_PATH

Constructor Summary

Constructors
Constructor Description

XsrfTokenEnforcer(XsrfTokenValidationManager xsrfTokenValidationManager)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`enforce(ConfluenceUser user, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Enforcement action that should be taken when `SecurityEnforcer.shouldEnforce(com.atlassian.confluence.user.ConfluenceUser, com.atlassian.confluence.impl.webapp.security.MappedAction, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)` returns `true`.
`boolean`	`shouldEnforce(ConfluenceUser user, MappedAction mappedAction, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - XsrfTokenEnforcer
```
public XsrfTokenEnforcer(XsrfTokenValidationManager xsrfTokenValidationManager)
```
- Method Detail
  - shouldEnforce
```
public boolean shouldEnforce(ConfluenceUser user,
                             MappedAction mappedAction,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
```
    Specified by:
    
    shouldEnforce in interface SecurityEnforcer
    
    Returns:
    
    true if arguments failed enforcement criteria and SecurityEnforcer.enforce(com.atlassian.confluence.user.ConfluenceUser, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) should be called.
  - enforce
```
public void enforce(ConfluenceUser user,
                    javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpServletResponse response)
             throws IOException,
                    javax.servlet.ServletException
```
    Description copied from interface: SecurityEnforcer
    
    Enforcement action that should be taken when SecurityEnforcer.shouldEnforce(com.atlassian.confluence.user.ConfluenceUser, com.atlassian.confluence.impl.webapp.security.MappedAction, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) returns true.
    
    Specified by:
    
    enforce in interface SecurityEnforcer
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException

Class XsrfTokenEnforcer

Field Summary

Fields inherited from interface com.atlassian.confluence.impl.webapp.security.SecurityEnforcer

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

XsrfTokenEnforcer

Method Detail

shouldEnforce

enforce