Package com.atlassian.confluence.security.service

Class DefaultXsrfTokenService

  • All Implemented Interfaces:
    XsrfTokenService
    public class DefaultXsrfTokenService
extends Object
implements XsrfTokenService
    This implementation unfortunately duplicates the logic of XsrfTokenInterceptor as a proper adaption turns out too complex due to the extensive use of ThreadLocals in the underlying code.

    • Constructor Detail

      • DefaultXsrfTokenService

        public DefaultXsrfTokenService​(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)

    • Method Detail

      • generateToken

        public io.atlassian.fugue.Pair<String,​String> generateToken​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: XsrfTokenService
        Generate and bind a token pair to the session.
        Specified by:
        generateToken in interface XsrfTokenService
        Parameters:
        request - the request used to identify the session, will be created if none is present
        Returns:
        a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

      • validateToken

        public Optional<Message> validateToken​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: XsrfTokenService
        Validate if the given request contains the token bound to the request's session.
        Specified by:
        validateToken in interface XsrfTokenService
        Parameters:
        request - the request used to identify the session and containing the token parameter
        Returns:
        maybe error messages, thus !Optional.isPresent() indicates a successful flow