Package com.atlassian.confluence.impl.xsrf

Interface XsrfTokenValidationManager

All Known Implementing Classes:

DefaultXsrfTokenValidationManager

public interface XsrfTokenValidationManager

Validates the XSRF tokens for protected struts actions Used in NeoSecurityFilter See DefaultXsrfTokenValidationManager for further documentation.

Method Summary

Modifier and Type	Method	Description
boolean	isRequestExempt(String actionName, javax.servlet.http.HttpServletRequest request)	Check if XSRF token protection checks should be exempt for the given action and request.
boolean	isRequestValid(Class<?> actionClass, Method actionMethod, Map<String,String> actionParams, javax.servlet.http.HttpServletRequest request)	Check if this request passes XSRF token checks.

Method Details

isRequestExempt

boolean isRequestExempt(String actionName,
 javax.servlet.http.HttpServletRequest request)

Check if XSRF token protection checks should be exempt for the given action and request.

Parameters:

actionName - - the action name

request - - the current HttpServletRequest

Returns:

true if the request should be exempt from xsrf check, false otherwise.

isRequestValid

boolean isRequestValid(Class<?> actionClass,
 Method actionMethod,
 Map<String,String> actionParams,
 javax.servlet.http.HttpServletRequest request)

Check if this request passes XSRF token checks.

Parameters:

actionClass - - the current action class

actionMethod - - the action method that is executed

actionParams - - the action parameters

request - - the current HttpServletRequest

Returns:

true if the request passes XSRF token validations, false otherwise.