public class

DefaultXsrfInvocationChecker

extends Object
implements XsrfInvocationChecker
java.lang.Object
   ↳ com.atlassian.jira.security.xsrf.DefaultXsrfInvocationChecker

Class Overview

This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.

Summary

[Expand]
Inherited Constants
From interface com.atlassian.jira.security.xsrf.XsrfInvocationChecker
Public Constructors
DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
Public Methods
XsrfCheckResult checkActionInvocation(Action action, Map<String, ?> parameters)
Checks that the action about to be executed has been invoked within the correct XSRF parameters.
XsrfCheckResult checkWebRequestInvocation(HttpServletRequest httpServletRequest)
Checks that the web request contains the correct XSRF parameters.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.atlassian.jira.security.xsrf.XsrfInvocationChecker

Public Constructors

public DefaultXsrfInvocationChecker (ComponentLocator componentLocator)

Public Methods

public XsrfCheckResult checkActionInvocation (Action action, Map<String, ?> parameters)

Checks that the action about to be executed has been invoked within the correct XSRF parameters. This method will only perform the check if the current "command" is annotated with RequiresXsrfCheck.

Parameters
action the webwork.action.ActionSupport in play. Cannot be null.
parameters the parameters this has been called with. Cannot be null.
Returns
  • false if the action failed the XSRF check.

public XsrfCheckResult checkWebRequestInvocation (HttpServletRequest httpServletRequest)

Checks that the web request contains the correct XSRF parameters.

Parameters
httpServletRequest the javax.servlet.http.HttpServletRequest in play. Can't be null.
Returns
  • false if the request failed the XSRF check.