public class

SimpleXsrfTokenGenerator

extends Object
implements XsrfTokenGenerator
java.lang.Object
   ↳ com.atlassian.jira.security.xsrf.SimpleXsrfTokenGenerator

Class Overview

Simple implementation of XsrfTokenGenerator that stores a unique value in a cookie.

Summary

[Expand]
Inherited Constants
From interface com.atlassian.jira.security.xsrf.XsrfTokenGenerator
Public Constructors
SimpleXsrfTokenGenerator(JiraAuthenticationContext authenticationContext, JiraServerIdProvider jiraServerIdProvider)
Public Methods
String generateToken(HttpServletRequest httpServletRequest, boolean create)
Gets the token from the current request, optionally generating a new one if none is found
String generateToken(HttpServletRequest httpServletRequest)
Gets the token from the current request, generating a new one if none is found
String generateToken(boolean create)
Gets the token from the current request, optionally generating a new one if none is found
String generateToken()
Gets the token from the current request, generating a new one if none is found
boolean generatedByAuthenticatedUser(String token)
This returns true of the token was generated by an authenticated user
String getToken(HttpServletRequest request)
Gets the token from the current request, generating a new one if none is found
String getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request.
boolean validateToken(HttpServletRequest httpServletRequest, String token)
Validate a form token received as part of a web request
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.atlassian.jira.security.xsrf.XsrfTokenGenerator

Public Constructors

public SimpleXsrfTokenGenerator (JiraAuthenticationContext authenticationContext, JiraServerIdProvider jiraServerIdProvider)

Public Methods

public String generateToken (HttpServletRequest httpServletRequest, boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters
httpServletRequest the request the token is being generated for
create true to create token if none is found
Returns
  • a valid XSRF form token

public String generateToken (HttpServletRequest httpServletRequest)

Gets the token from the current request, generating a new one if none is found

Parameters
httpServletRequest the request the token is being generated for
Returns
  • a valid XSRF form token

public String generateToken (boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters
create true to create token if none is found
Returns
  • a valid XSRF form token

public String generateToken ()

Gets the token from the current request, generating a new one if none is found

Returns
  • a valid XSRF form token

public boolean generatedByAuthenticatedUser (String token)

This returns true of the token was generated by an authenticated user

Parameters
token the XSRF token in question
Returns
  • true if the token was generated by an authenticated user.

public String getToken (HttpServletRequest request)

Gets the token from the current request, generating a new one if none is found

Parameters
request request that contains the form token.
Returns
  • the token stored in the cookie of this request.

public String getXsrfTokenName ()

Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Returns
  • the name in the request for the Xsrf token.

public boolean validateToken (HttpServletRequest httpServletRequest, String token)

Validate a form token received as part of a web request

Parameters
httpServletRequest the request the token was received in
token the token
Returns
  • true iff the token is valid