Summary: Constants | Methods | [Expand All]

public interface

XsrfTokenGenerator

com.atlassian.jira.security.xsrf.XsrfTokenGenerator

Known Indirect Subclasses

SimpleXsrfTokenGenerator

Class Overview

Interface for generating anti-XSRF tokens for web forms.

The default implementation (available viw dependency injection) should be good enough for anyone, but this interface is provided just in case anyone wants to implement their own token generation strategy.

Summary

Constants
String	TOKEN_HTTP_SESSION_KEY	The name of the XSRF token put ino the HTTP session
String	TOKEN_WEB_PARAMETER_KEY	The name of the XSRF token parameter sent in on a web request

Public Methods
String	generateToken(HttpServletRequest request) Gets the token from the current request, generating a new one if none is found
String	generateToken(HttpServletRequest request, boolean create) Gets the token from the current request, optionally generating a new one if none is found
String	generateToken(boolean create) Gets the token from the current request, optionally generating a new one if none is found
String	generateToken() Gets the token from the current request, generating a new one if none is found
@Deprecated String	generateToken(VelocityRequestContext request) This method is deprecated. since 4.3 - use the other two forms of generateToken()
boolean	generatedByAuthenticatedUser(String token) This returns true of the token was generated by an authenticated user
String	getToken(HttpServletRequest request) Gets the token from the current request, generating a new one if none is found
String	getXsrfTokenName() Convenience method which will return the name to be used for a supplied XsrfToken in a request.
boolean	validateToken(HttpServletRequest request, String token) Validate a form token received as part of a web request

Constants

public static final String TOKEN_HTTP_SESSION_KEY

The name of the XSRF token put ino the HTTP session

Constant Value: "atlassian.xsrf.token"

public static final String TOKEN_WEB_PARAMETER_KEY

The name of the XSRF token parameter sent in on a web request

Constant Value: "atl_token"

Public Methods

public String generateToken (HttpServletRequest request)

Gets the token from the current request, generating a new one if none is found

Parameters

request	the request the token is being generated for

Returns

a valid XSRF form token

public String generateToken (HttpServletRequest request, boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters

request	the request the token is being generated for
create	true to create token if none is found

Returns

a valid XSRF form token

public String generateToken (boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters

create	true to create token if none is found

Returns

a valid XSRF form token

public String generateToken ()

Gets the token from the current request, generating a new one if none is found

Returns

a valid XSRF form token

@Deprecated public String generateToken (VelocityRequestContext request)

This method is deprecated.
since 4.3 - use the other two forms of generateToken()

Gets the token from the current request, generating a new one if none is found

Parameters

request	the request the token is being generated for

Returns

a valid XSRF form token

public boolean generatedByAuthenticatedUser (String token)

This returns true of the token was generated by an authenticated user

Parameters

token	the XSRF token in question

Returns

true if the token was generated by an authenticated user.

public String getToken (HttpServletRequest request)

Gets the token from the current request, generating a new one if none is found

Parameters

request	request that contains the form token.

Returns

the token stored in the cookie of this request.

public String getXsrfTokenName ()

Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Returns

the name in the request for the Xsrf token.

public boolean validateToken (HttpServletRequest request, String token)

Validate a form token received as part of a web request

Parameters

request	the request the token was received in
token	the token

Returns

true iff the token is valid

Interfaces

Classes

Annotations

Exceptions

XsrfTokenGenerator

Class Overview

Summary

Constants

public static final String TOKEN_HTTP_SESSION_KEY

public static final String TOKEN_WEB_PARAMETER_KEY

Public Methods

public String generateToken (HttpServletRequest request)

Parameters

Returns

public String generateToken (HttpServletRequest request, boolean create)

Parameters

Returns

public String generateToken (boolean create)

Parameters

Returns

public String generateToken ()

Returns

@Deprecated public String generateToken (VelocityRequestContext request)

Parameters

Returns

public boolean generatedByAuthenticatedUser (String token)

Parameters

Returns

public String getToken (HttpServletRequest request)

Parameters

Returns

public String getXsrfTokenName ()

Returns

public boolean validateToken (HttpServletRequest request, String token)

Parameters

Returns