com.atlassian.confluence.security.service
Interface XsrfTokenService

All Known Implementing Classes:
DefaultXsrfTokenService

public interface XsrfTokenService

To be used in scenarios where the XsrfTokenInterceptor can not be applied.

The above mentioned XsrfTokenInterceptor, configured in the default stack, is the preferred method for securing XWork controllers (actions) against XSRF abuse.

This service should be used for the following scenarios instead:

Since:
5.1.4

Method Summary
 com.atlassian.fugue.Pair<java.lang.String,java.lang.String> generate(javax.servlet.http.HttpServletRequest request)
          Generate and bind a token pair to the session.
 com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
          Validate if the given request contains the token bound to the request's session.
 

Method Detail

generate

com.atlassian.fugue.Pair<java.lang.String,java.lang.String> generate(javax.servlet.http.HttpServletRequest request)
Generate and bind a token pair to the session.

Parameters:
request - the request used to identify the session, will be created if none is present
Returns:
a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

validate

com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
Validate if the given request contains the token bound to the request's session.

Parameters:
request - the request used to identify the session and containing the token parameter
Returns:
maybe error messages, thus Maybe.isEmpty() indicates a successful flow


Copyright © 2003-2014 Atlassian. All Rights Reserved.