Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.confluence.security.service
Class DefaultXsrfTokenService

java.lang.Object
  extended by com.atlassian.confluence.security.service.DefaultXsrfTokenService
All Implemented Interfaces:
XsrfTokenService
public class DefaultXsrfTokenService
extends java.lang.Object
implements XsrfTokenService

This implementation unfortunately duplicates the logic of XsrfTokenInterceptor as a proper adaption turns out too complex due to the extensive use of ThreadLocals in the underlying code.

Constructor Summary
DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)
           
 
Method Summary
 com.atlassian.fugue.Pair<java.lang.String,java.lang.String> generate(javax.servlet.http.HttpServletRequest request)
          Generate and bind a token pair to the session.
 com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
          Validate if the given request contains the token bound to the request's session.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultXsrfTokenService

public DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)
Method Detail

generate

public com.atlassian.fugue.Pair<java.lang.String,java.lang.String> generate(javax.servlet.http.HttpServletRequest request)
Description copied from interface: XsrfTokenService
Generate and bind a token pair to the session.

Specified by:
generate in interface XsrfTokenService
Parameters:
request - the request used to identify the session, will be created if none is present
Returns:
a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

validate

public com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
Description copied from interface: XsrfTokenService
Validate if the given request contains the token bound to the request's session.

Specified by:
validate in interface XsrfTokenService
Parameters:
request - the request used to identify the session and containing the token parameter
Returns:
maybe error messages, thus Maybe.isEmpty() indicates a successful flow
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003-2014 Atlassian. All Rights Reserved.