public class DefaultXsrfTokenService extends Object implements XsrfTokenService
XsrfTokenInterceptor
as a proper adaption turns out
too complex due to the extensive use of ThreadLocals
in the underlying code.Constructor and Description |
---|
DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator) |
Modifier and Type | Method and Description |
---|---|
com.atlassian.fugue.Pair<String,String> |
generate(javax.servlet.http.HttpServletRequest request)
Generate and bind a token pair to the session.
|
com.atlassian.fugue.Maybe<Message> |
validate(javax.servlet.http.HttpServletRequest request)
Validate if the given request contains the token bound to the request's session.
|
public DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)
public com.atlassian.fugue.Pair<String,String> generate(javax.servlet.http.HttpServletRequest request)
XsrfTokenService
generate
in interface XsrfTokenService
request
- the request used to identify the session, will be created if none is presentpublic com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
XsrfTokenService
validate
in interface XsrfTokenService
request
- the request used to identify the session and containing the token parameterMaybe.isEmpty()
indicates a successful flowCopyright © 2003–2016 Atlassian. All rights reserved.