public interface XsrfTokenService
XsrfTokenInterceptorcan not be applied.
The above mentioned
XsrfTokenInterceptor, configured in the
default stack, is the preferred
method for securing XWork controllers (actions) against XSRF abuse.
This service should be used for the following scenarios instead:
Content-Type: multipart/form-data, as the underlying
MultiPartRequestWrapperdecoding the parts may escape on construction due to e.g. exceeding the maximum file size. Since the token will be encoded in a part, the token check would fail thus hiding the root cause.
|Modifier and Type||Method and Description|
Generate and bind a token pair to the session.
Validate if the given request contains the token bound to the request's session.
request- the request used to identify the session, will be created if none is present
com.atlassian.fugue.Maybe<Message> validate(javax.servlet.http.HttpServletRequest request)
request- the request used to identify the session and containing the token parameter
Maybe.isEmpty()indicates a successful flow
Copyright © 2003–2017 Atlassian. All rights reserved.