Package com.atlassian.crowd.xwork
Interface XsrfTokenGenerator
- All Known Implementing Classes:
SimpleXsrfTokenGenerator
public interface XsrfTokenGenerator
Interface for generating anti-XSRF tokens for web forms. The default implementation
SimpleXsrfTokenGenerator should be good enough for anyone, but
this interface is provided just in case anyone wants to implement their own token generation
strategy.-
Method Summary
Modifier and TypeMethodDescriptiongenerateToken(javax.servlet.http.HttpServletRequest request) Generate a new form token for the current request.getToken(javax.servlet.http.HttpServletRequest request, boolean create) Retrieves the token from the request.Convenience method which will return the name to be used for a supplied XsrfToken in a request.booleanvalidateToken(javax.servlet.http.HttpServletRequest request, String token) Validate a form token received as part of a web request
-
Method Details
-
getToken
Retrieves the token from the request. Returns null if there is no request and create is false. If create is true, a new token is generated and returned.- Parameters:
request- the request the token is retrieved fromcreate- if true, a token will be created if it doesn't already exist- Returns:
- a valid XSRF form token, null if there is none in the request and create of false.
- Since:
- 1.12
-
generateToken
Generate a new form token for the current request.- Parameters:
request- the request the token is being generated for- Returns:
- a valid XSRF form token
-
getXsrfTokenName
String getXsrfTokenName()Convenience method which will return the name to be used for a supplied XsrfToken in a request.- Returns:
- the name in the request for the Xsrf token.
-
validateToken
Validate a form token received as part of a web request- Parameters:
request- the request the token was received intoken- the token- Returns:
- true iff the token is valid
-