View Javadoc
1   package com.atlassian.refapp.sal.xsrf;
2   
3   
4   import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
5   import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
6   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
7   import com.atlassian.sal.core.xsrf.IndependentXsrfTokenValidator;
8   
9   import javax.inject.Inject;
10  import javax.inject.Named;
11  import javax.servlet.http.HttpServletRequest;
12  
13  /**
14   * A custom XSRF token validator, bypassing the XSRF checks only for UPM
15   * <p>
16   * TODO: Remove it after upm fixes XSRF (REFAPP-467, UPM-4972)
17   */
18  @ExportAsService
19  @Named("xsrfTokenValidator")
20  public class RefappXsrfTokenValidatorBypassingUPM extends IndependentXsrfTokenValidator implements XsrfTokenValidator {
21      private static final String UPM_REQUEST_URI = "/refapp/rest/plugins/1.0/";
22  
23      @Inject
24      public RefappXsrfTokenValidatorBypassingUPM(final XsrfTokenAccessor accessor) {
25          super(accessor);
26      }
27  
28      @Override
29      public boolean validateFormEncodedToken(final HttpServletRequest request) {
30          if (request.getRequestURI().startsWith(UPM_REQUEST_URI)) {
31              return true;
32          }
33          return super.validateFormEncodedToken(request);
34      }
35  }