XsrfResourceFilter (Atlassian REST - Parent POM 2.8.5 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.plugins.rest.common.security.jersey
Class XsrfResourceFilter

java.lang.Object
  com.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilter

All Implemented Interfaces:: com.sun.jersey.spi.container.ContainerRequestFilter, com.sun.jersey.spi.container.ResourceFilter

public class XsrfResourceFilter
extends java.lang.Object
implements com.sun.jersey.spi.container.ResourceFilter, com.sun.jersey.spi.container.ContainerRequestFilter
extends java.lang.Object
implements com.sun.jersey.spi.container.ResourceFilter, com.sun.jersey.spi.container.ContainerRequestFilter

A filter that filters requests that need XSRF protection.

This checks for the presence of the no-check xsrf header and if the xsrf token is correct.

Since:: 2.4

Field Summary
`static java.lang.String`	`NO_CHECK`
`static java.lang.String`	`TOKEN_HEADER`

Constructor Summary
`XsrfResourceFilter()`

Method Summary
`com.sun.jersey.spi.container.ContainerRequest`	`filter(com.sun.jersey.spi.container.ContainerRequest request)`
`com.sun.jersey.spi.container.ContainerRequestFilter`	`getRequestFilter()`
`com.sun.jersey.spi.container.ContainerResponseFilter`	`getResponseFilter()`
`protected boolean`	`isXsrfTokenValid(javax.servlet.http.HttpServletRequest httpServletRequest)` Returns true if the given request xsrf token cookie value matches the xsrf token submitted in the request form.
`void`	`setHttpContext(com.atlassian.sal.api.web.context.HttpContext httpContext)`
`void`	`setXsrfTokenValidator(com.atlassian.sal.api.xsrf.XsrfTokenValidator xsrfTokenValidator)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TOKEN_HEADER

public static final java.lang.String TOKEN_HEADER

See Also:: Constant Field Values

NO_CHECK

public static final java.lang.String NO_CHECK

See Also:: Constant Field Values

Constructor Detail

XsrfResourceFilter

public XsrfResourceFilter()

Method Detail

setHttpContext

public void setHttpContext(com.atlassian.sal.api.web.context.HttpContext httpContext)

setXsrfTokenValidator

public void setXsrfTokenValidator(com.atlassian.sal.api.xsrf.XsrfTokenValidator xsrfTokenValidator)

filter

public com.sun.jersey.spi.container.ContainerRequest filter(com.sun.jersey.spi.container.ContainerRequest request)

Specified by:: filter in interface com.sun.jersey.spi.container.ContainerRequestFilter

getRequestFilter

public com.sun.jersey.spi.container.ContainerRequestFilter getRequestFilter()

Specified by:: getRequestFilter in interface com.sun.jersey.spi.container.ResourceFilter

getResponseFilter

public com.sun.jersey.spi.container.ContainerResponseFilter getResponseFilter()

Specified by:: getResponseFilter in interface com.sun.jersey.spi.container.ResourceFilter

isXsrfTokenValid

protected boolean isXsrfTokenValid(javax.servlet.http.HttpServletRequest httpServletRequest)

Returns true if the given request xsrf token cookie value matches the xsrf token submitted in the request form. Currently this method only works on requests that have a media type of MediaType.APPLICATION_FORM_URLENCODED_TYPE.

Parameters:: request - the request to check.
Returns:: true if the given request xsrf token cookie value matches the xsrf token submitted in the request form.