View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.RequiresXsrfCheck;
4   import com.atlassian.sal.api.web.context.HttpContext;
5   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
6   import com.google.common.base.Preconditions;
7   import com.sun.jersey.api.model.AbstractMethod;
8   import com.sun.jersey.spi.container.ResourceFilter;
9   import com.sun.jersey.spi.container.ResourceFilterFactory;
10  
11  import javax.ws.rs.ext.Provider;
12  import java.util.Collections;
13  import java.util.List;
14  
15  /**
16   * Factory for the XSRF resource filter
17   *
18   * @since 2.4
19   */
20  @Provider
21  public class XsrfResourceFilterFactory implements ResourceFilterFactory
22  {
23      private HttpContext httpContext;
24      private XsrfTokenValidator xsrfTokenValidator;
25  
26      public XsrfResourceFilterFactory(HttpContext httpContext, XsrfTokenValidator xsrfTokenValidator)
27      {
28          this.httpContext = Preconditions.checkNotNull(httpContext);
29          this.xsrfTokenValidator = Preconditions.checkNotNull(xsrfTokenValidator);
30      }
31  
32  
33      public List<ResourceFilter> create(final AbstractMethod method)
34      {
35          if (method.isAnnotationPresent(RequiresXsrfCheck.class)
36                  || method.getResource().isAnnotationPresent(RequiresXsrfCheck.class))
37          {
38              XsrfResourceFilter xsrfResourceFilter = new XsrfResourceFilter();
39              xsrfResourceFilter.setHttpContext(httpContext);
40              xsrfResourceFilter.setXsrfTokenValidator(xsrfTokenValidator);
41              return Collections.<ResourceFilter>singletonList(xsrfResourceFilter);
42          }
43          return Collections.emptyList();
44      }
45  }