1 package com.atlassian.xwork;
2
3 import javax.servlet.http.HttpServletRequest;
4
5 /**
6 * Interface for generating anti-XSRF tokens for web forms. The default implementation
7 * {@link com.atlassian.xwork.SimpleXsrfTokenGenerator} should be good enough for anyone, but
8 * this interface is provided just in case anyone wants to implement their own token generation
9 * strategy.
10 */
11 public interface XsrfTokenGenerator
12 {
13 /**
14 * Generate a new form token for the current request.
15 *
16 * @param request the request the token is being generated for
17 * @return a valid XSRF form token
18 */
19 String generateToken(HttpServletRequest request);
20
21 /**
22 * Convenience method which will return the name to be used for a supplied XsrfToken in a request.
23 *
24 * @return the name in the request for the Xsrf token.
25 */
26 String getXsrfTokenName();
27
28 /**
29 * Validate a form token received as part of a web request
30 *
31 * @param request the request the token was received in
32 * @param token the token
33 * @return true iff the token is valid
34 */
35 boolean validateToken(HttpServletRequest request, String token);
36 }