View Javadoc

1   package com.atlassian.xwork;
2   
3   import javax.servlet.http.HttpServletRequest;
4   
5   /**
6    * Interface for generating anti-XSRF tokens for web forms. The default implementation
7    * {@link com.atlassian.xwork.SimpleXsrfTokenGenerator} should be good enough for anyone, but
8    * this interface is provided just in case anyone wants to implement their own token generation
9    * strategy.
10   */
11  public interface XsrfTokenGenerator
12  {
13      /**
14       * Retrieves the token from the request. Returns null if there is no request and create is false.
15       * If create is true, a new token is generated and returned.
16       * @param request the request the token is retrieved from
17       * @param create if true, a token will be created if it doesn't already exist
18       * @return a valid XSRF form token, null if there is none in the request and create of false.
19       * @since 1.12
20       */
21      String getToken(HttpServletRequest request, boolean create);
22  
23      /**
24       * Generate a new form token for the current request.
25       *
26       * @param request the request the token is being generated for
27       * @return a valid XSRF form token
28       */
29      String generateToken(HttpServletRequest request);
30  
31      /**
32       * Convenience method which will return the name to be used for a supplied XsrfToken in a request.
33       * 
34       * @return the name in the request for the Xsrf token.
35       */
36      String getXsrfTokenName();
37  
38      /**
39       * Validate a form token received as part of a web request
40       * 
41       * @param request the request the token was received in
42       * @param token the token
43       * @return true iff the token is valid
44       */
45      boolean validateToken(HttpServletRequest request, String token);
46  }