Atlassian XWork(Aggregated)

Clover Coverage Report - Atlassian XWork(Aggregated)

Coverage timestamp: Wed Jul 27 2011 23:39:31 CDT

FRAMES NO FRAMES SHOW HELP

Statistics for file SimpleXsrfTokenGenerator.java:
Stmts:	10		LOC:	53		Total cmp:	7		Stmts/Method:	2
Branches:	2		NCLOC:	36		Cmp density:	0.7		Methods/Class:	5
Methods:	5					Avg method cmp:	1.4
Classes:	1
Filtered

Expand All

SimpleXsrfTokenGenerator

Line # 16

Total Statements 10

Complexity 7

TOTAL Coverage 88.2%

0.88235295

Show Tests (4) Select All Deselect All
Highlight	Test Contribution	Test	Result
	0.7058824	com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testGenerateNewToken com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testGenerateNewToken	1 PASS
	0.5882353	com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testTokenAlreadyInSession com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testTokenAlreadyInSession	1 PASS
	0.3529412	com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testNoTokenCreated com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testNoTokenCreated	1 PASS
	0.11764706	com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testInvalidToken com.atlassian.xwork.TestSimpleXsrfTokenGenerator.testInvalidToken	1 PASS

Collapse All

1

package com.atlassian.xwork;

2

3

import com.atlassian.security.random.DefaultSecureTokenGenerator;

4

import com.atlassian.xwork.interceptors.XsrfTokenInterceptor;

5

6

import javax.servlet.http.HttpServletRequest;

7

import javax.servlet.http.HttpSession;

8

9

/**

10

* Simple implementation of XsrfTokenGenerator that stores a unique value in the session. The session ID

11

* itself isn't used because we don't want to risk compromising the entire session in case we don't protect

12

* the XSRF token diligently enough.

13

*

14

* <p>Tokens are chosen to be reasonably unique (60 bits) with reasonably short representations (base64 encoded).

15

*/

16

public class SimpleXsrfTokenGenerator implements XsrfTokenGenerator

17

{

18

public static final String TOKEN_SESSION_KEY = "atlassian.xsrf.token";

19

20

3

public String getToken(HttpServletRequest request, boolean create)

21

{

22

3

HttpSession session = request.getSession();

23

3

String token = (String) session.getAttribute(TOKEN_SESSION_KEY);

24

25

3

if (create && token == null)

26

{

27

1

token = createToken();

28

1

session.setAttribute(TOKEN_SESSION_KEY, token);

29

}

30

31

3

32

}

33

34

2

public String generateToken(HttpServletRequest request)

35

{

36

2

return getToken(request, true);

37

}

38

39

0

public String getXsrfTokenName()

40

{

41

0

return XsrfTokenInterceptor.REQUEST_PARAM_NAME;

42

}

43

44

2

public boolean validateToken(HttpServletRequest request, String token)

45

{

46

2

return token != null && token.equals(request.getSession(true).getAttribute(TOKEN_SESSION_KEY));

47

}

48

49

1

private String createToken()

50

{

51

1

return DefaultSecureTokenGenerator.getInstance().generateToken();

52

}

53

}