View Javadoc

1   package com.atlassian.sal.core.csrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
4   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
5   
6   import javax.servlet.http.HttpServletRequest;
7   
8   /**
9    * Provides an implementation of checking if a request
10   * contains either a valid csrf token or a
11   * valid csrf header {@link XsrfHeaderValidator#TOKEN_HEADER}.
12   * @since v2.10.13
13   */
14  public class CsrfRequestValidator
15  {
16      private static final XsrfHeaderValidator headerValidator =
17          new XsrfHeaderValidator();
18      private final XsrfTokenValidator tokenValidator;
19  
20      public CsrfRequestValidator(XsrfTokenValidator tokenValidator)
21      {
22          this.tokenValidator = tokenValidator;
23      }
24  
25      /**
26       * Returns true iff the given request has a valid csrf token or a
27       * valid csrf header.
28       * @param request the request to check.
29       * @return true iff the given request has a valid csrf token or a
30       * valid csrf header.
31       */
32      public boolean validateRequestPassesXsrfChecks(HttpServletRequest request)
33      {
34          return headerValidator.requestHasValidXsrfHeader(request) ||
35              tokenValidator.validateFormEncodedToken(request);
36      }
37  }