1 package com.atlassian.sal.api.xsrf;
2
3 import javax.servlet.http.HttpServletRequest;
4 import javax.servlet.http.HttpServletResponse;
5
6 /**
7 * Gives access to the applications XSRF tokens
8 *
9 * @since 2.4
10 */
11 public interface XsrfTokenAccessor
12 {
13 /**
14 * Get the persistent token for the given request, that is, the token stored in the users session or in a cookie,
15 * not the token submitted as part of a form.
16 *
17 * @param request The request to get the token from
18 * @param response The response to add the cookie to if necessary, can be null, if create is false.
19 * @param create Whether a new token should be created if there is none in the request. The new token should be
20 * persistent across subsequent requests, ie, added to the users session or a cookie.
21 * @return The token for the request, or null if no token was found and create was false
22 */
23 String getXsrfToken(HttpServletRequest request, HttpServletResponse response, boolean create);
24 }