View Javadoc

1   package com.atlassian.sal.core.xsrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
4   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
5   
6   import javax.servlet.http.HttpServletRequest;
7   
8   /**
9    * XSRF token validator that manages its own tokens, not using the underlying applications XSRF tokens
10   *
11   * @since 2.4
12   */
13  public class IndependentXsrfTokenValidator implements XsrfTokenValidator
14  {
15      public static final String XSRF_PARAM_NAME = "atl_token";
16  
17      private XsrfTokenAccessor accessor;
18  
19      public IndependentXsrfTokenValidator(XsrfTokenAccessor accessor)
20      {
21          this.accessor = accessor;
22      }
23  
24      public boolean validateFormEncodedToken(HttpServletRequest request)
25      {
26          String parameterToken = request.getParameter(XSRF_PARAM_NAME);
27          String requestToken = accessor.getXsrfToken(request, null, false);
28  
29          return parameterToken != null && parameterToken.equals(requestToken);
30      }
31  
32      public String getXsrfParameterName()
33      {
34          return XSRF_PARAM_NAME;
35      }
36  }