1 package com.atlassian.sal.core.xsrf;
2
3 import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
4 import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
5 import com.atlassian.security.utils.ConstantTimeComparison;
6
7 import javax.servlet.http.HttpServletRequest;
8
9
10
11
12
13
14 public class IndependentXsrfTokenValidator implements XsrfTokenValidator
15 {
16 public static final String XSRF_PARAM_NAME = "atl_token";
17
18 private XsrfTokenAccessor accessor;
19
20 public IndependentXsrfTokenValidator(XsrfTokenAccessor accessor)
21 {
22 this.accessor = accessor;
23 }
24
25 public boolean validateFormEncodedToken(HttpServletRequest request)
26 {
27 String parameterToken = request.getParameter(XSRF_PARAM_NAME);
28 String requestToken = accessor.getXsrfToken(request, null, false);
29
30 return parameterToken != null && requestToken != null && ConstantTimeComparison.isEqual(parameterToken, requestToken);
31 }
32
33 public String getXsrfParameterName()
34 {
35 return XSRF_PARAM_NAME;
36 }
37 }