View Javadoc

1   package com.atlassian.sal.core.xsrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
4   import com.atlassian.sal.api.xsrf.XsrfRequestValidator;
5   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
6   
7   import javax.servlet.http.HttpServletRequest;
8   
9   /**
10   * Provides an implementation of checking if a request
11   * contains either a valid Cross-site request forgery(xsrf) token or a
12   * valid xsrf header {@link com.atlassian.sal.api.xsrf.XsrfHeaderValidator#TOKEN_HEADER}.
13   * @since v2.10.18
14   */
15  public class XsrfRequestValidatorImpl implements XsrfRequestValidator
16  {
17      private static final XsrfHeaderValidator headerValidator =
18          new XsrfHeaderValidator();
19      private final XsrfTokenValidator tokenValidator;
20  
21      public XsrfRequestValidatorImpl(XsrfTokenValidator tokenValidator)
22      {
23          this.tokenValidator = tokenValidator;
24      }
25  
26      /**
27       * Returns true iff the given request has a valid xsrf token or a
28       * valid xsrf header.
29       * @param request the request to check.
30       * @return true iff the given request has a valid xsrf token or a
31       * valid xsrf header.
32       */
33      public boolean validateRequestPassesXsrfChecks(HttpServletRequest request)
34      {
35          return headerValidator.requestHasValidXsrfHeader(request) ||
36              tokenValidator.validateFormEncodedToken(request);
37      }
38  }