View Javadoc
1   package com.atlassian.sal.core.xsrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
4   import com.atlassian.sal.api.xsrf.XsrfRequestValidator;
5   import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
6   
7   import javax.servlet.http.HttpServletRequest;
8   
9   /**
10   * Provides an implementation of checking if a request
11   * contains either a valid Cross-site request forgery(xsrf) token or a
12   * valid xsrf header {@link com.atlassian.sal.api.xsrf.XsrfHeaderValidator#TOKEN_HEADER}.
13   *
14   * @since v2.10.18
15   */
16  public class XsrfRequestValidatorImpl implements XsrfRequestValidator {
17      private static final XsrfHeaderValidator headerValidator =
18              new XsrfHeaderValidator();
19      private final XsrfTokenValidator tokenValidator;
20  
21      public XsrfRequestValidatorImpl(XsrfTokenValidator tokenValidator) {
22          this.tokenValidator = tokenValidator;
23      }
24  
25      /**
26       * Returns true iff the given request has a valid xsrf token or a
27       * valid xsrf header.
28       *
29       * @param request the request to check.
30       * @return true iff the given request has a valid xsrf token or a
31       * valid xsrf header.
32       */
33      public boolean validateRequestPassesXsrfChecks(HttpServletRequest request) {
34          return headerValidator.requestHasValidXsrfHeader(request) ||
35                  tokenValidator.validateFormEncodedToken(request);
36      }
37  }