Package com.atlassian.jira.security.xsrf

Class SimpleXsrfTokenGenerator

java.lang.Object

com.atlassian.jira.security.xsrf.SimpleXsrfTokenGenerator

All Implemented Interfaces:

XsrfTokenGenerator

public class SimpleXsrfTokenGenerator
extends Object
implements XsrfTokenGenerator

Implementation of XsrfTokenGenerator that stores a unique token depending on strategy resolved - requests originated by jira (webwork) run with XsrfTokenStrategy.Type.SESSION strategy - external requests (like REST calls) run with XsrfTokenStrategy.Type.COOKIE strategy

Since:

v4.0

Field Summary

Fields inherited from interface com.atlassian.jira.security.xsrf.XsrfTokenGenerator

TOKEN_HTTP_SESSION_KEY, TOKEN_WEB_PARAMETER_KEY

Constructor Summary

Constructors

Constructor	Description
SimpleXsrfTokenGenerator(JiraAuthenticationContext authenticationContext, JiraServerIdProvider jiraServerIdProvider, FeatureManager featureManager)

Method Summary

Modifier and Type	Method	Description
boolean	generatedByAuthenticatedUser(String token)	This returns true of the token was generated by an authenticated user
String	generateToken()	Gets the token from the current request, generating a new one if none is found
String	generateToken(boolean create)	Gets the token from the current request, optionally generating a new one if none is found
String	generateToken(javax.servlet.http.HttpServletRequest httpServletRequest)	Gets the token from the current request, generating a new one if none is found
String	generateToken(javax.servlet.http.HttpServletRequest httpServletRequest, boolean create)	Gets the token from the current request, optionally generating a new one if none is found
String	getToken(javax.servlet.http.HttpServletRequest request)	Gets the token from the current request, generating a new one if none is found
String	getXsrfTokenName()	Convenience method which will return the name to be used for a supplied XsrfToken in a request.
boolean	validateToken(javax.servlet.http.HttpServletRequest request, String token)	Validate a form token received as part of a web request

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SimpleXsrfTokenGenerator

public SimpleXsrfTokenGenerator(JiraAuthenticationContext authenticationContext,
 JiraServerIdProvider jiraServerIdProvider,
 FeatureManager featureManager)

Method Details

generateToken

public String generateToken(javax.servlet.http.HttpServletRequest httpServletRequest)

Description copied from interface: XsrfTokenGenerator

Gets the token from the current request, generating a new one if none is found

Specified by:

generateToken in interface XsrfTokenGenerator

Parameters:

httpServletRequest - the request the token is being generated for

Returns:

a valid XSRF form token

generateToken

public String generateToken(javax.servlet.http.HttpServletRequest httpServletRequest,
 boolean create)

Description copied from interface: XsrfTokenGenerator

Gets the token from the current request, optionally generating a new one if none is found

Specified by:

generateToken in interface XsrfTokenGenerator

Parameters:

httpServletRequest - the request the token is being generated for

create - true to create token if none is found

Returns:

a valid XSRF form token

generateToken

public String generateToken()

Description copied from interface: XsrfTokenGenerator

Gets the token from the current request, generating a new one if none is found

Specified by:

generateToken in interface XsrfTokenGenerator

Returns:

a valid XSRF form token

generateToken

public String generateToken(boolean create)

Description copied from interface: XsrfTokenGenerator

Gets the token from the current request, optionally generating a new one if none is found

Specified by:

generateToken in interface XsrfTokenGenerator

Parameters:

create - true to create token if none is found

Returns:

a valid XSRF form token

getXsrfTokenName

public String getXsrfTokenName()

Description copied from interface: XsrfTokenGenerator

Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Specified by:

getXsrfTokenName in interface XsrfTokenGenerator

Returns:

the name in the request for the Xsrf token.

validateToken

public boolean validateToken(javax.servlet.http.HttpServletRequest request,
 String token)

Description copied from interface: XsrfTokenGenerator

Validate a form token received as part of a web request

Specified by:

validateToken in interface XsrfTokenGenerator

Parameters:

request - the request the token was received in

token - the token

Returns:

true iff the token is valid

generatedByAuthenticatedUser

public boolean generatedByAuthenticatedUser(String token)

Description copied from interface: XsrfTokenGenerator

This returns true of the token was generated by an authenticated user

Specified by:

generatedByAuthenticatedUser in interface XsrfTokenGenerator

Parameters:

token - the XSRF token in question

Returns:

true if the token was generated by an authenticated user.

getToken

public String getToken(javax.servlet.http.HttpServletRequest request)

Description copied from interface: XsrfTokenGenerator

Gets the token from the current request, generating a new one if none is found

Specified by:

getToken in interface XsrfTokenGenerator

Parameters:

request - request that contains the form token.

Returns:

the token stored in the cookie of this request.