Package com.atlassian.jira.security.xsrf
Interface XsrfTokenGenerator
- All Known Implementing Classes:
BootstrapXsrfTokenGenerator,SimpleXsrfTokenGenerator
public interface XsrfTokenGenerator
Interface for generating anti-XSRF tokens for web forms.
The default implementation (available viw dependency injection) should be good enough for anyone, but this interface is provided just in case anyone wants to implement their own token generation strategy.
- Since:
- v4.1
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionbooleanThis returns true of the token was generated by an authenticated userGets the token from the current request, generating a new one if none is foundgenerateToken(boolean create) Gets the token from the current request, optionally generating a new one if none is foundgenerateToken(javax.servlet.http.HttpServletRequest request) Gets the token from the current request, generating a new one if none is foundgenerateToken(javax.servlet.http.HttpServletRequest request, boolean create) Gets the token from the current request, optionally generating a new one if none is foundgetToken(javax.servlet.http.HttpServletRequest request) Gets the token from the current request, generating a new one if none is foundConvenience method which will return the name to be used for a supplied XsrfToken in a request.booleanvalidateToken(javax.servlet.http.HttpServletRequest request, String token) Validate a form token received as part of a web request
-
Field Details
-
TOKEN_HTTP_SESSION_KEY
The name of the XSRF token put ino the HTTP session- See Also:
-
TOKEN_WEB_PARAMETER_KEY
The name of the XSRF token parameter sent in on a web request- See Also:
-
-
Method Details
-
generateToken
String generateToken()Gets the token from the current request, generating a new one if none is found- Returns:
- a valid XSRF form token
-
generateToken
Gets the token from the current request, optionally generating a new one if none is found- Parameters:
create- true to create token if none is found- Returns:
- a valid XSRF form token
-
generateToken
Gets the token from the current request, generating a new one if none is found- Parameters:
request- the request the token is being generated for- Returns:
- a valid XSRF form token
-
generateToken
Gets the token from the current request, optionally generating a new one if none is found- Parameters:
request- the request the token is being generated forcreate- true to create token if none is found- Returns:
- a valid XSRF form token
-
getToken
Gets the token from the current request, generating a new one if none is found- Parameters:
request- request that contains the form token.- Returns:
- the token stored in the cookie of this request.
-
getXsrfTokenName
String getXsrfTokenName()Convenience method which will return the name to be used for a supplied XsrfToken in a request.- Returns:
- the name in the request for the Xsrf token.
-
validateToken
Validate a form token received as part of a web request- Parameters:
request- the request the token was received intoken- the token- Returns:
- true iff the token is valid
-
generatedByAuthenticatedUser
This returns true of the token was generated by an authenticated user- Parameters:
token- the XSRF token in question- Returns:
- true if the token was generated by an authenticated user.
-