Package com.atlassian.jira.security.xsrf
package com.atlassian.jira.security.xsrf
-
ClassDescriptionA no-op XsrfTokenGenerator that is added to the Bootstrap container because it is required in Servlet Filters.This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.The annotation used to indicate that a method (or a whole class) does NOT need XSRF protection checkingAssists with validating whether HTTP request meets XSRF origin policyThe annotation used to indicate that a method (or a whole class) needs XSRF protection checking This works only with WebWorks actions (i.e.Implementation of XsrfTokenGenerator that stores a unique token depending on strategy resolved - requests originated by jira (webwork) run with
XsrfTokenStrategy.Type.SESSION
strategy - external requests (like REST calls) run withXsrfTokenStrategy.Type.COOKIE
strategyThe result of the XSRF checksThis represents the default values from jira-application properties for controlling XSRFAn implementation ofXsrfDefaults
This is thrown when a request fails an XSRF check and user retry is not allowed.Checks that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.This requestFilter
will set a XSRF token into the session IF there is a user AND they don't already have a token.Interface for generating anti-XSRF tokens for web forms.SQL Interceptor that detects changes to the database that aren't xsrf protected