Package com.atlassian.jira.security.xsrf


package com.atlassian.jira.security.xsrf
  • Class
    Description
    A no-op XsrfTokenGenerator that is added to the Bootstrap container because it is required in Servlet Filters.
    This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.
    The annotation used to indicate that a method (or a whole class) does NOT need XSRF protection checking
    Assists with validating whether HTTP request meets XSRF origin policy
    The annotation used to indicate that a method (or a whole class) needs XSRF protection checking This works only with WebWorks actions (i.e.
    Implementation of XsrfTokenGenerator that stores a unique token depending on strategy resolved - requests originated by jira (webwork) run with XsrfTokenStrategy.Type.SESSION strategy - external requests (like REST calls) run with XsrfTokenStrategy.Type.COOKIE strategy
    The result of the XSRF checks
    This represents the default values from jira-application properties for controlling XSRF
    An implementation of XsrfDefaults
    This is thrown when a request fails an XSRF check and user retry is not allowed.
    Checks that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.
    This request Filter will set a XSRF token into the session IF there is a user AND they don't already have a token.
    Interface for generating anti-XSRF tokens for web forms.
    SQL Interceptor that detects changes to the database that aren't xsrf protected