com.atlassian.jira.security.xsrf
Interface XsrfTokenGenerator

All Known Implementing Classes:
SimpleXsrfTokenGenerator

public interface XsrfTokenGenerator

Interface for generating anti-XSRF tokens for web forms.

The default implementation SimpleXsrfTokenGenerator should be good enough for anyone, but this interface is provided just in case anyone wants to implement their own token generation strategy.

Since:
v4.1

Field Summary
static String TOKEN_HTTP_SESSION_KEY
          The name of the XSRF token put ino the HTTP session
static String TOKEN_WEB_PARAMETER_KEY
          The name of the XSRF token parameter sent in on a web request
 
Method Summary
 String generateToken(javax.servlet.http.HttpServletRequest request)
          Generate a new form token for the current request.
 String generateToken(VelocityRequestContext request)
          Generate a new form token for the current request.
 String getXsrfTokenName()
          Convenience method which will return the name to be used for a supplied XsrfToken in a request.
 boolean validateToken(javax.servlet.http.HttpServletRequest request, String token)
          Validate a form token received as part of a web request
 

Field Detail

TOKEN_HTTP_SESSION_KEY

static final String TOKEN_HTTP_SESSION_KEY
The name of the XSRF token put ino the HTTP session

See Also:
Constant Field Values

TOKEN_WEB_PARAMETER_KEY

static final String TOKEN_WEB_PARAMETER_KEY
The name of the XSRF token parameter sent in on a web request

See Also:
Constant Field Values
Method Detail

generateToken

String generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new form token for the current request.

Parameters:
request - the request the token is being generated for
Returns:
a valid XSRF form token

generateToken

String generateToken(VelocityRequestContext request)
Generate a new form token for the current request.

Parameters:
request - the request the token is being generated for
Returns:
a valid XSRF form token

getXsrfTokenName

String getXsrfTokenName()
Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Returns:
the name in the request for the Xsrf token.

validateToken

boolean validateToken(javax.servlet.http.HttpServletRequest request,
                      String token)
Validate a form token received as part of a web request

Parameters:
request - the request the token was received in
token - the token
Returns:
true iff the token is valid


Copyright © 2002-2010 Atlassian. All Rights Reserved.