com.atlassian.jira.security.xsrf
Class DefaultXsrfInvocationChecker
java.lang.Object
com.atlassian.jira.security.xsrf.DefaultXsrfInvocationChecker
- All Implemented Interfaces:
- XsrfInvocationChecker
public class DefaultXsrfInvocationChecker
- extends java.lang.Object
- implements XsrfInvocationChecker
This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct
XSRF token.
- Since:
- v4.1
Method Summary |
boolean |
checkActionInvocation(webwork.action.Action action,
java.util.Map<java.lang.String,?> parameters)
Checks that the action about to be executed has been invoked within the correct XSRF parameters. |
boolean |
checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
Checks that the web request contains the correct XSRF parameters. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultXsrfInvocationChecker
public DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
checkActionInvocation
public boolean checkActionInvocation(webwork.action.Action action,
java.util.Map<java.lang.String,?> parameters)
- Checks that the action about to be executed has been invoked within the correct XSRF parameters. This method
will only perform the check if the current "command" is annotated with
RequiresXsrfCheck
.
- Specified by:
checkActionInvocation
in interface XsrfInvocationChecker
- Parameters:
action
- the ActionSupport
in play. Cannot be null.parameters
- the parameters this has been called with. Cannot be null.
- Returns:
- false if the action failed the XSRF check.
checkWebRequestInvocation
public boolean checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
- Checks that the web request contains the correct XSRF parameters.
- Specified by:
checkWebRequestInvocation
in interface XsrfInvocationChecker
- Parameters:
httpServletRequest
- the HttpServletRequest
in play. Can't be null.
- Returns:
- false if the request failed the XSRF check.
Copyright © 2002-2011 Atlassian. All Rights Reserved.