com.atlassian.jira.security.xsrf
Class SimpleXsrfTokenGenerator

java.lang.Object
  extended by com.atlassian.jira.security.xsrf.SimpleXsrfTokenGenerator
All Implemented Interfaces:
XsrfTokenGenerator

public class SimpleXsrfTokenGenerator
extends java.lang.Object
implements XsrfTokenGenerator

Simple implementation of XsrfTokenGenerator that stores a unique value in the session. The session ID itself isn't used because we don't want to risk compromising the entire session in case we don't protect the XSRF token diligently enough.

Since:
v4.0

Field Summary
 
Fields inherited from interface com.atlassian.jira.security.xsrf.XsrfTokenGenerator
TOKEN_HTTP_SESSION_KEY, TOKEN_WEB_PARAMETER_KEY
 
Constructor Summary
SimpleXsrfTokenGenerator()
           
 
Method Summary
 java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
          Generate a new form token for the current request.
 java.lang.String generateToken(VelocityRequestContext request)
          Generate a new form token for the current request.
 java.lang.String getXsrfTokenName()
          Convenience method which will return the name to be used for a supplied XsrfToken in a request.
 boolean validateToken(javax.servlet.http.HttpServletRequest request, java.lang.String token)
          Validate a form token received as part of a web request
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SimpleXsrfTokenGenerator

public SimpleXsrfTokenGenerator()
Method Detail

generateToken

public java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
Description copied from interface: XsrfTokenGenerator
Generate a new form token for the current request.

Specified by:
generateToken in interface XsrfTokenGenerator
Parameters:
request - the request the token is being generated for
Returns:
a valid XSRF form token

generateToken

public java.lang.String generateToken(VelocityRequestContext request)
Description copied from interface: XsrfTokenGenerator
Generate a new form token for the current request.

Specified by:
generateToken in interface XsrfTokenGenerator
Parameters:
request - the request the token is being generated for
Returns:
a valid XSRF form token

getXsrfTokenName

public java.lang.String getXsrfTokenName()
Description copied from interface: XsrfTokenGenerator
Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Specified by:
getXsrfTokenName in interface XsrfTokenGenerator
Returns:
the name in the request for the Xsrf token.

validateToken

public boolean validateToken(javax.servlet.http.HttpServletRequest request,
                             java.lang.String token)
Description copied from interface: XsrfTokenGenerator
Validate a form token received as part of a web request

Specified by:
validateToken in interface XsrfTokenGenerator
Parameters:
request - the request the token was received in
token - the token
Returns:
true iff the token is valid


Copyright © 2002-2010 Atlassian. All Rights Reserved.