XsrfInvocationChecker (Atlassian JIRA 4.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.jira.security.xsrf
Interface XsrfInvocationChecker

All Known Implementing Classes:: DefaultXsrfInvocationChecker

public interface XsrfInvocationChecker

Checks that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.

Since:: v4.1.1

Field Summary
`static String`	`REQUIRE_SECURITY_TOKEN` This is the same name that Confluences uses in their webwork2 world so we are using the same name for synergy reasons
`static String`	`X_ATLASSIAN_TOKEN`

Method Summary
`XsrfCheckResult`	`checkActionInvocation(webwork.action.Action action, Map<String,?> parameters)` Checks that the action about to be executed has been invoked within the correct XSRF parameters.
`XsrfCheckResult`	`checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)` Checks that the web request contains the correct XSRF parameters.

Field Detail

REQUIRE_SECURITY_TOKEN

static final String REQUIRE_SECURITY_TOKEN

This is the same name that Confluences uses in their webwork2 world so we are using the same name for synergy reasons

See Also:: Constant Field Values

X_ATLASSIAN_TOKEN

static final String X_ATLASSIAN_TOKEN

See Also:: Constant Field Values

Method Detail

checkActionInvocation

XsrfCheckResult checkActionInvocation(webwork.action.Action action,
                                      Map<String,?> parameters)

Checks that the action about to be executed has been invoked within the correct XSRF parameters. This method will only perform the check if the current "command" is annotated with RequiresXsrfCheck.

Parameters:: action - the ActionSupport in play. Cannot be null.; parameters - the parameters this has been called with. Cannot be null.
Returns:: false if the action failed the XSRF check.

checkWebRequestInvocation

XsrfCheckResult checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)

Checks that the web request contains the correct XSRF parameters.

Parameters:: httpServletRequest - the HttpServletRequest in play. Can't be null.
Returns:: false if the request failed the XSRF check.