com.atlassian.jira.security.xsrf
Class DefaultXsrfInvocationChecker

java.lang.Object
  extended by com.atlassian.jira.security.xsrf.DefaultXsrfInvocationChecker
All Implemented Interfaces:
XsrfInvocationChecker

public class DefaultXsrfInvocationChecker
extends Object
implements XsrfInvocationChecker

This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.

Since:
v4.1

Field Summary
 
Fields inherited from interface com.atlassian.jira.security.xsrf.XsrfInvocationChecker
REQUIRE_SECURITY_TOKEN, X_ATLASSIAN_TOKEN
 
Constructor Summary
DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
           
 
Method Summary
 XsrfCheckResult checkActionInvocation(webwork.action.Action action, Map<String,?> parameters)
          Checks that the action about to be executed has been invoked within the correct XSRF parameters.
 XsrfCheckResult checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
          Checks that the web request contains the correct XSRF parameters.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultXsrfInvocationChecker

public DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
Method Detail

checkActionInvocation

public XsrfCheckResult checkActionInvocation(webwork.action.Action action,
                                             Map<String,?> parameters)
Checks that the action about to be executed has been invoked within the correct XSRF parameters. This method will only perform the check if the current "command" is annotated with RequiresXsrfCheck.

Specified by:
checkActionInvocation in interface XsrfInvocationChecker
Parameters:
action - the ActionSupport in play. Cannot be null.
parameters - the parameters this has been called with. Cannot be null.
Returns:
false if the action failed the XSRF check.

checkWebRequestInvocation

public XsrfCheckResult checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
Checks that the web request contains the correct XSRF parameters.

Specified by:
checkWebRequestInvocation in interface XsrfInvocationChecker
Parameters:
httpServletRequest - the HttpServletRequest in play. Can't be null.
Returns:
false if the request failed the XSRF check.


Copyright © 2002-2012 Atlassian. All Rights Reserved.