com.atlassian.jira.security.xsrf
Class DefaultXsrfInvocationChecker
java.lang.Object
com.atlassian.jira.security.xsrf.DefaultXsrfInvocationChecker
- All Implemented Interfaces:
- XsrfInvocationChecker
public class DefaultXsrfInvocationChecker
- extends Object
- implements XsrfInvocationChecker
This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct
XSRF token.
- Since:
- v4.1
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultXsrfInvocationChecker
public DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
checkActionInvocation
public XsrfCheckResult checkActionInvocation(webwork.action.Action action,
Map<String,?> parameters)
- Checks that the action about to be executed has been invoked within the correct XSRF parameters. This method will
only perform the check if the current "command" is annotated with
RequiresXsrfCheck
.
- Specified by:
checkActionInvocation
in interface XsrfInvocationChecker
- Parameters:
action
- the ActionSupport
in play. Cannot be null.parameters
- the parameters this has been called with. Cannot be null.
- Returns:
- false if the action failed the XSRF check.
checkWebRequestInvocation
public XsrfCheckResult checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
- Checks that the web request contains the correct XSRF parameters.
- Specified by:
checkWebRequestInvocation
in interface XsrfInvocationChecker
- Parameters:
httpServletRequest
- the HttpServletRequest
in play. Can't be null.
- Returns:
- false if the request failed the XSRF check.
Copyright © 2002-2012 Atlassian. All Rights Reserved.