com.atlassian.jira.functest.framework.security.xsrf
Class XsrfCheck

java.lang.Object
  extended by com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck

public class XsrfCheck
extends Object

Class that makes xsrf related testing easier. Provide it with repeatable steps and it'll perform a test for both valid and invalid tokens

Since:
v4.1

Nested Class Summary
static class XsrfCheck.AbstractFormSubmission
          Base class for form-based submission
static class XsrfCheck.AbstractLinkSubmission
          Abstract implementation of Submission for mutative actions accessed by links.
static class XsrfCheck.AsynchFormSubmission
          TODO: Document this class / interface here
static class XsrfCheck.FormSubmission
          Form-based submission by name
static class XsrfCheck.FormSubmissionWithId
          Form-based submission by id
static class XsrfCheck.LinkWithIdSubmission
          Id-based link submission
static class XsrfCheck.LinkWithTextSubmission
          Name-based link submission
static interface XsrfCheck.Setup
          Used to define the steps to perform before sending a request with a valid / invalid token
static interface XsrfCheck.Submission
          Used to define the implementation of removing a token from a request and sending a request
static class XsrfCheck.XPathLinkSubmission
          XPath based link submission.
 
Field Summary
static String ATL_TOKEN
           
static String XSRF_DEFAULT_ERROR
           
 
Constructor Summary
XsrfCheck(String description, XsrfCheck.Setup setup, XsrfCheck.Submission submission)
           
 
Method Summary
protected  void init(FuncTestHelperFactory funcTestHelperFactory)
           
static String invalidTokenInUrl(String original)
          Given a url string, if the ATL_TOKEN is present as a parameter, this method will make its value invalid.
 void run()
           
 void run(String xsrfError)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ATL_TOKEN

public static final String ATL_TOKEN
See Also:
Constant Field Values

XSRF_DEFAULT_ERROR

public static final String XSRF_DEFAULT_ERROR
See Also:
Constant Field Values
Constructor Detail

XsrfCheck

public XsrfCheck(String description,
                 XsrfCheck.Setup setup,
                 XsrfCheck.Submission submission)
Parameters:
description - Description of testcase
setup - The steps to perform before sending a request with a valid / invalid token
submission - The submission implementation - eg Link or Form based submission
Method Detail

init

protected void init(FuncTestHelperFactory funcTestHelperFactory)

run

public void run()
         throws Exception
Throws:
Exception

run

public void run(String xsrfError)
         throws Exception
Throws:
Exception

invalidTokenInUrl

public static String invalidTokenInUrl(String original)
Given a url string, if the ATL_TOKEN is present as a parameter, this method will make its value invalid.

Parameters:
original - the url string
Returns:
the replacement string if token was found; the original otherwise.


Copyright © 2002-2013 Atlassian. All Rights Reserved.