XsrfTokenGenerator (Atlassian JIRA 6.3.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.jira.security.xsrf
Interface XsrfTokenGenerator

All Known Implementing Classes:: SimpleXsrfTokenGenerator

public interface XsrfTokenGenerator

Interface for generating anti-XSRF tokens for web forms.

The default implementation (available viw dependency injection) should be good enough for anyone, but this interface is provided just in case anyone wants to implement their own token generation strategy.

Since:: v4.1

Field Summary
`static String`	`TOKEN_HTTP_SESSION_KEY` The name of the XSRF token put ino the HTTP session
`static String`	`TOKEN_WEB_PARAMETER_KEY` The name of the XSRF token parameter sent in on a web request

Method Summary
`boolean`	`generatedByAuthenticatedUser(String token)` This returns true of the token was generated by an authenticated user
`String`	`generateToken()` Gets the token from the current request, generating a new one if none is found
`String`	`generateToken(boolean create)` Gets the token from the current request, optionally generating a new one if none is found
`String`	`generateToken(javax.servlet.http.HttpServletRequest request)` Gets the token from the current request, generating a new one if none is found
`String`	`generateToken(javax.servlet.http.HttpServletRequest request, boolean create)` Gets the token from the current request, optionally generating a new one if none is found
`String`	`generateToken(VelocityRequestContext request)` Deprecated. since 4.3 - use the other two forms of generateToken()
`String`	`getToken(javax.servlet.http.HttpServletRequest request)` Gets the token from the current request, generating a new one if none is found
`String`	`getXsrfTokenName()` Convenience method which will return the name to be used for a supplied XsrfToken in a request.
`boolean`	`validateToken(javax.servlet.http.HttpServletRequest request, String token)` Validate a form token received as part of a web request

Field Detail

TOKEN_HTTP_SESSION_KEY

static final String TOKEN_HTTP_SESSION_KEY

The name of the XSRF token put ino the HTTP session

See Also:: Constant Field Values

TOKEN_WEB_PARAMETER_KEY

static final String TOKEN_WEB_PARAMETER_KEY

The name of the XSRF token parameter sent in on a web request

See Also:: Constant Field Values

Method Detail

generateToken

String generateToken()

Gets the token from the current request, generating a new one if none is found

Returns:: a valid XSRF form token

generateToken

String generateToken(boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters:: create - true to create token if none is found
Returns:: a valid XSRF form token

generateToken

String generateToken(javax.servlet.http.HttpServletRequest request)

Gets the token from the current request, generating a new one if none is found

Parameters:: request - the request the token is being generated for
Returns:: a valid XSRF form token

generateToken

String generateToken(javax.servlet.http.HttpServletRequest request,
                     boolean create)

Gets the token from the current request, optionally generating a new one if none is found

Parameters:: request - the request the token is being generated for; create - true to create token if none is found
Returns:: a valid XSRF form token

getToken

String getToken(javax.servlet.http.HttpServletRequest request)

Gets the token from the current request, generating a new one if none is found

Parameters:: request - request that contains the form token.
Returns:: the token stored in the cookie of this request.

generateToken

@Deprecated
String generateToken(VelocityRequestContext request)

Deprecated. since 4.3 - use the other two forms of generateToken()

Gets the token from the current request, generating a new one if none is found

Parameters:: request - the request the token is being generated for
Returns:: a valid XSRF form token

getXsrfTokenName

String getXsrfTokenName()

Convenience method which will return the name to be used for a supplied XsrfToken in a request.

Returns:: the name in the request for the Xsrf token.

validateToken

boolean validateToken(javax.servlet.http.HttpServletRequest request,
                      String token)

Validate a form token received as part of a web request

Parameters:: request - the request the token was received in; token - the token
Returns:: true iff the token is valid

generatedByAuthenticatedUser

boolean generatedByAuthenticatedUser(String token)

This returns true of the token was generated by an authenticated user

Parameters:: token - the XSRF token in question
Returns:: true if the token was generated by an authenticated user.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.jira.security.xsrf Interface XsrfTokenGenerator

TOKEN_HTTP_SESSION_KEY

TOKEN_WEB_PARAMETER_KEY

generateToken

generateToken

generateToken

generateToken

getToken

generateToken

getXsrfTokenName

validateToken

generatedByAuthenticatedUser

com.atlassian.jira.security.xsrf
Interface XsrfTokenGenerator