public class DefaultXsrfInvocationChecker extends ActionInvocationCheckerBase implements XsrfInvocationChecker
REQUIRE_SECURITY_TOKEN, X_ATLASSIAN_TOKEN
Constructor and Description |
---|
DefaultXsrfInvocationChecker(ComponentLocator componentLocator) |
Modifier and Type | Method and Description |
---|---|
XsrfCheckResult |
checkActionInvocation(webwork.action.Action action,
Map<String,?> parameters)
Checks that the action about to be executed has been invoked with the correct XSRF parameters.
|
XsrfCheckResult |
checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
Checks that the web request contains the correct XSRF parameters.
|
getMethod, getMethodName
public DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
@Nonnull public XsrfCheckResult checkActionInvocation(@Nonnull webwork.action.Action action, @Nonnull Map<String,?> parameters)
DoesNotRequireXsrfCheck
or if the HTTP method in use is safe (aka non-mutative, i.e. GET, HEAD, OPTIONS, TRACE).
It will however still perform the check if the action class or action command's method is annotated with
RequiresXsrfCheck
whether the HTTP method is safe or not.checkActionInvocation
in interface XsrfInvocationChecker
action
- the Action
in play. Cannot be null.parameters
- the parameters this has been called with. Cannot be null.XsrfCheckResult
object. Not null.@Nonnull public XsrfCheckResult checkWebRequestInvocation(@Nonnull javax.servlet.http.HttpServletRequest httpServletRequest)
checkWebRequestInvocation
in interface XsrfInvocationChecker
httpServletRequest
- the HttpServletRequest
in play. Can't be null.XsrfCheckResult
object. Not null.Copyright © 2002-2023 Atlassian. All Rights Reserved.