DefaultXsrfInvocationChecker (Atlassian Jira

java.lang.Object
- com.atlassian.jira.security.ActionInvocationCheckerBase
- - com.atlassian.jira.security.xsrf.DefaultXsrfInvocationChecker

All Implemented Interfaces:

XsrfInvocationChecker
```
public class DefaultXsrfInvocationChecker
extends ActionInvocationCheckerBase
implements XsrfInvocationChecker
```
This class will check that a web-request (either WebWork action or HttpServlet) has been invoked with the correct XSRF token.

Since:

v4.1

Field Summary
- Fields inherited from interface com.atlassian.jira.security.xsrf.XsrfInvocationChecker
  REQUIRE_SECURITY_TOKEN, X_ATLASSIAN_TOKEN

Constructor Summary

Constructors
Constructor and Description

DefaultXsrfInvocationChecker(ComponentLocator componentLocator)

Constructors
Constructor and Description
`DefaultXsrfInvocationChecker(ComponentLocator componentLocator)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`XsrfCheckResult`	`checkActionInvocation(webwork.action.Action action, Map<String,?> parameters)` Checks that the action about to be executed has been invoked with the correct XSRF parameters.
`XsrfCheckResult`	`checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)` Checks that the web request contains the correct XSRF parameters.

Methods inherited from class com.atlassian.jira.security.ActionInvocationCheckerBase
getMethod, getMethodName

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultXsrfInvocationChecker
```
public DefaultXsrfInvocationChecker(ComponentLocator componentLocator)
```
- Method Detail
  - checkActionInvocation
```
@Nonnull
public XsrfCheckResult checkActionInvocation(@Nonnull
                                                      webwork.action.Action action,
                                                      @Nonnull
                                                      Map<String,?> parameters)
```
    Checks that the action about to be executed has been invoked with the correct XSRF parameters. This method will skip the check if the action class or action command's method is annotated with DoesNotRequireXsrfCheck or if the HTTP method in use is safe (aka non-mutative, i.e. GET, HEAD, OPTIONS, TRACE). It will however still perform the check if the action class or action command's method is annotated with RequiresXsrfCheck whether the HTTP method is safe or not.
    
    Specified by:
    
    checkActionInvocation in interface XsrfInvocationChecker
    
    Parameters:
    
    action - the Action in play. Cannot be null.
    
    parameters - the parameters this has been called with. Cannot be null.
    
    Returns:
    
    XsrfCheckResult object. Not null.
  - checkWebRequestInvocation
```
@Nonnull
public XsrfCheckResult checkWebRequestInvocation(@Nonnull
                                                          javax.servlet.http.HttpServletRequest httpServletRequest)
```
    Checks that the web request contains the correct XSRF parameters.
    
    Specified by:
    
    checkWebRequestInvocation in interface XsrfInvocationChecker
    
    Parameters:
    
    httpServletRequest - the HttpServletRequest in play. Can't be null.
    
    Returns:
    
    XsrfCheckResult object. Not null.

Class DefaultXsrfInvocationChecker

Field Summary

Fields inherited from interface com.atlassian.jira.security.xsrf.XsrfInvocationChecker

Constructor Summary

Method Summary

Methods inherited from class com.atlassian.jira.security.ActionInvocationCheckerBase

Methods inherited from class java.lang.Object

Constructor Detail

DefaultXsrfInvocationChecker

Method Detail

checkActionInvocation

checkWebRequestInvocation