com.atlassian.jira.web.action

Class XsrfErrorAction

java.lang.Object

webwork.action.ActionSupport

com.atlassian.jira.web.action.JiraWebActionSupport

com.atlassian.jira.web.action.XsrfErrorAction

All Implemented Interfaces:

ErrorCollection, I18nHelper, HttpServletVariables, AuthorizationSupport, Serializable, webwork.action.Action, webwork.action.CommandDriven, webwork.action.IllegalArgumentAware

public class XsrfErrorAction
extends JiraWebActionSupport

This action is usually run via a servlet FORWARD. It will look at the request attributes under javax.servlet.forward to figure out what the original request was.

Since:

v4.1

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class com.atlassian.jira.web.action.JiraWebActionSupport

JiraWebActionSupport.MessageType

Nested classes/interfaces inherited from interface com.atlassian.jira.util.I18nHelper

I18nHelper.BeanFactory

Nested classes/interfaces inherited from interface com.atlassian.jira.util.ErrorCollection

ErrorCollection.Reason

Field Summary

Fields

Modifier and Type	Field and Description
static String	FORWARD_PATH The path to use when forwarding to this action.

Fields inherited from class com.atlassian.jira.web.action.JiraWebActionSupport

ISSUE_NOT_FOUND_RESULT, PERMISSION_VIOLATION_RESULT, request, RETURN_URL_PARAMETER, savedFilters, SECURITY_BREACH_RESULT

Fields inherited from class webwork.action.ActionSupport

command, errorMap, errorMessages

Fields inherited from interface webwork.action.Action

ERROR, INPUT, LOGIN, NONE, SUCCESS

Constructor Summary

Constructors

Constructor and Description
XsrfErrorAction(RedirectSanitiser safeRedirectChecker)

Method Summary

Modifier and Type	Method and Description
protected String	doExecute()
String	execute()
String	getEncodedRedirectUrl()
String	getForwardRequestUri()
boolean	getNoRequestParameters()
String	getRequestMethod()
Set<Map.Entry<String,List<String>>>	getRequestParameters()
String	getRequestURL() Returns url to return to once token is re-issued.
String	getSessionTimeoutDuration()
String	getSessionTimeoutUnit()
boolean	isHasRedirectUrl()
boolean	isRequestParamsDisplayEnabled()
boolean	isSafeToRedirect()
boolean	isSessionExpired()

Methods inherited from class com.atlassian.jira.web.action.JiraWebActionSupport

addError, addErrorCollection, addErrorMessage, addErrorMessageByKeyIfAbsent, addErrorMessageIfAbsent, addErrorMessages, addErrorMessages, addErrors, addIllegalArgumentException, addMessageToResponse, addReason, addReasons, checkIfUrlIsAllowed, forceRedirect, getActionName, getAdministratorContactLink, getApplicationProperties, getAuthorizationSupport, getComponentInstanceOfType, getConglomerateCookieValue, getConstantsManager, getDateFormat, getDateTimeFormat, getDateTimeFormatter, getDefaultResourceBundle, getDescTranslation, getDescTranslation, getDmyDateFormatter, getEmptyResponse, getErrorMessages, getErrors, getField, getFlushedErrorMessages, getGlobalPermissionManager, getHint, getHintManager, getHttpRequest, getHttpResponse, getHttpSession, getI18nHelper, getJiraContactHelper, getJiraServiceContext, getKeysForPrefix, getLanguage, getLocale, getLoggedInApplicationUser, getLoggedInUser, getNameTranslation, getNameTranslation, getOfBizDelegator, getOutlookDate, getPermissionManager, getProjectManager, getRandomHint, getReasons, getRedirect, getRedirect, getRedirectSanitiser, getRequestSourceType, getResourceBundle, getResult, getReturnUrl, getReturnUrlForCancelLink, getSearchSortDescriptions, getSelectedProject, getSelectedProjectObject, getServerId, getServletContext, getText, getText, getText, getText, getText, getText, getText, getText, getText, getText, getText, getText, getText, getText, getTimeFormat, getUnescapedText, getUntransformedRawText, getUriValidator, getUserFullName, getUserManager, getUserPreferences, getUserProjectHistoryManager, getVersionManager, getWebworkStack, getWebworkStack, getXsrfToken, hasAnyErrors, hasErrorMessage, hasErrorMessageByKey, hasGlobalPermission, hasGlobalPermission, hasIssuePermission, hasIssuePermission, hasIssuePermission, hasPermission, hasProjectPermission, hasProjectPermission, htmlEncode, insertContextPath, isAdministrator, isIndexing, isInlineDialogMode, isKeyDefined, isSystemAdministrator, isUserExists, isUserExistsByKey, isUserExistsByName, removeKeyOrAddError, returnComplete, returnComplete, returnCompleteWithInlineRedirect, returnCompleteWithInlineRedirectAndMsg, returnCompleteWithInlineRedirectAndMsg, returnMsgToUser, returnMsgToUser, setConglomerateCookieValue, setInline, setReasons, setReturnUrl, setSelectedProjectId, tagMauEventWithApplication, tagMauEventWithProject, urlEncode

Methods inherited from class webwork.action.ActionSupport

addError, addErrorMessage, doDefault, doValidation, getCommandName, getHasErrorMessages, getHasErrors, getPropertyEditorMessage, getTexts, getTexts, getTimezone, invalidInput, invokeCommand, isCommand, setCommand, setErrorMessages, setErrors, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface webwork.action.CommandDriven

getCommandName, setCommand

Methods inherited from interface com.atlassian.jira.util.ErrorCollection

addError, addErrorMessage, setErrorMessages

Field Detail

FORWARD_PATH

public static final String FORWARD_PATH

The path to use when forwarding to this action.

Constructor Detail

XsrfErrorAction

public XsrfErrorAction(RedirectSanitiser safeRedirectChecker)

Method Detail

doExecute

protected String doExecute()
                    throws Exception

Overrides:

doExecute in class webwork.action.ActionSupport

Throws:

Exception

execute

public String execute()
               throws Exception

Specified by:

execute in interface webwork.action.Action

Overrides:

execute in class JiraWebActionSupport

Throws:

Exception

isHasRedirectUrl

public boolean isHasRedirectUrl()

getEncodedRedirectUrl

public String getEncodedRedirectUrl()

getSessionTimeoutDuration

public String getSessionTimeoutDuration()

getSessionTimeoutUnit

public String getSessionTimeoutUnit()

isSessionExpired

public boolean isSessionExpired()

getRequestURL

public String getRequestURL()

Returns url to return to once token is re-issued. This method utilises RedirectSanitiser to make sure returned url is safe (e.g. not a different host). It will default to the safe FORWARD_PATH should forward request URI be considered unsafe.

Returns:

String URL to redirect to

isSafeToRedirect

public boolean isSafeToRedirect()

getForwardRequestUri

public String getForwardRequestUri()

getRequestMethod

public String getRequestMethod()

getNoRequestParameters

public boolean getNoRequestParameters()

isRequestParamsDisplayEnabled

public boolean isRequestParamsDisplayEnabled()

getRequestParameters

public Set<Map.Entry<String,List<String>>> getRequestParameters()