@PublicApi
public interface XsrfInvocationChecker
Modifier and Type | Field and Description |
---|---|
static String |
REQUIRE_SECURITY_TOKEN
This is the same name that Confluences uses in their webwork2 world so we are using the same name for synergy
reasons
|
static String |
X_ATLASSIAN_TOKEN |
Modifier and Type | Method and Description |
---|---|
XsrfCheckResult |
checkActionInvocation(webwork.action.Action action,
Map<String,?> parameters)
Checks that the action about to be executed has been invoked with the correct XSRF parameters.
|
XsrfCheckResult |
checkWebRequestInvocation(javax.servlet.http.HttpServletRequest httpServletRequest)
Checks that the web request contains the correct XSRF parameters.
|
static final String REQUIRE_SECURITY_TOKEN
static final String X_ATLASSIAN_TOKEN
@Nonnull XsrfCheckResult checkActionInvocation(@Nonnull webwork.action.Action action, @Nonnull Map<String,?> parameters)
DoesNotRequireXsrfCheck
or if the HTTP method in use is safe (aka non-mutative, i.e. GET, HEAD, OPTIONS, TRACE).
It will however still perform the check if the action class or action command's method is annotated with
RequiresXsrfCheck
whether the HTTP method is safe or not.action
- the Action
in play. Cannot be null.parameters
- the parameters this has been called with. Cannot be null.XsrfCheckResult
object. Not null.@Nonnull XsrfCheckResult checkWebRequestInvocation(@Nonnull javax.servlet.http.HttpServletRequest httpServletRequest)
httpServletRequest
- the HttpServletRequest
in play. Can't be null.XsrfCheckResult
object. Not null.Copyright © 2002-2024 Atlassian. All Rights Reserved.