com.atlassian.confluence.impl.webapp.security.enforcer.XsrfTokenEnforcer

public final class XsrfTokenEnforcer extends Object implements SecurityEnforcer

Enforces XSRF token checks for protected actions. The lower level implementation is in XsrfTokenValidationManager.

Constructor Details
- XsrfTokenEnforcer
  
  public XsrfTokenEnforcer(XsrfTokenValidationManager xsrfTokenValidationManager)
Method Details
- shouldEnforce
  
  public boolean shouldEnforce(ConfluenceUser user, MappedAction mappedAction, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
  
  Specified by:
  
  shouldEnforce in interface SecurityEnforcer
  
  Returns:
  
  true if arguments failed enforcement criteria and SecurityEnforcer.enforce(com.atlassian.confluence.user.ConfluenceUser, jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) should be called.
- enforce
  
  public void enforce(ConfluenceUser user, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
  
  Description copied from interface: SecurityEnforcer
  
  Enforcement action that should be taken when SecurityEnforcer.shouldEnforce(com.atlassian.confluence.user.ConfluenceUser, com.atlassian.confluence.dmz.struts.MappedAction, jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) returns true.
  
  Specified by:
  
  enforce in interface SecurityEnforcer
  
  Throws:
  
  IOException
  
  jakarta.servlet.ServletException

Class XsrfTokenEnforcer

Constructor Summary