Package com.atlassian.confluence.security.service

Class DefaultXsrfTokenService

java.lang.Object
com.atlassian.confluence.security.service.DefaultXsrfTokenService
All Implemented Interfaces:
XsrfTokenService
public class DefaultXsrfTokenService extends Object implements XsrfTokenService

  • Constructor Details

    • DefaultXsrfTokenService

      public DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator)
      Constructor that should only be used during confluence setup, when AllowedUrlsProvider is not available

    • DefaultXsrfTokenService

      public DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator, AllowedUrlsProvider allowedUrlsProvider)

  • Method Details

    • generateValidToken

      public String generateValidToken(jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: XsrfTokenService
      Generate and bind a token pair to the session.
      Specified by:
      generateValidToken in interface XsrfTokenService
      Parameters:
      request - the request used to identify the session, will be created if none is present
      Returns:
      a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

    • validateToken

      public Optional<Message> validateToken(jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: XsrfTokenService
      Validate if the given request contains the token bound to the request's session.
      Specified by:
      validateToken in interface XsrfTokenService
      Parameters:
      request - the request used to identify the session and containing the token parameter
      Returns:
      maybe error messages, thus !Optional.isPresent() indicates a successful flow