Package com.atlassian.confluence.security.service

Class DefaultXsrfTokenService

java.lang.Object

com.atlassian.confluence.security.service.DefaultXsrfTokenService

All Implemented Interfaces:

XsrfTokenService

public class DefaultXsrfTokenService
extends Object
implements XsrfTokenService

Field Summary

Fields inherited from interface com.atlassian.confluence.security.service.XsrfTokenService

OVERRIDE_HEADER_NAME, OVERRIDE_HEADER_VALUE, REQUEST_PARAM_NAME

Constructor Summary

Constructors

Constructor	Description
DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator)	Constructor that should only be used during confluence setup, when AllowedUrlsProvider is not available
DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator, AllowedUrlsProvider allowedUrlsProvider)
DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)	Deprecated, for removal: This API element is subject to removal in a future version. since 9.3, use DefaultXsrfTokenService(XsrfTokenGenerator) instead.
DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator, AllowedUrlsProvider allowedUrlsProvider)	Deprecated, for removal: This API element is subject to removal in a future version. since 9.3, use DefaultXsrfTokenService(XsrfTokenGenerator, AllowedUrlsProvider) instead.

Method Summary

Modifier and Type	Method	Description
String	generateValidToken(javax.servlet.http.HttpServletRequest request)	Generate and bind a token pair to the session.
Optional<Message>	validateToken(javax.servlet.http.HttpServletRequest request)	Validate if the given request contains the token bound to the request's session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.confluence.security.service.XsrfTokenService

hasValidToken

Constructor Details

DefaultXsrfTokenService

public DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator)

Constructor that should only be used during confluence setup, when AllowedUrlsProvider is not available

DefaultXsrfTokenService

public DefaultXsrfTokenService(com.atlassian.struts.xsrf.XsrfTokenGenerator tokenGenerator,
 AllowedUrlsProvider allowedUrlsProvider)

DefaultXsrfTokenService

@Deprecated(forRemoval=true,
            since="9.3")
public DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)

Deprecated, for removal: This API element is subject to removal in a future version.

since 9.3, use DefaultXsrfTokenService(XsrfTokenGenerator) instead.

DefaultXsrfTokenService

@Deprecated(forRemoval=true,
            since="9.3")
public DefaultXsrfTokenService(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator,
 AllowedUrlsProvider allowedUrlsProvider)

Deprecated, for removal: This API element is subject to removal in a future version.

since 9.3, use DefaultXsrfTokenService(XsrfTokenGenerator, AllowedUrlsProvider) instead.

Method Details

generateValidToken

public String generateValidToken(javax.servlet.http.HttpServletRequest request)

Description copied from interface: XsrfTokenService

Generate and bind a token pair to the session.

Specified by:

generateValidToken in interface XsrfTokenService

Parameters:

request - the request used to identify the session, will be created if none is present

Returns:

a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

validateToken

public Optional<Message> validateToken(javax.servlet.http.HttpServletRequest request)

Description copied from interface: XsrfTokenService

Validate if the given request contains the token bound to the request's session.

Specified by:

validateToken in interface XsrfTokenService

Parameters:

request - the request used to identify the session and containing the token parameter

Returns:

maybe error messages, thus !Optional.isPresent() indicates a successful flow