CSRFTokenScriptService (XWiki Platform

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.xwiki.csrf.internal.scripting
Class CSRFTokenScriptService

java.lang.Object
  org.xwiki.csrf.internal.scripting.CSRFTokenScriptService

All Implemented Interfaces:: CSRFToken, org.xwiki.script.service.ScriptService

@Component(roles=org.xwiki.script.service.ScriptService.class) @Named(value="csrf") @Singleton public class CSRFTokenScriptService
extends java.lang.Object
implements CSRFToken, org.xwiki.script.service.ScriptService
extends java.lang.Object
implements CSRFToken, org.xwiki.script.service.ScriptService

Script service wrapping a CSRFToken component.

Since:: 2.5M2
Version:: $Id$

Constructor Summary
`CSRFTokenScriptService()`

Method Summary
`void`	`clearToken()` Removes the anti-CSRF token associated with the current user.
`java.lang.String`	`getResubmissionURL()` Get the URL where a failed request should be redirected to.
`java.lang.String`	`getToken()` Returns the anti-CSRF token associated with the current user.
`boolean`	`isTokenValid(java.lang.String token)` Check if the given `token` matches the internally stored token associated with the current user.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

CSRFTokenScriptService

public CSRFTokenScriptService()

Method Detail

getToken

public java.lang.String getToken()

Returns the anti-CSRF token associated with the current user. Creates a fresh token on first call.

Specified by:: getToken in interface CSRFToken

Returns:: the secret token
See Also:: CSRFToken.isTokenValid(String)

clearToken

public void clearToken()

Removes the anti-CSRF token associated with the current user. Current token is invalidated immediately, a subsequent call of CSRFToken.getToken() will generate a fresh token.

Specified by:: clearToken in interface CSRFToken

See Also:: CSRFToken.clearToken()

isTokenValid

public boolean isTokenValid(java.lang.String token)

Check if the given token matches the internally stored token associated with the current user.

Specified by:: isTokenValid in interface CSRFToken

Parameters:: token - random token from the request
Returns:: true if the component is disabled or the given token is correct, false otherwise
See Also:: CSRFToken.isTokenValid(String)

getResubmissionURL

public java.lang.String getResubmissionURL()

Get the URL where a failed request should be redirected to.

Specified by:: getResubmissionURL in interface CSRFToken

Returns:: URL of the resubmission page with correct parameters
See Also:: CSRFToken.getResubmissionURL()