Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.xwiki.csrf.script
Class CSRFTokenScriptService

java.lang.Object
  extended by org.xwiki.csrf.script.CSRFTokenScriptService
All Implemented Interfaces:
CSRFToken, org.xwiki.script.service.ScriptService
@Component(roles=org.xwiki.script.service.ScriptService.class)
@Named(value="csrf")
@Singleton
public class CSRFTokenScriptService
extends Object
implements CSRFToken, org.xwiki.script.service.ScriptService

Script service wrapping a CSRFToken component.

Since:
2.5M2
Version:
$Id: 30f3f2c6fc37b73ba3edc8f28aebfafca2879198 $

Constructor Summary
CSRFTokenScriptService()
           
 
Method Summary
 void clearToken()
          Removes the anti-CSRF token associated with the current user.
 String getResubmissionURL()
          Get the URL where a failed request should be redirected to.
 String getToken()
          Returns the anti-CSRF token associated with the current user.
 boolean isTokenValid(String token)
          Check if the given token matches the internally stored token associated with the current user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CSRFTokenScriptService

public CSRFTokenScriptService()
Method Detail

getToken

public String getToken()
Description copied from interface: CSRFToken
Returns the anti-CSRF token associated with the current user. Creates a fresh token on first call.

Specified by:
getToken in interface CSRFToken
Returns:
the secret token
See Also:
CSRFToken.isTokenValid(String)

clearToken

public void clearToken()
Description copied from interface: CSRFToken
Removes the anti-CSRF token associated with the current user. Current token is invalidated immediately, a subsequent call of CSRFToken.getToken() will generate a fresh token.

Specified by:
clearToken in interface CSRFToken

isTokenValid

public boolean isTokenValid(String token)
Description copied from interface: CSRFToken
Check if the given token matches the internally stored token associated with the current user.

Specified by:
isTokenValid in interface CSRFToken
Parameters:
token - random token from the request
Returns:
true if the component is disabled or the given token is correct, false otherwise

getResubmissionURL

public String getResubmissionURL()
Description copied from interface: CSRFToken
Get the URL where a failed request should be redirected to.

Specified by:
getResubmissionURL in interface CSRFToken
Returns:
URL of the resubmission page with correct parameters
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004–2014 XWiki. All rights reserved.