@Role
public interface CSRFToken
A random secret token should be included into every request that modifies or stores some data. If the token included into the request does not match the token stored on the server side, the request is redirected to a resubmission page where a legitimate user has a chance to confirm his action.
Modifier and Type | Method and Description |
---|---|
void |
clearToken()
Removes the anti-CSRF token associated with the current user.
|
default String |
getRequestURI()
Get the URI to call to trigger back the failed request.
|
String |
getResubmissionURL()
Get the URL where a failed request should be redirected to.
|
String |
getToken()
Returns the anti-CSRF token associated with the current user.
|
boolean |
isTokenValid(String token)
Check if the given
token matches the internally stored token associated with the current user. |
String getToken()
isTokenValid(String)
void clearToken()
getToken()
will generate a fresh token.boolean isTokenValid(String token)
token
matches the internally stored token associated with the current user.token
- random token from the requesttrue
if the component is disabled or the given token is correct, false
otherwiseString getResubmissionURL()
@Unstable default String getRequestURI()
getResubmissionURL()
.Copyright © 2004–2019 XWiki. All rights reserved.