Class CSRFTokenScriptService

  • All Implemented Interfaces:
    CSRFToken, org.xwiki.script.service.ScriptService

    @Component(roles=org.xwiki.script.service.ScriptService.class)
    @Named("csrf")
    @Singleton
    public class CSRFTokenScriptService
    extends Object
    implements CSRFToken, org.xwiki.script.service.ScriptService
    Script service wrapping a CSRFToken component.
    Since:
    2.5M2
    Version:
    $Id: 6e5918728a9aff96354a35a3aa56165895dfb9e6 $
    • Constructor Detail

      • CSRFTokenScriptService

        public CSRFTokenScriptService()
    • Method Detail

      • clearToken

        public void clearToken()
        Description copied from interface: CSRFToken
        Removes the anti-CSRF token associated with the current user. Current token is invalidated immediately, a subsequent call of CSRFToken.getToken() will generate a fresh token.
        Specified by:
        clearToken in interface CSRFToken
      • isTokenValid

        public boolean isTokenValid​(String token)
        Description copied from interface: CSRFToken
        Check if the given token matches the internally stored token associated with the current user.
        Specified by:
        isTokenValid in interface CSRFToken
        Parameters:
        token - random token from the request
        Returns:
        true if the component is disabled or the given token is correct, false otherwise
      • getResubmissionURL

        public String getResubmissionURL()
        Description copied from interface: CSRFToken
        Get the URL where a failed request should be redirected to.
        Specified by:
        getResubmissionURL in interface CSRFToken
        Returns:
        URL of the resubmission page with correct parameters