Package org.xwiki.csrf.script
Class CSRFTokenScriptService
- java.lang.Object
-
- org.xwiki.csrf.script.CSRFTokenScriptService
-
- All Implemented Interfaces:
CSRFToken
,org.xwiki.script.service.ScriptService
@Component(roles=org.xwiki.script.service.ScriptService.class) @Named("csrf") @Singleton public class CSRFTokenScriptService extends Object implements CSRFToken, org.xwiki.script.service.ScriptService
Script service wrapping aCSRFToken
component.- Since:
- 2.5M2
- Version:
- $Id: 6e5918728a9aff96354a35a3aa56165895dfb9e6 $
-
-
Constructor Summary
Constructors Constructor Description CSRFTokenScriptService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
clearToken()
Removes the anti-CSRF token associated with the current user.String
getRequestURI()
Get the URI to call to trigger back the failed request.String
getResubmissionURL()
Get the URL where a failed request should be redirected to.String
getToken()
Returns the anti-CSRF token associated with the current user.boolean
isTokenValid(String token)
Check if the giventoken
matches the internally stored token associated with the current user.
-
-
-
Method Detail
-
getToken
public String getToken()
Description copied from interface:CSRFToken
Returns the anti-CSRF token associated with the current user. Creates a fresh token on first call.- Specified by:
getToken
in interfaceCSRFToken
- Returns:
- the secret token
- See Also:
CSRFToken.isTokenValid(String)
-
clearToken
public void clearToken()
Description copied from interface:CSRFToken
Removes the anti-CSRF token associated with the current user. Current token is invalidated immediately, a subsequent call ofCSRFToken.getToken()
will generate a fresh token.- Specified by:
clearToken
in interfaceCSRFToken
-
isTokenValid
public boolean isTokenValid(String token)
Description copied from interface:CSRFToken
Check if the giventoken
matches the internally stored token associated with the current user.- Specified by:
isTokenValid
in interfaceCSRFToken
- Parameters:
token
- random token from the request- Returns:
true
if the component is disabled or the given token is correct,false
otherwise
-
getResubmissionURL
public String getResubmissionURL()
Description copied from interface:CSRFToken
Get the URL where a failed request should be redirected to.- Specified by:
getResubmissionURL
in interfaceCSRFToken
- Returns:
- URL of the resubmission page with correct parameters
-
getRequestURI
public String getRequestURI()
Description copied from interface:CSRFToken
Get the URI to call to trigger back the failed request. It is the "resubmit" part ofCSRFToken.getResubmissionURL()
.- Specified by:
getRequestURI
in interfaceCSRFToken
- Returns:
- the URI to call to trigger back the failed request.
-
-