Package org.xwiki.csrf
Interface CSRFToken
- All Known Implementing Classes:
CSRFTokenScriptService
@Role
public interface CSRFToken
Anti-CSRF (Cross Site Request Forgery) protection using secret token validation mechanism.
A random secret token should be included into every request that modifies or stores some data. If the token included into the request does not match the token stored on the server side, the request is redirected to a resubmission page where a legitimate user has a chance to confirm his action.
- Since:
- 2.5M2
- Version:
- $Id: 3671059457be856ae372b0b3ea2ea99bdebdfeeb $
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionvoidRemoves the anti-CSRF token associated with the current user.default StringGet the URI to call to trigger back the failed request.Get the URL where a failed request should be redirected to.getToken()Returns the anti-CSRF token associated with the current user.booleanisTokenValid(String token) Check if the giventokenmatches the internally stored token associated with the current user.
-
Method Details
-
getToken
String getToken()Returns the anti-CSRF token associated with the current user. Creates a fresh token on first call.- Returns:
- the secret token
- See Also:
-
clearToken
void clearToken()Removes the anti-CSRF token associated with the current user. Current token is invalidated immediately, a subsequent call ofgetToken()will generate a fresh token. -
isTokenValid
Check if the giventokenmatches the internally stored token associated with the current user.- Parameters:
token- random token from the request- Returns:
trueif the component is disabled or the given token is correct,falseotherwise
-
getResubmissionURL
String getResubmissionURL()Get the URL where a failed request should be redirected to.- Returns:
- URL of the resubmission page with correct parameters
-
getRequestURI
Get the URI to call to trigger back the failed request. It is the "resubmit" part ofgetResubmissionURL().- Returns:
- the URI to call to trigger back the failed request.
- Since:
- 11.3RC1
-