XsrfResourceFilter (Atlassian REST

java.lang.Object
- com.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilter

All Implemented Interfaces:

com.sun.jersey.spi.container.ContainerRequestFilter, com.sun.jersey.spi.container.ResourceFilter
```
public class XsrfResourceFilter
extends Object
implements com.sun.jersey.spi.container.ResourceFilter, com.sun.jersey.spi.container.ContainerRequestFilter
```
A filter that filters requests that need XSRF protection.
This checks for the presence of the no-check xsrf header and if the xsrf token is correct.

Since:

2.4

Field Summary

Fields
Modifier and Type Field and Description

static String NO_CHECK

static String TOKEN_HEADER

Fields
Modifier and Type	Field and Description
`static String`	`NO_CHECK`
`static String`	`TOKEN_HEADER`

Constructor Summary

Constructors
Constructor and Description

XsrfResourceFilter()

Constructors
Constructor and Description
`XsrfResourceFilter()`

Method Summary

Methods
Modifier and Type	Method and Description
`com.sun.jersey.spi.container.ContainerRequest`	`filter(com.sun.jersey.spi.container.ContainerRequest request)`
`com.sun.jersey.spi.container.ContainerRequestFilter`	`getRequestFilter()`
`com.sun.jersey.spi.container.ContainerResponseFilter`	`getResponseFilter()`
`protected boolean`	`isXsrfTokenValid(javax.servlet.http.HttpServletRequest httpServletRequest)` Returns true if the given request xsrf token cookie value matches the xsrf token submitted in the request form.
`void`	`setHttpContext(com.atlassian.sal.api.web.context.HttpContext httpContext)`
`void`	`setXsrfTokenValidator(com.atlassian.sal.api.xsrf.XsrfTokenValidator xsrfTokenValidator)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - TOKEN_HEADER
```
public static final String TOKEN_HEADER
```
    See Also:
    Constant Field Values
  - NO_CHECK
```
public static final String NO_CHECK
```
    See Also:
    Constant Field Values
- Constructor Detail
  - XsrfResourceFilter
```
public XsrfResourceFilter()
```
- Method Detail
  - setHttpContext
```
public void setHttpContext(com.atlassian.sal.api.web.context.HttpContext httpContext)
```
  - setXsrfTokenValidator
```
public void setXsrfTokenValidator(com.atlassian.sal.api.xsrf.XsrfTokenValidator xsrfTokenValidator)
```
  - filter
```
public com.sun.jersey.spi.container.ContainerRequest filter(com.sun.jersey.spi.container.ContainerRequest request)
```
    Specified by:
    
    filter in interface com.sun.jersey.spi.container.ContainerRequestFilter
  - getRequestFilter
```
public com.sun.jersey.spi.container.ContainerRequestFilter getRequestFilter()
```
    Specified by:
    
    getRequestFilter in interface com.sun.jersey.spi.container.ResourceFilter
  - getResponseFilter
```
public com.sun.jersey.spi.container.ContainerResponseFilter getResponseFilter()
```
    Specified by:
    
    getResponseFilter in interface com.sun.jersey.spi.container.ResourceFilter
  - isXsrfTokenValid
```
protected boolean isXsrfTokenValid(javax.servlet.http.HttpServletRequest httpServletRequest)
```
    Returns true if the given request xsrf token cookie value matches the xsrf token submitted in the request form. Currently this method only works on requests that have a media type of MediaType.APPLICATION_FORM_URLENCODED_TYPE.
    
    Parameters:
    request - the request to check.
    
    Returns:
    true if the given request xsrf token cookie value matches the xsrf token submitted in the request form.

Class XsrfResourceFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

TOKEN_HEADER

NO_CHECK

Constructor Detail

XsrfResourceFilter

Method Detail

setHttpContext

setXsrfTokenValidator

filter

getRequestFilter

getResponseFilter

isXsrfTokenValid