As I want to protect my add-on from XSRF, I read this document and implemented atl_token.
https://developer.atlassian.com/confdev/confluence-plugin-guide/writing-confluence-plugins/form-token-handling
And in order to validate atl_token , methods @com.atlassian.xwork.RequireSecurityToken annotation and set RequireSecurityToken parameter in atlassian-plugins.xml are work well.
But... when invalid token is passed , xwork always return "input".
I want to return another result. For example, when XSRF token error occurs I want to return "xsrferror", when form input value error occurs I want to return "formerror".
So, I want to know how to validate atl_token in Java code.
Community moderators have prevented the ability to post new answers.
Hi Takashi,
For webwork actions just add
@RequiresXsrfCheck above a method.
See here for details: https://developer.atlassian.com/jiradev/jira-architecture/authentication/form-token-handling
For servlets use XsrfTokenValidator: https://docs.atlassian.com/jira/latest/com/atlassian/sal/jira/xsrf/JiraXsrfTokenValidator.html
Takashi, just inject ConfluenceXsrfTokenValidator through constructor.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.