001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.tags; 020 021import org.apache.wiki.api.core.Session; 022import org.apache.wiki.http.filter.CsrfProtectionFilter; 023 024/** 025 * Outputs the hidden {@link CsrfProtectionFilter#ANTICSRF_PARAM}. 026 */ 027public class CsrfProtectionTag extends WikiTagBase { 028 029 private static final long serialVersionUID = -6828306125406112417L; 030 private boolean meta; 031 032 public void setFormat( final String format ) { 033 meta = "meta".equalsIgnoreCase( format ); 034 } 035 036 /** 037 * {@inheritDoc} 038 */ 039 @Override 040 public int doWikiStartTag() throws Exception { 041 final Session session = m_wikiContext.getWikiSession(); 042 final String csrfProtectionHidden; 043 if( meta ) { 044 csrfProtectionHidden = "<meta name=\"wikiCsrfProtection\" content='" + session.antiCsrfToken() + "'/>"; 045 } else { 046 csrfProtectionHidden = "<input type=\"hidden\" name=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " + 047 "id=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " + 048 "value=\"" + session.antiCsrfToken() + "\"/>"; 049 } 050 pageContext.getOut().print( csrfProtectionHidden ); 051 return SKIP_BODY; 052 } 053 054}