JIRA uses a token authentication mechanism, for webwork actions, to add an extra level of security against XSRF (Cross-site request forgery). JIRA's core product and bundles plugins already use this in its code but it is an opt-in mechanism for custom add-ons.
In this recipe, we will see how we can modify the action plugin we wrote in the previous recipe to include this extra layer of security.
Adding form token handling is pretty easy. Following are the two steps to include it in our action plugin:
Modify the action class to include
RequiresXsrfCheck
annotation in the methods that are executed in the action. In our class, the method isdoExecute()
. The modified method definition will look like the following:@Override @RequiresXsrfCheck protected String doExecute() throws Exception { //Business Logic...