CsrfFilter (BroadleafCommerce Common Libraries 2.1.0-GA API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.broadleafcommerce.common.security.handler
Class CsrfFilter

java.lang.Object
  org.springframework.web.filter.GenericFilterBean
      org.broadleafcommerce.common.security.handler.CsrfFilter

All Implemented Interfaces:: javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

public class CsrfFilter
extends org.springframework.web.filter.GenericFilterBean
extends org.springframework.web.filter.GenericFilterBean

Checks the validity of the CSRF token on every POST request. You can inject excluded Request URI patterns to bypass this filter. This filter uses the AntPathRequestMatcher which compares a pre-defined ant-style pattern against the URL (servletPath + pathInfo) of an HttpServletRequest. This allows you to use wildcard matching as well, for example /** or **

Author:: Andre Azzolini (apazzolini)
See Also:: AntPathRequestMatcher

Field Summary
`protected List<String>`	`excludedRequestPatterns`
`protected ExploitProtectionService`	`exploitProtectionService`
`protected static org.apache.commons.logging.Log`	`LOG`

Fields inherited from class org.springframework.web.filter.GenericFilterBean
`logger`

Constructor Summary
`CsrfFilter()`

Method Summary
`void`	`doFilter(javax.servlet.ServletRequest baseRequest, javax.servlet.ServletResponse baseResponse, javax.servlet.FilterChain chain)`
`List<String>`	`getExcludedRequestPatterns()`
`void`	`setExcludedRequestPatterns(List<String> excludedRequestPatterns)` This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**

Methods inherited from class org.springframework.web.filter.GenericFilterBean
`addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

LOG

protected static final org.apache.commons.logging.Log LOG

exploitProtectionService

protected ExploitProtectionService exploitProtectionService

excludedRequestPatterns

protected List<String> excludedRequestPatterns

Constructor Detail

CsrfFilter

public CsrfFilter()

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest baseRequest,
                     javax.servlet.ServletResponse baseResponse,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Throws:: IOException; javax.servlet.ServletException

getExcludedRequestPatterns

public List<String> getExcludedRequestPatterns()

setExcludedRequestPatterns

public void setExcludedRequestPatterns(List<String> excludedRequestPatterns)

This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**