Package org.broadleafcommerce.common.security.handler

Class CsrfFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.broadleafcommerce.common.security.handler.CsrfFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

@Deprecated
public class CsrfFilter
extends org.springframework.web.filter.GenericFilterBean

Deprecated.

Use SecurityFilter instead

Checks the validity of the CSRF token on every POST request. You can inject excluded Request URI patterns to bypass this filter. This filter uses the AntPathRequestMatcher which compares a pre-defined ant-style pattern against the URL (servletPath + pathInfo) of an HttpServletRequest. This allows you to use wildcard matching as well, for example /** or **

Author:

Andre Azzolini (apazzolini)

See Also:

• AntPathRequestMatcher

Field Summary

Fields

Modifier and Type	Field	Description
protected List<String>	excludedRequestPatterns	Deprecated.
protected ExploitProtectionService	exploitProtectionService	Deprecated.
protected static final org.apache.commons.logging.Log	LOG	Deprecated.

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
CsrfFilter()	Deprecated.

Method Summary

Modifier and Type	Method	Description
void	doFilter(jakarta.servlet.ServletRequest baseRequest, jakarta.servlet.ServletResponse baseResponse, jakarta.servlet.FilterChain chain)	Deprecated.
List<String>	getExcludedRequestPatterns()	Deprecated.
void	setExcludedRequestPatterns(List<String> excludedRequestPatterns)	Deprecated. This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOG

protected static final org.apache.commons.logging.Log LOG

Deprecated.

exploitProtectionService

@Autowired
@Qualifier("blExploitProtectionService")
protected ExploitProtectionService exploitProtectionService

Deprecated.

excludedRequestPatterns

protected List<String> excludedRequestPatterns

Deprecated.

Constructor Details

CsrfFilter

public CsrfFilter()

Deprecated.

Method Details

doFilter

public void doFilter(jakarta.servlet.ServletRequest baseRequest,
 jakarta.servlet.ServletResponse baseResponse,
 jakarta.servlet.FilterChain chain)
              throws IOException,
jakarta.servlet.ServletException

Deprecated.

Throws:

IOException

jakarta.servlet.ServletException

getExcludedRequestPatterns

public List<String> getExcludedRequestPatterns()

Deprecated.

setExcludedRequestPatterns

public void setExcludedRequestPatterns(List<String> excludedRequestPatterns)

Deprecated.

This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**