Package org.broadleafcommerce.openadmin.web.filter

Class AdminCsrfFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.broadleafcommerce.common.security.handler.CsrfFilter
org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
@Deprecated public class AdminCsrfFilter extends CsrfFilter
Deprecated.
Use AdminSecurityFilter instead
This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch (Session reset for example) the User will be redirected to login, if not session reset User is sent to previous location.

The "blCsrfFilter' from applicationContext-admin-security should reference this class (org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter) instead of the CsrfFilter

Author:
trevorleffert

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected org.springframework.security.web.authentication.AuthenticationFailureHandler
    failureHandler
    Deprecated.
     

    Fields inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter

    excludedRequestPatterns, exploitProtectionService, LOG

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    AdminCsrfFilter()
    Deprecated.
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    doFilter(jakarta.servlet.ServletRequest baseRequest, jakarta.servlet.ServletResponse baseResponse, jakarta.servlet.FilterChain chain)
    Deprecated.
     

    Methods inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter

    getExcludedRequestPatterns, setExcludedRequestPatterns

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • failureHandler

      @Autowired @Qualifier("blAdminAuthenticationFailureHandler") protected org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler
      Deprecated.

  • Constructor Details

    • AdminCsrfFilter

      public AdminCsrfFilter()
      Deprecated.

  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest baseRequest, jakarta.servlet.ServletResponse baseResponse, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Deprecated.
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Overrides:
      doFilter in class CsrfFilter
      Throws:
      IOException
      jakarta.servlet.ServletException