org.broadleafcommerce.common.security.handler

Class CsrfFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.broadleafcommerce.common.security.handler.CsrfFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

Deprecated.

Use SecurityFilter instead

@Deprecated
public class CsrfFilter
extends org.springframework.web.filter.GenericFilterBean

Checks the validity of the CSRF token on every POST request. You can inject excluded Request URI patterns to bypass this filter. This filter uses the AntPathRequestMatcher which compares a pre-defined ant-style pattern against the URL (servletPath + pathInfo) of an HttpServletRequest. This allows you to use wildcard matching as well, for example /** or **

Author:

Andre Azzolini (apazzolini)

See Also:

AntPathRequestMatcher

Field Summary

Fields

Modifier and Type	Field and Description
protected List<String>	excludedRequestPatterns Deprecated.
protected ExploitProtectionService	exploitProtectionService Deprecated.
protected static org.apache.commons.logging.Log	LOG Deprecated.

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
CsrfFilter() Deprecated.

Method Summary

Modifier and Type	Method and Description
void	doFilter(javax.servlet.ServletRequest baseRequest, javax.servlet.ServletResponse baseResponse, javax.servlet.FilterChain chain) Deprecated.
List<String>	getExcludedRequestPatterns() Deprecated.
void	setExcludedRequestPatterns(List<String> excludedRequestPatterns) Deprecated. This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

protected static final org.apache.commons.logging.Log LOG

Deprecated.

exploitProtectionService

protected ExploitProtectionService exploitProtectionService

Deprecated.

excludedRequestPatterns

protected List<String> excludedRequestPatterns

Deprecated.

Constructor Detail

CsrfFilter

public CsrfFilter()

Deprecated.

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest baseRequest,
                     javax.servlet.ServletResponse baseResponse,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Deprecated.

Throws:

IOException

javax.servlet.ServletException

getExcludedRequestPatterns

public List<String> getExcludedRequestPatterns()

Deprecated.

setExcludedRequestPatterns

public void setExcludedRequestPatterns(List<String> excludedRequestPatterns)

Deprecated.

This allows you to declaratively set a list of excluded Request Patterns /exclude-me/**