AdminCsrfFilter (BroadleafCommerce 4.0.5-SNAPSHOT API)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.broadleafcommerce.common.security.handler.CsrfFilter
  - - org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware
```
public class AdminCsrfFilter
extends CsrfFilter
```
This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch (Session reset for example) the User will be redirected to login, if not session reset User is sent to previous location. The "blCsrfFilter' from applicationContext-admin-security should reference this class (org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter) instead of the CsrfFilter

Author:

trevorleffert

Field Summary

Fields
Modifier and Type Field and Description

protected org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler
- Fields inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter
  excludedRequestPatterns, exploitProtectionService, LOG
- Fields inherited from class org.springframework.web.filter.GenericFilterBean
  logger

Fields
Modifier and Type	Field and Description
`protected org.springframework.security.web.authentication.AuthenticationFailureHandler`	`failureHandler`

Constructor Summary

Constructors
Constructor and Description

AdminCsrfFilter()

Constructors
Constructor and Description
`AdminCsrfFilter()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`doFilter(javax.servlet.ServletRequest baseRequest, javax.servlet.ServletResponse baseResponse, javax.servlet.FilterChain chain)`

Methods inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter
getExcludedRequestPatterns, setExcludedRequestPatterns

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

failureHandler

protected org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler

Constructor Detail
- AdminCsrfFilter
```
public AdminCsrfFilter()
```

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest baseRequest,
            javax.servlet.ServletResponse baseResponse,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Overrides:: doFilter in class CsrfFilter
Throws:: IOException; javax.servlet.ServletException

Class AdminCsrfFilter

Field Summary

Fields inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.broadleafcommerce.common.security.handler.CsrfFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Detail

failureHandler

Constructor Detail

AdminCsrfFilter

Method Detail

doFilter