public class CsrfTokenSecurityFilter extends AbstractMgnlFilter
CsrfSecurityFilter
.
This filter passes if:
To provide flexibility, check is performed with voter in the filters bypasses node. The default bypass configured is:
To add more bypasses (i.e. to 'white-list' specific referrer domains or uris) use for example:
Constructor and Description |
---|
CsrfTokenSecurityFilter(javax.inject.Provider<Context> contextProvider) |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
handleError(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String message)
Actions to take when a CSRF attack is detected.
|
acceptsEncoding, acceptsGzipEncoding, addAndVerifyHeader, addBypass, addMapping, bypasses, destroy, doFilter, getBypasses, getDispatching, getMapping, getMappings, getName, headerContains, init, isEnabled, mapsTo, matches, matchesDispatching, setBypasses, setDispatching, setEnabled, setMappings, setName
@Inject public CsrfTokenSecurityFilter(javax.inject.Provider<Context> contextProvider)
public void doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in class AbstractMgnlFilter
IOException
javax.servlet.ServletException
protected void handleError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String message) throws IOException
HttpServletResponse.SC_FORBIDDEN
error response.IOException
Copyright © 2003–2018 Magnolia International Ltd.. All rights reserved.