Package org.apache.wiki.http.filter
Class CsrfProtectionFilter
- java.lang.Object
-
- org.apache.wiki.http.filter.CsrfProtectionFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class CsrfProtectionFilter extends java.lang.Object implements javax.servlet.Filter
CSRF protection Filter which uses the synchronizer token pattern – an anti-CSRF token is created and stored in the user session and in a hidden field on subsequent form submits. At every submit the server checks the token from the session matches the one submitted from the form.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringANTICSRF_PARAM
-
Constructor Summary
Constructors Constructor Description CsrfProtectionFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)voidinit(javax.servlet.FilterConfig filterConfig)static booleanisCsrfProtectedPost(javax.servlet.http.HttpServletRequest request)
-
-
-
Field Detail
-
ANTICSRF_PARAM
public static final java.lang.String ANTICSRF_PARAM
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CsrfProtectionFilter
public CsrfProtectionFilter()
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig)
- Specified by:
initin interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
java.io.IOExceptionjavax.servlet.ServletException
-
isCsrfProtectedPost
public static boolean isCsrfProtectedPost(javax.servlet.http.HttpServletRequest request)
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Filter
-
-