Class CsrfProtectionFilter

  • All Implemented Interfaces:

    public class CsrfProtectionFilter
    extends java.lang.Object
    implements javax.servlet.Filter
    CSRF protection Filter which uses the synchronizer token pattern – an anti-CSRF token is created and stored in the user session and in a hidden field on subsequent form submits. At every submit the server checks the token from the session matches the one submitted from the form.
    • Field Summary

      Modifier and Type Field Description
      static java.lang.String ANTICSRF_PARAM  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
      void init​(javax.servlet.FilterConfig filterConfig)
      static boolean isCsrfProtectedPost​(javax.servlet.http.HttpServletRequest request)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
        Specified by:
        init in interface javax.servlet.Filter
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
        Specified by:
        doFilter in interface javax.servlet.Filter
      • isCsrfProtectedPost

        public static boolean isCsrfProtectedPost​(javax.servlet.http.HttpServletRequest request)
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter