Package org.apache.wiki.http.filter
Class CsrfProtectionFilter
java.lang.Object
org.apache.wiki.http.filter.CsrfProtectionFilter
- All Implemented Interfaces:
javax.servlet.Filter
CSRF protection Filter which uses the synchronizer token pattern – an anti-CSRF token is created and stored in the
user session and in a hidden field on subsequent form submits. At every submit the server checks the token from the
session matches the one submitted from the form.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) voidinit(javax.servlet.FilterConfig filterConfig) static booleanisCsrfProtectedPost(javax.servlet.http.HttpServletRequest request)
-
Field Details
-
ANTICSRF_PARAM
- See Also:
-
-
Constructor Details
-
CsrfProtectionFilter
public CsrfProtectionFilter()
-
-
Method Details
-
init
- Specified by:
initin interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
isCsrfProtectedPost
-
destroy
- Specified by:
destroyin interfacejavax.servlet.Filter
-