Package org.apache.wiki.http.filter
Class CsrfProtectionFilter
java.lang.Object
org.apache.wiki.http.filter.CsrfProtectionFilter
- All Implemented Interfaces:
javax.servlet.Filter
CSRF protection Filter which uses the synchronizer token pattern – an anti-CSRF token is created and stored in the
user session and in a hidden field on subsequent form submits. At every submit the server checks the token from the
session matches the one submitted from the form.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
destroy()
void
doFilter
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) void
init
(javax.servlet.FilterConfig filterConfig) static boolean
isCsrfProtectedPost
(javax.servlet.http.HttpServletRequest request)
-
Field Details
-
ANTICSRF_PARAM
- See Also:
-
-
Constructor Details
-
CsrfProtectionFilter
public CsrfProtectionFilter()
-
-
Method Details
-
init
- Specified by:
init
in interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
isCsrfProtectedPost
-
destroy
- Specified by:
destroy
in interfacejavax.servlet.Filter
-