Class CsrfProtectionFilter

java.lang.Object
org.apache.wiki.http.filter.CsrfProtectionFilter
All Implemented Interfaces:
javax.servlet.Filter

public class CsrfProtectionFilter extends Object implements javax.servlet.Filter
CSRF protection Filter which uses the synchronizer token pattern – an anti-CSRF token is created and stored in the user session and in a hidden field on subsequent form submits. At every submit the server checks the token from the session matches the one submitted from the form.
  • Field Details

  • Constructor Details

  • Method Details

    • init

      public void init(javax.servlet.FilterConfig filterConfig)
      Specified by:
      init in interface javax.servlet.Filter
    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      IOException
      javax.servlet.ServletException
    • isCsrfProtectedPost

      public static boolean isCsrfProtectedPost(javax.servlet.http.HttpServletRequest request)
    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter