- All Implemented Interfaces:
- javax.servlet.Filter
public class XSRFCheckFilter
extends Object
implements javax.servlet.Filter
This filter checks the XSRF token is present in your request.
Otherwise it returns an HTTP 401 - Unauthorized status code.
Params initialization and url patterns treatment (matches, nocaches and wildcards) is inspired by jodd.servlet.filter.GzipFilter.java
http://jodd.org/doc/htmlstapler/enabling-gzip.html#GZIP-filter
Those params are:
- match: comma separated string patterns to be found in the uri for using XSRFCheckFilter. Only uris that match these patterns will be checked. Use '*' to enable default matching.
- widlcards {true|false} boolean that specifies wildcard matching for string patterns. by default false.
- exludes: comma separated string patterns to be excluded if found in uri for using XSRFCheckFilter. It is applied only if all urls are matched.
- genXsrfPath: Single path which will generate the XSRF Token.