Examples of org.springframework.security.web.csrf.CsrfFilter

• org.springframework.security.web.csrf.CsrfFilter
  wasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" >CSRF protection using a synchronizer token pattern. Developers are required to ensure that {@link CsrfFilter} is invoked for any request thatallows state to change. Typically this just means that they should ensure their web application follows proper REST semantics (i.e. do not change state with the HTTP methods GET, HEAD, TRACE, OPTIONS).

  Typically the {@link CsrfTokenRepository} implementation chooses to store the{@link CsrfToken} in {@link HttpSession} with{@link HttpSessionCsrfTokenRepository}. This is preferred to storing the token in a cookie which.

  @author Rob Winch @since 3.2

    }

    @SuppressWarnings("unchecked")
    @Override
    public void configure(H http) throws Exception {
        CsrfFilter filter = new CsrfFilter(csrfTokenRepository);
        if(requireCsrfProtectionMatcher != null) {
            filter.setRequireCsrfProtectionMatcher(requireCsrfProtectionMatcher);
        }
        AccessDeniedHandler accessDeniedHandler = createAccessDeniedHandler(http);
        if(accessDeniedHandler != null) {
            filter.setAccessDeniedHandler(accessDeniedHandler);
        }
        LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
        if(logoutConfigurer != null) {
            logoutConfigurer.addLogoutHandler(new CsrfLogoutHandler(csrfTokenRepository));
        }

     *            {@link CsrfTokenRepository}
     * @return the {@link CsrfTokenRepository} for the specified
     *         {@link HttpServletRequest}
     */
    public static CsrfTokenRepository getCsrfTokenRepository(HttpServletRequest request) {
        CsrfFilter filter = findFilter(request, CsrfFilter.class);
        if(filter == null) {
            return DEFAULT_TOKEN_REPO;
        }
        return (CsrfTokenRepository) ReflectionTestUtils.getField(filter, "tokenRepository");
    }