Class CsrfProtectionMatcher

java.lang.Object
de.hybris.platform.yacceleratorstorefront.security.CsrfProtectionMatcher
All Implemented Interfaces:
org.springframework.security.web.util.matcher.RequestMatcher

public class CsrfProtectionMatcher extends Object implements org.springframework.security.web.util.matcher.RequestMatcher
This matcher returns true for POST method and the request's servlet path does not match with the combined list of csrf.allowed.url.patterns from properties file and csrfAllowedUrlPatterns from spring configuration. Otherwise, it will return false.
  • Constructor Details

    • CsrfProtectionMatcher

      public CsrfProtectionMatcher()
  • Method Details

    • matches

      public boolean matches(javax.servlet.http.HttpServletRequest request)
      Specified by:
      matches in interface org.springframework.security.web.util.matcher.RequestMatcher
    • getCsrfAllowedUrlPatterns

      protected List<String> getCsrfAllowedUrlPatterns()
      Returns:
      the csrfAllowedUrlPatterns
    • setCsrfAllowedUrlPatterns

      public void setCsrfAllowedUrlPatterns(List<String> csrfAllowedUrlPatterns)
      Parameters:
      csrfAllowedUrlPatterns - the csrfAllowedUrlPatterns to set