Class CsrfProtectionMatcher
java.lang.Object
de.hybris.platform.yacceleratorstorefront.security.CsrfProtectionMatcher
- All Implemented Interfaces:
org.springframework.security.web.util.matcher.RequestMatcher
public class CsrfProtectionMatcher
extends Object
implements org.springframework.security.web.util.matcher.RequestMatcher
This matcher returns true for POST method and the request's servlet path does not match with the combined list of
csrf.allowed.url.patterns from properties file and csrfAllowedUrlPatterns from spring configuration. Otherwise, it
will return false.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.springframework.security.web.util.matcher.RequestMatcher
org.springframework.security.web.util.matcher.RequestMatcher.MatchResult -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanmatches(javax.servlet.http.HttpServletRequest request) voidsetCsrfAllowedUrlPatterns(List<String> csrfAllowedUrlPatterns) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.security.web.util.matcher.RequestMatcher
matcher
-
Constructor Details
-
CsrfProtectionMatcher
public CsrfProtectionMatcher()
-
-
Method Details
-
matches
public boolean matches(javax.servlet.http.HttpServletRequest request) - Specified by:
matchesin interfaceorg.springframework.security.web.util.matcher.RequestMatcher
-
getCsrfAllowedUrlPatterns
- Returns:
- the csrfAllowedUrlPatterns
-
setCsrfAllowedUrlPatterns
- Parameters:
csrfAllowedUrlPatterns- the csrfAllowedUrlPatterns to set
-