Class CsrfProtectionMatcher
- java.lang.Object
-
- de.hybris.platform.yacceleratorstorefront.security.CsrfProtectionMatcher
-
- All Implemented Interfaces:
org.springframework.security.web.util.matcher.RequestMatcher
public class CsrfProtectionMatcher extends java.lang.Object implements org.springframework.security.web.util.matcher.RequestMatcherThis matcher returns true for POST method and the request's servlet path does not match with the combined list of csrf.allowed.url.patterns from properties file and csrfAllowedUrlPatterns from spring configuration. Otherwise, it will return false.
-
-
Constructor Summary
Constructors Constructor Description CsrfProtectionMatcher()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.util.List<java.lang.String>getCsrfAllowedUrlPatterns()booleanmatches(javax.servlet.http.HttpServletRequest request)voidsetCsrfAllowedUrlPatterns(java.util.List<java.lang.String> csrfAllowedUrlPatterns)
-
-
-
Method Detail
-
matches
public boolean matches(javax.servlet.http.HttpServletRequest request)
- Specified by:
matchesin interfaceorg.springframework.security.web.util.matcher.RequestMatcher
-
getCsrfAllowedUrlPatterns
protected java.util.List<java.lang.String> getCsrfAllowedUrlPatterns()
- Returns:
- the csrfAllowedUrlPatterns
-
setCsrfAllowedUrlPatterns
public void setCsrfAllowedUrlPatterns(java.util.List<java.lang.String> csrfAllowedUrlPatterns)
- Parameters:
csrfAllowedUrlPatterns- the csrfAllowedUrlPatterns to set
-
-