com.atlassian.crowd.console.filter

Class LoginCsrfFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

com.atlassian.crowd.console.filter.LoginCsrfFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class LoginCsrfFilter
extends org.springframework.web.filter.OncePerRequestFilter

Specialized filter to prevent CSRF attacks against the login url. Other pages should be protected by XsrfTokenInterceptor, which can't be used because because the login is handled by CrowdSSOAuthenticationProcessingFilter and interceptors are only applied after filters.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	LoginCsrfFilter.LoginCsrfTokenInvalidException
static class	LoginCsrfFilter.LoginCsrfTokenMissingException

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
LoginCsrfFilter()

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.FilterChain filterChain)
XsrfTokenGenerator	getTokenGenerator()
void	setRestLoginMatcher(org.springframework.security.web.util.matcher.RequestMatcher restLoginMatcher)
void	setTokenGenerator(XsrfTokenGenerator tokenGenerator)

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LoginCsrfFilter

public LoginCsrfFilter()

Method Detail

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest httpServletRequest,
                                javax.servlet.http.HttpServletResponse httpServletResponse,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

IOException

getTokenGenerator

public XsrfTokenGenerator getTokenGenerator()

setTokenGenerator

public void setTokenGenerator(XsrfTokenGenerator tokenGenerator)

setRestLoginMatcher

public void setRestLoginMatcher(org.springframework.security.web.util.matcher.RequestMatcher restLoginMatcher)