Package com.atlassian.crowd.console.filter

Class LoginCsrfFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
com.atlassian.crowd.console.filter.LoginCsrfFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class LoginCsrfFilter extends org.springframework.web.filter.OncePerRequestFilter
Specialized filter to prevent CSRF attacks against the login url. Other pages should be protected by XsrfTokenInterceptor.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    LoginCsrfFilter.LoginCsrfTokenInvalidException
     
    static class 
    LoginCsrfFilter.LoginCsrfTokenMissingException
     

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    LoginCsrfFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.FilterChain filterChain)
     
    XsrfTokenGenerator
    getTokenGenerator()
     
    void
    setRestLoginMatcher(org.springframework.security.web.util.matcher.RequestMatcher restLoginMatcher)
     
    void
    setTokenGenerator(XsrfTokenGenerator tokenGenerator)
     

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • LoginCsrfFilter

      public LoginCsrfFilter()

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      javax.servlet.ServletException
      IOException

    • getTokenGenerator

      public XsrfTokenGenerator getTokenGenerator()

    • setTokenGenerator

      public void setTokenGenerator(XsrfTokenGenerator tokenGenerator)

    • setRestLoginMatcher

      public void setRestLoginMatcher(org.springframework.security.web.util.matcher.RequestMatcher restLoginMatcher)