|
@@ -46,7 +46,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
|
|
|
* <p>
|
|
* <p>
|
|
|
* Typically the {@link CsrfTokenRepository} implementation chooses to store the
|
|
* Typically the {@link CsrfTokenRepository} implementation chooses to store the
|
|
|
* {@link CsrfToken} in {@link HttpSession} with {@link HttpSessionCsrfTokenRepository}.
|
|
* {@link CsrfToken} in {@link HttpSession} with {@link HttpSessionCsrfTokenRepository}.
|
|
|
- * This is preferred to storing the token in a cookie which.
|
|
|
|
|
|
|
+ * This is preferred to storing the token in a cookie which can be modified by a client application.
|
|
|
* </p>
|
|
* </p>
|
|
|
*
|
|
*
|
|
|
* @author Rob Winch
|
|
* @author Rob Winch
|
|
@@ -72,7 +72,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
|
|
|
|
|
|
|
|
/*
|
|
/*
|
|
|
* (non-Javadoc)
|
|
* (non-Javadoc)
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* @see
|
|
* @see
|
|
|
* org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(javax.servlet
|
|
* org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(javax.servlet
|
|
|
* .http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
|
|
* .http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
|
|
@@ -239,7 +239,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
|
|
|
|
|
|
|
|
/*
|
|
/*
|
|
|
* (non-Javadoc)
|
|
* (non-Javadoc)
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* @see
|
|
* @see
|
|
|
* org.springframework.security.web.util.matcher.RequestMatcher#matches(javax.
|
|
* org.springframework.security.web.util.matcher.RequestMatcher#matches(javax.
|
|
|
* servlet.http.HttpServletRequest)
|
|
* servlet.http.HttpServletRequest)
|
Rob Winch