org.apache.nifi.web.security.csrf

Class SkipReplicatedCsrfFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class SkipReplicatedCsrfFilter
extends org.springframework.web.filter.OncePerRequestFilter

Skip Replicated Cross-Site Request Forgery Filter disables subsequent filtering for matched requests

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	REPLICATED_REQUEST_HEADER RequestReplicator.REQUEST_TRANSACTION_ID_HEADER applied to replicated cluster requests
private static org.springframework.security.web.util.matcher.RequestMatcher	REQUEST_MATCHER Requests containing replicated header and not containing authorization cookies will be skipped

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
SkipReplicatedCsrfFilter()

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Set request attribute to disable standard CSRF Filter when request matches

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REPLICATED_REQUEST_HEADER

protected static final String REPLICATED_REQUEST_HEADER

RequestReplicator.REQUEST_TRANSACTION_ID_HEADER applied to replicated cluster requests

See Also:

Constant Field Values

REQUEST_MATCHER

private static final org.springframework.security.web.util.matcher.RequestMatcher REQUEST_MATCHER

Requests containing replicated header and not containing authorization cookies will be skipped

Constructor Detail

SkipReplicatedCsrfFilter

public SkipReplicatedCsrfFilter()

Method Detail

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                IOException

Set request attribute to disable standard CSRF Filter when request matches

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Parameters:

request - HTTP Servlet Request

response - HTTP Servlet Response

filterChain - Filter Chain

Throws:

javax.servlet.ServletException - Thrown on FilterChain.doFilter()

IOException - Thrown on FilterChain.doFilter()