protected State preHandleRequest(Request request, Response response, DefaultSecurityContextHolder context) throws Throwable { request.setSecurityContext(context); //Handles request if login if(config.isLoginEnabled() && handleLoginRequest(request, response, context)){ return State.INTERCEPTED; } //Handles request if logout. if(config.isLogoutEnabled() && handleLogoutRequest(request, response, context)) { return State.INTERCEPTED; } //Resolve authentication. State state = resolveAuthentication(request,response,context); if(state.isIntercepted()){ return state; } //Disable csrf if anonymous access. if(!context.getAuthentication().isAuthenticated()) { CSRF.ignore(request); } return State.CONTINUE; }
CSRF.ignore(request.getServletRequest());
CSRF.ignore(request.getServletRequest());