Web context authorizers: (v4.2)
Some authorizers only apply on the web context:
1) CSRF
CsrfAuthorizer
checks that the web context has the appropriate CSRF token in order to protect against CSRF attacks. Using theDefaultCsrfTokenGenerator
or thecsrfToken
matcher, you can get the CSRF token and send it as a parameter or as a header. TheCsrfAuthorizer
checks that the request is a POST and has a CSRF token (found in a parameter or header)
2) Others
-
IpRegexpAuthorizer
checks the incoming IP address -
CheckHttpMethodAuthorizer
checks that the request was performed with the appropriate HTTP method