Some authorizers only apply on the web context:

1) CSRF

• CsrfAuthorizer checks that the web context has the appropriate CSRF token in order to protect against CSRF attacks. Using the DefaultCsrfTokenGenerator or the csrfToken matcher, you can get the CSRF token and send it as a parameter or as a header. The CsrfAuthorizer checks that the request is a POST and has a CSRF token (found in a parameter or header)

2) Others

• IpRegexpAuthorizer checks the incoming IP address

• CheckHttpMethodAuthorizer checks that the request was performed with the appropriate HTTP method