A csrf configuration object
A token provider to use.
handling failed token error.
Default constructor, useful from Java
Default constructor, useful from Java
in 2.5.0. This constructor uses global state.
handling failed token error.
A token provider to use.
A filter that provides CSRF protection.
These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.