public class SecurityFilter
Checks the validity of the CSRF token on every POST request. Also Checks the validity of the state token on every POST
request. Its purpose is to help protect against a page being
submitted with stale state. This can occur when key state has changed (either in session, or otherwise) that makes the
current POST request no longer viable. See StaleStateProtectionService for more info on purpose and usage.
You can inject excluded Request URI patterns to bypass this filter.
This filter uses the AntPathRequestMatcher which compares a pre-defined ant-style pattern against the URL
(servletPath + pathInfo) of an HttpServletRequest.
This allows you to use wildcard matching as well, for example /** or **