public class AdminSecurityFilter
This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch
(Session reset for example) the User will be redirected to login, if not session reset User is sent to previous location.
This class also handles stale state detection for the admin. This can occur when an admin page form is submitted
and the system detects that key state has changed since the time the page was originally rendered.
See StaleStateProtectionService for details.
applicationContext-admin-security should reference this class as follows:
<sec:custom-filter ref="blPreSecurityFilterChain" before="CHANNEL_FILTER"/>
<sec:custom-filter ref="blSecurityFilter" before="FORM_LOGIN_FILTER"/>
<sec:custom-filter ref="blAdminFilterSecurityInterceptor" after="EXCEPTION_TRANSLATION_FILTER"/>
<sec:custom-filter ref="blPostSecurityFilterChain" after="SWITCH_USER_FILTER"/>
<bean id="blSecurityFilter" class="org.broadleafcommerce.openadmin.web.filter.AdminSecurityFilter" />