@Override public State handleRequest(Request request, Response response) throws Throwable { //Ignore if csrf not enabled. if(!config.isCsrfEnabled()) { return State.CONTINUE; } CsrfToken token = null; String savedToken = manager.loadToken(request); if(null == savedToken) { savedToken = manager.generateToken(request); token = new SaveOnAccessCsrfToken(config, savedToken, request, manager); }else{ token = new SimpleCsrfToken(config, savedToken, false); } //Set attributes CSRF.setGeneratedToken(request, token); request.setAttribute(config.getCsrfParameterName(), token); return State.CONTINUE; }