protected void checkCsrfToken(Request request, CsrfToken expected) throws Throwable { String requestedToken = getCsrfTokenString(request); if(!csrfManager.verifyToken(request, requestedToken, expected)) { if(expected.isNew()) { throw new MissingCsrfTokenException("Expected CSRF token not found. Has your session expired?"); }else{ throw new InvalidCsrfTokenException("Invalid CSRF Token '" + requestedToken + "' was found on the request parameter '" + securityConfig.getCsrfParameterName() + "' or header '" + securityConfig.getCsrfHeaderName() + "'."); } } }