@Override
public State handleRequest(Request request, Response response) throws Throwable {
if(!config.isCsrfEnabled()) {
return State.CONTINUE;
}
CsrfToken token = null;
String savedToken = manager.loadToken(request);
if(null == savedToken) {
savedToken = manager.generateToken(request);
token = new SaveOnAccessCsrfToken(config, savedToken, request, manager);
}else{
token = new SimpleCsrfToken(config, savedToken, false);
}
CSRF.setGeneratedToken(request, token);
request.setAttribute(config.getCsrfParameterName(), token);
return State.CONTINUE;
}