@Override
  protected void doFilterInternal(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws ServletException, IOException {
    CsrfToken token = (CsrfToken) request.getAttribute("_csrf");

    // Spring Security will allow the Token to be included in this header name
    response.setHeader("X-CSRF-HEADER", token.getHeaderName());

    // Spring Security will allow the token to be included in this parameter name
    response.setHeader("X-CSRF-PARAM", token.getParameterName());

    // this is the value of the token to be included as either a header or an HTTP parameter
    response.setHeader("X-CSRF-TOKEN", token.getToken());

    // Cookie Base Approach for CSRF token

    //        String pCookieName = "XSRF-TOKEN";
    //
    //        try {
    //            Cookie cookie = new Cookie(pCookieName, token.getToken());
    //            URL url = new URL(request.getRequestURL().toString());
    //            cookie.setDomain(url.getHost());
    //            cookie.setComment("user is not eligible to take the survey this time");
    //            cookie.setMaxAge(-1);
    //            response.addCookie(cookie);
    //        } catch (MalformedURLException e) {
    //            e.printStackTrace();
    //        }

    filterChain.doFilter(request, response);
  }
    /*
     * (non-Javadoc)
     *
     * @see
     * org.springframework.test.web.servlet.request.RequestPostProcessor
     * #postProcessRequest
     * (org.springframework.mock.web.MockHttpServletRequest)
     */
    public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {

      CsrfTokenRepository repository = WebTestUtils.getCsrfTokenRepository(request);
      CsrfToken token = repository.generateToken(request);
      repository.saveToken(token, request, new MockHttpServletResponse());
      String tokenValue = useInvalidToken ? "invalid" + token.getToken() : token.getToken();
      if (asHeader) {
        request.addHeader(token.getHeaderName(), tokenValue);
      } else {
        request.setParameter(token.getParameterName(), tokenValue);
      }
      return request;
    }
  @Test
  public void defaults() throws Exception {
    MockHttpServletRequest request = formLogin().buildRequest(this.servletContext);
    CsrfToken token =
        (CsrfToken)
            request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.ATTR_NAME);

    assertThat(request.getParameter("username")).isEqualTo("user");
    assertThat(request.getParameter("password")).isEqualTo("password");
    assertThat(request.getMethod()).isEqualTo("POST");
    assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
    assertThat(request.getRequestURI()).isEqualTo("/login");
    assertThat(request.getParameter("_csrf")).isNotNull();
  }