This exclude url's list is used to list all the urls that must be excluded from checking for the XSRF attacks.
Each URL should be relative to the context path and must start with "/".
The individual url-patterns uses the ANT style patterns for pattern matching.
Note: By default all the urls that have the extensions namely CSS, JS, PNG, GIF and SWF are excluded.
Currently the following urls are excluded from checking for XSRF attacks.
<exclude-url-patterns>
<!-Excluding the jsp pages under the bpmportal directory directly, but not the sub directories in it.-->
<url-pattern>/bpmportal/*.jsp</url-pattern>
<url-pattern>/**/*.css</url-pattern>
<url-pattern>/**/*.js</url-pattern>
<url-pattern>/**/*.png</url-pattern>
<url-pattern>/**/*.gif</url-pattern>
<url-pattern>/**/*.swf</url-pattern>
</exclude-url-patterns>