|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B> org.springframework.security.config.annotation.web.configurers.CsrfConfigurer<H>
public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
Adds CSRF protection for the methods as specified by
requireCsrfProtectionMatcher(RequestMatcher)
.
ExceptionHandlingConfigurer.accessDeniedHandler(AccessDeniedHandler)
is used to determine how to handle CSRF attempts
Constructor Summary | |
---|---|
CsrfConfigurer()
Creates a new instance |
Method Summary | |
---|---|
void |
configure(H http)
Configure the SecurityBuilder by setting the necessary properties
on the SecurityBuilder . |
CsrfConfigurer<H> |
csrfTokenRepository(CsrfTokenRepository csrfTokenRepository)
Specify the CsrfTokenRepository to use. |
B |
disable()
Disables the AbstractHttpConfigurer by removing it. |
CsrfConfigurer<H> |
requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher)
Specify the RequestMatcher to use for determining when CSRF
should be applied. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter |
---|
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CsrfConfigurer()
HttpSecurity.csrf()
Method Detail |
---|
public CsrfConfigurer<H> csrfTokenRepository(CsrfTokenRepository csrfTokenRepository)
CsrfTokenRepository
to use. The default is an HttpSessionCsrfTokenRepository
.
csrfTokenRepository
- the CsrfTokenRepository
to use
CsrfConfigurer
for further customizationspublic CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher)
RequestMatcher
to use for determining when CSRF
should be applied. The default is to ignore GET, HEAD, TRACE, OPTIONS and
process all other requests.
requireCsrfProtectionMatcher
- the RequestMatcher
to use
CsrfConfigurer
for further customizationspublic void configure(H http) throws Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties
on the SecurityBuilder
.
configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
public B disable()
AbstractHttpConfigurer
by removing it. After doing
so a fresh version of the configuration can be applied.
HttpSecurityBuilder
for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |