CsrfConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class CsrfConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.CsrfConfigurer<H>

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Adds CSRF protection for the methods as specified by requireCsrfProtectionMatcher(RequestMatcher).

Security Filters

The following Filters are populated

CsrfFilter

Shared Objects Created

No shared objects are created.

Shared Objects Used

ExceptionHandlingConfigurer.accessDeniedHandler(AccessDeniedHandler) is used to determine how to handle CSRF attempts

Since:: 3.2

Constructor Summary
`CsrfConfigurer()` Creates a new instance

Method Summary
`void`	`configure(H http)` Configure the `SecurityBuilder` by setting the necessary properties on the `SecurityBuilder`.
`CsrfConfigurer<H>`	`csrfTokenRepository(CsrfTokenRepository csrfTokenRepository)` Specify the `CsrfTokenRepository` to use.
`B`	`disable()` Disables the `AbstractHttpConfigurer` by removing it.
`CsrfConfigurer<H>`	`requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher)` Specify the `RequestMatcher` to use for determining when CSRF should be applied.
`T`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)`

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
`addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

CsrfConfigurer

public CsrfConfigurer()

Creates a new instance

See Also:: HttpSecurity.csrf()

Method Detail

csrfTokenRepository

public CsrfConfigurer<H> csrfTokenRepository(CsrfTokenRepository csrfTokenRepository)

Specify the CsrfTokenRepository to use. The default is an HttpSessionCsrfTokenRepository.

Parameters:: csrfTokenRepository - the CsrfTokenRepository to use
Returns:: the CsrfConfigurer for further customizations

requireCsrfProtectionMatcher

public CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher)

Specify the RequestMatcher to use for determining when CSRF should be applied. The default is to ignore GET, HEAD, TRACE, OPTIONS and process all other requests.

Parameters:: requireCsrfProtectionMatcher - the RequestMatcher to use
Returns:: the CsrfConfigurer for further customizations

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:: configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:: configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:: Exception

disable

public B disable()

Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:: the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)