org.springframework.security.web.server.csrf (spring-security-docs 6.4.0-RC1 API)

package org.springframework.security.web.server.csrf

Related Packages

Package

Description

org.springframework.security.web.server
Class

Description

CookieServerCsrfTokenRepository

A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.

CsrfException

Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest

CsrfServerLogoutHandler

CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.

CsrfToken

CsrfWebFilter

Applies CSRF protection using a synchronizer token pattern.

DefaultCsrfToken

A CSRF token that is used to protect against CSRF attacks.

ServerCsrfTokenRepository

An API to allow changing the method in which the expected CsrfToken is associated to the ServerWebExchange.

ServerCsrfTokenRequestAttributeHandler

An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.

ServerCsrfTokenRequestHandler

A callback interface that is used to make the CsrfToken created by the ServerCsrfTokenRepository available as an exchange attribute.

ServerCsrfTokenRequestResolver

Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided ServerWebExchange.

WebSessionServerCsrfTokenRepository

A ServerCsrfTokenRepository that stores the CsrfToken in the HttpSession.

XorServerCsrfTokenRequestAttributeHandler

An implementation of the ServerCsrfTokenRequestAttributeHandler and ServerCsrfTokenRequestResolver interfaces that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a form data value or header of the request.

Package org.springframework.security.web.server.csrf