Package org.springframework.security.web.server.csrf

Class CookieServerCsrfTokenRepository

java.lang.Object
org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
All Implemented Interfaces:
ServerCsrfTokenRepository
public final class CookieServerCsrfTokenRepository extends Object implements ServerCsrfTokenRepository
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse() .
Since:
5.1

  • Constructor Details

    • CookieServerCsrfTokenRepository

      public CookieServerCsrfTokenRepository()

  • Method Details

    • setCookieCustomizer

      public void setCookieCustomizer(Consumer<org.springframework.http.ResponseCookie.ResponseCookieBuilder> cookieCustomizer)
      Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().
      Parameters:
      cookieCustomizer - consumer for a cookie builder
      Since:
      6.1

    • withHttpOnlyFalse

      public static CookieServerCsrfTokenRepository withHttpOnlyFalse()
      Factory method to conveniently create an instance that has creates cookies with ResponseCookie.isHttpOnly() set to false.
      Returns:
      an instance of CookieCsrfTokenRepository that creates cookies with ResponseCookie.isHttpOnly() set to false

    • generateToken

      public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Generates a CsrfToken
      Specified by:
      generateToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken that was generated. Cannot be null.

    • saveToken

      public reactor.core.publisher.Mono<Void> saveToken(org.springframework.web.server.ServerWebExchange exchange, @Nullable CsrfToken token)
      Description copied from interface: ServerCsrfTokenRepository
      Saves the CsrfToken using the ServerWebExchange. If the CsrfToken is null, it is the same as deleting it.
      Specified by:
      saveToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      token - the CsrfToken to save or null to delete

    • loadToken

      public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Loads the expected CsrfToken from the ServerWebExchange
      Specified by:
      loadToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken or null if none exists

    • setCookieName

      public void setCookieName(String cookieName)
      Sets the cookie name
      Parameters:
      cookieName - The cookie name

    • setParameterName

      public void setParameterName(String parameterName)
      Sets the parameter name
      Parameters:
      parameterName - The parameter name

    • setHeaderName

      public void setHeaderName(String headerName)
      Sets the header name
      Parameters:
      headerName - The header name

    • setCookiePath

      public void setCookiePath(String cookiePath)
      Sets the cookie path
      Parameters:
      cookiePath - The cookie path