org.springframework.security.web.csrf
Class CsrfAuthenticationStrategy
java.lang.Object
org.springframework.security.web.csrf.CsrfAuthenticationStrategy
- All Implemented Interfaces:
- SessionAuthenticationStrategy
public final class CsrfAuthenticationStrategy
- extends Object
- implements SessionAuthenticationStrategy
CsrfAuthenticationStrategy
is in charge of removing the CsrfToken
upon
authenticating. A new CsrfToken
will then be generated by the framework upon
the next request.
- Since:
- 3.2
Method Summary |
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CsrfAuthenticationStrategy
public CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository)
- Creates a new instance
- Parameters:
csrfTokenRepository
- the CsrfTokenRepository
to use
onAuthentication
public void onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws SessionAuthenticationException
- Description copied from interface:
SessionAuthenticationStrategy
- Performs Http session-related functionality when a new authentication occurs.
- Specified by:
onAuthentication
in interface SessionAuthenticationStrategy
- Throws:
SessionAuthenticationException
- if it is decided that the authentication is not allowed for the session.
This will typically be because the user has too many sessions open at once.