org.springframework.security.web.csrf
Class HttpSessionCsrfTokenRepository

java.lang.Object
  org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

All Implemented Interfaces:

CsrfTokenRepository

public final class HttpSessionCsrfTokenRepository
extends Object
implements CsrfTokenRepository

A CsrfTokenRepository that stores the CsrfToken in the HttpSession.

Since:

3.2

Constructor Summary

HttpSessionCsrfTokenRepository()

Method Summary

CsrfToken	generateAndSaveToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Generates and saves the expected CsrfToken
CsrfToken	loadToken(javax.servlet.http.HttpServletRequest request) Loads the expected CsrfToken from the HttpServletRequest
void	saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.
void	setHeaderName(String parameterName) Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
void	setParameterName(String parameterName) Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
void	setSessionAttributeName(String sessionAttributeName) Sets the HttpSession attribute name that the CsrfToken is stored in

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HttpSessionCsrfTokenRepository

public HttpSessionCsrfTokenRepository()

Method Detail

saveToken

public void saveToken(CsrfToken token,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)

Description copied from interface: CsrfTokenRepository

Saves the CsrfToken using the HttpServletRequest and HttpServletResponse. If the CsrfToken is null, it is the same as deleting it.

Specified by:

saveToken in interface CsrfTokenRepository

Parameters:

token - the CsrfToken to save or null to delete

request - the HttpServletRequest to use

response - the HttpServletResponse to use

loadToken

public CsrfToken loadToken(javax.servlet.http.HttpServletRequest request)

Description copied from interface: CsrfTokenRepository

Loads the expected CsrfToken from the HttpServletRequest

Specified by:

loadToken in interface CsrfTokenRepository

Parameters:

request - the HttpServletRequest to use

Returns:

the CsrfToken or null if none exists

generateAndSaveToken

public CsrfToken generateAndSaveToken(javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response)

Description copied from interface: CsrfTokenRepository

Generates and saves the expected CsrfToken

Specified by:

generateAndSaveToken in interface CsrfTokenRepository

Parameters:

request - the HttpServletRequest to use

response - the HttpServletResponse to use

Returns:

the CsrfToken that was generated and saved. Cannot be null.

setParameterName

public void setParameterName(String parameterName)

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

Parameters:

parameterName - the new parameter name to use

setHeaderName

public void setHeaderName(String parameterName)

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

Parameters:

parameterName - the new parameter name to use

setSessionAttributeName

public void setSessionAttributeName(String sessionAttributeName)

Sets the HttpSession attribute name that the CsrfToken is stored in

Parameters:

sessionAttributeName - the new attribute name to use