org.springframework.security.web.csrf

Class CsrfAuthenticationStrategy

java.lang.Object

org.springframework.security.web.csrf.CsrfAuthenticationStrategy

All Implemented Interfaces:

SessionAuthenticationStrategy

public final class CsrfAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy

CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating. A new CsrfToken will then be generated by the framework upon the next request.

Since:

3.2

Constructor Summary

Constructors

Constructor and Description
CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository) Creates a new instance

Method Summary

Methods

Modifier and Type	Method and Description
void	onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Performs Http session-related functionality when a new authentication occurs.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfAuthenticationStrategy

public CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository)

Creates a new instance

Parameters:

csrfTokenRepository - the CsrfTokenRepository to use

Method Detail

onAuthentication

public void onAuthentication(Authentication authentication,
                    javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpServletResponse response)
                      throws SessionAuthenticationException

Description copied from interface: SessionAuthenticationStrategy

Performs Http session-related functionality when a new authentication occurs.

Specified by:

onAuthentication in interface SessionAuthenticationStrategy

Throws:

SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.