public final class HttpSessionCsrfTokenRepository extends Object implements CsrfTokenRepository
Constructor and Description |
---|
HttpSessionCsrfTokenRepository() |
Modifier and Type | Method and Description |
---|---|
CsrfToken |
generateToken(javax.servlet.http.HttpServletRequest request)
Generates a
CsrfToken |
CsrfToken |
loadToken(javax.servlet.http.HttpServletRequest request)
Loads the expected
CsrfToken from the HttpServletRequest |
void |
saveToken(CsrfToken token,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
void |
setHeaderName(String headerName)
|
void |
setParameterName(String parameterName)
Sets the
HttpServletRequest parameter name that the CsrfToken is expected to appear on |
void |
setSessionAttributeName(String sessionAttributeName)
Sets the
HttpSession attribute name that the CsrfToken is stored in |
public void saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
CsrfTokenRepository
CsrfToken
using the HttpServletRequest
and
HttpServletResponse
. If the CsrfToken
is null, it is the
same as deleting it.saveToken
in interface CsrfTokenRepository
token
- the CsrfToken
to save or null to deleterequest
- the HttpServletRequest
to useresponse
- the HttpServletResponse
to usepublic CsrfToken loadToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
from the HttpServletRequest
loadToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
or null if none existspublic CsrfToken generateToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
generateToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
that was generated. Cannot be
null.public void setParameterName(String parameterName)
HttpServletRequest
parameter name that the CsrfToken
is expected to appear onparameterName
- the new parameter name to usepublic void setHeaderName(String headerName)
CsrfToken
is expected to appear on
and the header that the response will contain the CsrfToken
.headerName
- the new header name to use