| Interface | Description |
|---|---|
| CsrfToken |
Provides the information about an expected CSRF token.
|
| CsrfTokenRepository |
An API to allow changing the method in which the expected
CsrfToken is
associated to the HttpServletRequest. |
| Class | Description |
|---|---|
| CsrfAuthenticationStrategy |
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating. |
| CsrfFilter |
Applies CSRF protection using a synchronizer token pattern.
|
| CsrfLogoutHandler |
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout. |
| DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
| HttpSessionCsrfTokenRepository |
| Exception | Description |
|---|---|
| CsrfException |
Thrown when an invalid or missing
CsrfToken is found in the HttpServletRequest |
| InvalidCsrfTokenException |
Thrown when an expected
CsrfToken exists, but it does not match the value
present on the HttpServletRequest |
| MissingCsrfTokenException |
Thrown when no expected
CsrfToken is found but is required. |