public final class CsrfAuthenticationStrategy extends Object implements SessionAuthenticationStrategy
CsrfAuthenticationStrategy
is in charge of removing the CsrfToken
upon
authenticating. A new CsrfToken
will then be generated by the framework upon
the next request.Constructor and Description |
---|
CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.
|
public CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository)
csrfTokenRepository
- the CsrfTokenRepository
to usepublic void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException
SessionAuthenticationStrategy
onAuthentication
in interface SessionAuthenticationStrategy
SessionAuthenticationException
- if it is decided that the authentication is
not allowed for the session. This will typically be because the user has too many
sessions open at once.