public final class CookieCsrfTokenRepository extends Object implements CsrfTokenRepository
CsrfTokenRepository
that persist the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.Constructor and Description |
---|
CookieCsrfTokenRepository() |
Modifier and Type | Method and Description |
---|---|
CsrfToken |
generateToken(javax.servlet.http.HttpServletRequest request)
Generates a
CsrfToken |
CsrfToken |
loadToken(javax.servlet.http.HttpServletRequest request)
Loads the expected
CsrfToken from the HttpServletRequest |
void |
saveToken(CsrfToken token,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
void |
setCookieName(String cookieName)
Sets the name of the cookie that the expected CSRF token is saved to and read from
|
void |
setHeaderName(String headerName)
Sets the name of the HTTP header that should be used to provide the token
|
void |
setParameterName(String parameterName)
Sets the name of the HTTP request parameter that should be used to provide a token.
|
public CsrfToken generateToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
generateToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
that was generated. Cannot be null.public void saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
CsrfTokenRepository
CsrfToken
using the HttpServletRequest
and
HttpServletResponse
. If the CsrfToken
is null, it is the same as
deleting it.saveToken
in interface CsrfTokenRepository
token
- the CsrfToken
to save or null to deleterequest
- the HttpServletRequest
to useresponse
- the HttpServletResponse
to usepublic CsrfToken loadToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
from the HttpServletRequest
loadToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
or null if none existspublic void setParameterName(String parameterName)
parameterName
- the name of the HTTP request parameter that should be used to
provide a tokenpublic void setHeaderName(String headerName)
headerName
- the name of the HTTP header that should be used to provide the
tokenpublic void setCookieName(String cookieName)
cookieName
- the name of the cookie that the expected CSRF token is saved to
and read from