| Interface | Description |
|---|---|
| CsrfToken |
Provides the information about an expected CSRF token.
|
| CsrfTokenRepository |
An API to allow changing the method in which the expected
CsrfToken is
associated to the HttpServletRequest. |
| Class | Description |
|---|---|
| CookieCsrfTokenRepository |
A
CsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS. |
| CsrfAuthenticationStrategy |
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating. |
| CsrfFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
| CsrfLogoutHandler |
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout. |
| DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
| HttpSessionCsrfTokenRepository | |
| LazyCsrfTokenRepository |
A
CsrfTokenRepository that delays saving new CsrfToken until the
attributes of the CsrfToken that were generated are accessed. |
| Exception | Description |
|---|---|
| CsrfException |
Thrown when an invalid or missing
CsrfToken is found in the HttpServletRequest |
| InvalidCsrfTokenException |
Thrown when an expected
CsrfToken exists, but it does not match the value
present on the HttpServletRequest |
| MissingCsrfTokenException |
Thrown when no expected
CsrfToken is found but is required. |