Interface | Description |
---|---|
CsrfToken |
Provides the information about an expected CSRF token.
|
CsrfTokenRepository |
An API to allow changing the method in which the expected
CsrfToken is
associated to the HttpServletRequest . |
Class | Description |
---|---|
CookieCsrfTokenRepository |
A
CsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS. |
CsrfAuthenticationStrategy |
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating. |
CsrfFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
CsrfLogoutHandler |
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout. |
DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
HttpSessionCsrfTokenRepository | |
LazyCsrfTokenRepository |
A
CsrfTokenRepository that delays saving new CsrfToken until the
attributes of the CsrfToken that were generated are accessed. |
Exception | Description |
---|---|
CsrfException |
Thrown when an invalid or missing
CsrfToken is found in the HttpServletRequest |
InvalidCsrfTokenException |
Thrown when an expected
CsrfToken exists, but it does not match the value
present on the HttpServletRequest |
MissingCsrfTokenException |
Thrown when no expected
CsrfToken is found but is required. |