public class CsrfWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter
Applies
CSRF
protection using a synchronizer token pattern. Developers are required to ensure that
CsrfWebFilter
is invoked for any request that allows state to change. Typically
this just means that they should ensure their web application follows proper REST
semantics (i.e. do not change state with the HTTP methods GET, HEAD, TRACE, OPTIONS).
Typically the ServerCsrfTokenRepository
implementation chooses to store the
CsrfToken
in WebSession
with
WebSessionServerCsrfTokenRepository
. This is preferred to storing the token in
a cookie which can be modified by a client application.
Constructor and Description |
---|
CsrfWebFilter() |
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<java.lang.Void> |
filter(org.springframework.web.server.ServerWebExchange exchange,
org.springframework.web.server.WebFilterChain chain) |
void |
setCsrfTokenAttributeName(java.lang.String csrfTokenAttributeName) |
void |
setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher) |
void |
setServerAccessDeniedHandler(ServerAccessDeniedHandler serverAccessDeniedHandler) |
void |
setServerCsrfTokenRepository(ServerCsrfTokenRepository serverCsrfTokenRepository) |
public void setServerAccessDeniedHandler(ServerAccessDeniedHandler serverAccessDeniedHandler)
public void setCsrfTokenAttributeName(java.lang.String csrfTokenAttributeName)
public void setServerCsrfTokenRepository(ServerCsrfTokenRepository serverCsrfTokenRepository)
public void setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)
public reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)
filter
in interface org.springframework.web.server.WebFilter