ServerHttpSecurity.CsrfSpec

java.lang.Object
- org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Enclosing class:

ServerHttpSecurity
```
public class ServerHttpSecurity.CsrfSpec
extends java.lang.Object
```
Configures CSRF Protection

Since:

5.0

See Also:

ServerHttpSecurity.csrf()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`ServerHttpSecurity.CsrfSpec`	`accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)` Configures the `ServerAccessDeniedHandler` used when a CSRF token is invalid.
`ServerHttpSecurity`	`and()` Allows method chaining to continue configuring the `ServerHttpSecurity`
`protected void`	`configure(ServerHttpSecurity http)`
`ServerHttpSecurity.CsrfSpec`	`csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)` Configures the `ServerCsrfTokenRepository` used to persist the CSRF Token.
`ServerHttpSecurity`	`disable()` Disables CSRF Protection.
`ServerHttpSecurity.CsrfSpec`	`requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)` Configures the `ServerWebExchangeMatcher` used to determine when CSRF protection is enabled.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - accessDeniedHandler
```
public ServerHttpSecurity.CsrfSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)
```
    Configures the ServerAccessDeniedHandler used when a CSRF token is invalid. Default is to send an HttpStatus.FORBIDDEN.
    
    Parameters:
    
    accessDeniedHandler - the access denied handler.
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - csrfTokenRepository
```
public ServerHttpSecurity.CsrfSpec csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)
```
    Configures the ServerCsrfTokenRepository used to persist the CSRF Token. Default is WebSessionServerCsrfTokenRepository.
    
    Parameters:
    
    csrfTokenRepository - the repository to use
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - requireCsrfProtectionMatcher
```
public ServerHttpSecurity.CsrfSpec requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)
```
    Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled. Default is PUT, POST, DELETE requests.
    
    Parameters:
    
    requireCsrfProtectionMatcher - the matcher to use
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - and
```
public ServerHttpSecurity and()
```
    Allows method chaining to continue configuring the ServerHttpSecurity
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - disable
```
public ServerHttpSecurity disable()
```
    Disables CSRF Protection. Disabling CSRF Protection is only recommended when the application is never used within a browser.
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - configure
```
protected void configure(ServerHttpSecurity http)
```

Class ServerHttpSecurity.CsrfSpec

Method Summary

Methods inherited from class java.lang.Object

Method Detail

accessDeniedHandler

csrfTokenRepository

requireCsrfProtectionMatcher

and

disable

configure