public class ServerHttpSecurity.CsrfSpec
extends java.lang.Object
ServerHttpSecurity.csrf()| Modifier and Type | Method and Description | 
|---|---|
| ServerHttpSecurity.CsrfSpec | accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)Configures the  ServerAccessDeniedHandlerused when a CSRF token is invalid. | 
| ServerHttpSecurity | and()Allows method chaining to continue configuring the  ServerHttpSecurity | 
| protected void | configure(ServerHttpSecurity http) | 
| ServerHttpSecurity.CsrfSpec | csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)Configures the  ServerCsrfTokenRepositoryused to persist the CSRF Token. | 
| ServerHttpSecurity | disable()Disables CSRF Protection. | 
| ServerHttpSecurity.CsrfSpec | requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)Configures the  ServerWebExchangeMatcherused to determine when CSRF protection is enabled. | 
| ServerHttpSecurity.CsrfSpec | tokenFromMultipartDataEnabled(boolean enabled)Specifies if  CsrfWebFiltershould try to resolve the actual CSRF token from the body of multipart
 data requests. | 
public ServerHttpSecurity.CsrfSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)
ServerAccessDeniedHandler used when a CSRF token is invalid. Default is
 to send an HttpStatus.FORBIDDEN.accessDeniedHandler - the access denied handler.ServerHttpSecurity.CsrfSpec for additional configurationpublic ServerHttpSecurity.CsrfSpec csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)
ServerCsrfTokenRepository used to persist the CSRF Token. Default is
 WebSessionServerCsrfTokenRepository.csrfTokenRepository - the repository to useServerHttpSecurity.CsrfSpec for additional configurationpublic ServerHttpSecurity.CsrfSpec requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)
ServerWebExchangeMatcher used to determine when CSRF protection is enabled. Default is
 PUT, POST, DELETE requests.requireCsrfProtectionMatcher - the matcher to useServerHttpSecurity.CsrfSpec for additional configurationpublic ServerHttpSecurity.CsrfSpec tokenFromMultipartDataEnabled(boolean enabled)
CsrfWebFilter should try to resolve the actual CSRF token from the body of multipart
 data requests.enabled - true if should read from multipart form body, else false. Default is falseServerHttpSecurity.CsrfSpec for additional configurationpublic ServerHttpSecurity and()
ServerHttpSecurityServerHttpSecurity to continue configuringpublic ServerHttpSecurity disable()
ServerHttpSecurity to continue configuringprotected void configure(ServerHttpSecurity http)