ServerHttpSecurity.CsrfSpec

java.lang.Object
- org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Enclosing class:

ServerHttpSecurity
```
public class ServerHttpSecurity.CsrfSpec
extends java.lang.Object
```
Configures CSRF Protection

Since:

5.0

See Also:

ServerHttpSecurity.csrf()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`ServerHttpSecurity.CsrfSpec`	`accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)` Configures the `ServerAccessDeniedHandler` used when a CSRF token is invalid.
`ServerHttpSecurity`	`and()` Allows method chaining to continue configuring the `ServerHttpSecurity`
`protected void`	`configure(ServerHttpSecurity http)`
`ServerHttpSecurity.CsrfSpec`	`csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)` Configures the `ServerCsrfTokenRepository` used to persist the CSRF Token.
`ServerHttpSecurity`	`disable()` Disables CSRF Protection.
`ServerHttpSecurity.CsrfSpec`	`requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)` Configures the `ServerWebExchangeMatcher` used to determine when CSRF protection is enabled.
`ServerHttpSecurity.CsrfSpec`	`tokenFromMultipartDataEnabled(boolean enabled)` Specifies if `CsrfWebFilter` should try to resolve the actual CSRF token from the body of multipart data requests.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - accessDeniedHandler
```
public ServerHttpSecurity.CsrfSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler)
```
    Configures the ServerAccessDeniedHandler used when a CSRF token is invalid. Default is to send an HttpStatus.FORBIDDEN.
    
    Parameters:
    
    accessDeniedHandler - the access denied handler.
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - csrfTokenRepository
```
public ServerHttpSecurity.CsrfSpec csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository)
```
    Configures the ServerCsrfTokenRepository used to persist the CSRF Token. Default is WebSessionServerCsrfTokenRepository.
    
    Parameters:
    
    csrfTokenRepository - the repository to use
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - requireCsrfProtectionMatcher
```
public ServerHttpSecurity.CsrfSpec requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher)
```
    Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled. Default is PUT, POST, DELETE requests.
    
    Parameters:
    
    requireCsrfProtectionMatcher - the matcher to use
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - tokenFromMultipartDataEnabled
```
public ServerHttpSecurity.CsrfSpec tokenFromMultipartDataEnabled(boolean enabled)
```
    Specifies if CsrfWebFilter should try to resolve the actual CSRF token from the body of multipart data requests.
    
    Parameters:
    
    enabled - true if should read from multipart form body, else false. Default is false
    
    Returns:
    
    the ServerHttpSecurity.CsrfSpec for additional configuration
  - and
```
public ServerHttpSecurity and()
```
    Allows method chaining to continue configuring the ServerHttpSecurity
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - disable
```
public ServerHttpSecurity disable()
```
    Disables CSRF Protection. Disabling CSRF Protection is only recommended when the application is never used within a browser.
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - configure
```
protected void configure(ServerHttpSecurity http)
```

Class ServerHttpSecurity.CsrfSpec

Method Summary

Methods inherited from class java.lang.Object

Method Detail

accessDeniedHandler

csrfTokenRepository

requireCsrfProtectionMatcher

tokenFromMultipartDataEnabled

and

disable

configure