public final class CookieCsrfTokenRepository extends java.lang.Object implements CsrfTokenRepository
CsrfTokenRepository
that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse()
.Constructor and Description |
---|
CookieCsrfTokenRepository() |
Modifier and Type | Method and Description |
---|---|
CsrfToken |
generateToken(javax.servlet.http.HttpServletRequest request)
Generates a
CsrfToken |
java.lang.String |
getCookiePath()
Get the path that the CSRF cookie will be set to.
|
CsrfToken |
loadToken(javax.servlet.http.HttpServletRequest request)
Loads the expected
CsrfToken from the HttpServletRequest |
void |
saveToken(CsrfToken token,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
void |
setCookieDomain(java.lang.String cookieDomain)
Sets the domain of the cookie that the expected CSRF token is saved to and read from.
|
void |
setCookieHttpOnly(boolean cookieHttpOnly)
Sets the HttpOnly attribute on the cookie containing the CSRF token.
|
void |
setCookieName(java.lang.String cookieName)
Sets the name of the cookie that the expected CSRF token is saved to and read from.
|
void |
setCookiePath(java.lang.String path)
Set the path that the Cookie will be created with.
|
void |
setHeaderName(java.lang.String headerName)
Sets the name of the HTTP header that should be used to provide the token.
|
void |
setParameterName(java.lang.String parameterName)
Sets the name of the HTTP request parameter that should be used to provide a token.
|
static CookieCsrfTokenRepository |
withHttpOnlyFalse()
Factory method to conveniently create an instance that has
setCookieHttpOnly(boolean) set to false. |
public CsrfToken generateToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
generateToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
that was generated. Cannot be null.public void saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
CsrfTokenRepository
CsrfToken
using the HttpServletRequest
and
HttpServletResponse
. If the CsrfToken
is null, it is the same as
deleting it.saveToken
in interface CsrfTokenRepository
token
- the CsrfToken
to save or null to deleterequest
- the HttpServletRequest
to useresponse
- the HttpServletResponse
to usepublic CsrfToken loadToken(javax.servlet.http.HttpServletRequest request)
CsrfTokenRepository
CsrfToken
from the HttpServletRequest
loadToken
in interface CsrfTokenRepository
request
- the HttpServletRequest
to useCsrfToken
or null if none existspublic void setParameterName(java.lang.String parameterName)
parameterName
- the name of the HTTP request parameter that should be used to
provide a tokenpublic void setHeaderName(java.lang.String headerName)
headerName
- the name of the HTTP header that should be used to provide the
tokenpublic void setCookieName(java.lang.String cookieName)
cookieName
- the name of the cookie that the expected CSRF token is saved to
and read frompublic void setCookieHttpOnly(boolean cookieHttpOnly)
true
.cookieHttpOnly
- true
sets the HttpOnly attribute, false
does not set itpublic static CookieCsrfTokenRepository withHttpOnlyFalse()
setCookieHttpOnly(boolean)
set to false.setCookieHttpOnly(boolean)
set to falsepublic void setCookiePath(java.lang.String path)
path
- the path to usepublic java.lang.String getCookiePath()
public void setCookieDomain(java.lang.String cookieDomain)
cookieDomain
- the domain of the cookie that the expected CSRF token is saved to
and read from