public final class CookieServerCsrfTokenRepository extends java.lang.Object implements ServerCsrfTokenRepository
ServerCsrfTokenRepository
that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse()
.Constructor and Description |
---|
CookieServerCsrfTokenRepository() |
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<CsrfToken> |
generateToken(org.springframework.web.server.ServerWebExchange exchange)
Generates a
CsrfToken |
reactor.core.publisher.Mono<CsrfToken> |
loadToken(org.springframework.web.server.ServerWebExchange exchange)
Loads the expected
CsrfToken from the ServerWebExchange |
reactor.core.publisher.Mono<java.lang.Void> |
saveToken(org.springframework.web.server.ServerWebExchange exchange,
CsrfToken token)
Saves the
CsrfToken using the ServerWebExchange . |
void |
setCookieDomain(java.lang.String cookieDomain)
Sets the cookie domain
|
void |
setCookieHttpOnly(boolean cookieHttpOnly)
Sets the HttpOnly attribute on the cookie containing the CSRF token
|
void |
setCookieName(java.lang.String cookieName)
Sets the cookie name
|
void |
setCookiePath(java.lang.String cookiePath)
Sets the cookie path
|
void |
setHeaderName(java.lang.String headerName)
Sets the header name
|
void |
setParameterName(java.lang.String parameterName)
Sets the parameter name
|
static CookieServerCsrfTokenRepository |
withHttpOnlyFalse()
Factory method to conveniently create an instance that has
setCookieHttpOnly(boolean) set to false. |
public static CookieServerCsrfTokenRepository withHttpOnlyFalse()
setCookieHttpOnly(boolean)
set to false.setCookieHttpOnly(boolean)
set to falsepublic reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)
ServerCsrfTokenRepository
CsrfToken
generateToken
in interface ServerCsrfTokenRepository
exchange
- the ServerWebExchange
to useCsrfToken
that was generated. Cannot be null.public reactor.core.publisher.Mono<java.lang.Void> saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token)
ServerCsrfTokenRepository
CsrfToken
using the ServerWebExchange
. If the
CsrfToken
is null, it is the same as deleting it.saveToken
in interface ServerCsrfTokenRepository
exchange
- the ServerWebExchange
to usetoken
- the CsrfToken
to save or null to deletepublic reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)
ServerCsrfTokenRepository
CsrfToken
from the ServerWebExchange
loadToken
in interface ServerCsrfTokenRepository
exchange
- the ServerWebExchange
to useCsrfToken
or null if none existspublic void setCookieHttpOnly(boolean cookieHttpOnly)
cookieHttpOnly
- True to mark the cookie as http only. False otherwise.public void setCookieName(java.lang.String cookieName)
cookieName
- The cookie namepublic void setParameterName(java.lang.String parameterName)
parameterName
- The parameter namepublic void setHeaderName(java.lang.String headerName)
headerName
- The header namepublic void setCookiePath(java.lang.String cookiePath)
cookiePath
- The cookie pathpublic void setCookieDomain(java.lang.String cookieDomain)
cookieDomain
- The cookie domain