Class HttpSessionCsrfTokenRepository
- java.lang.Object
-
- org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
-
- All Implemented Interfaces:
CsrfTokenRepository
public final class HttpSessionCsrfTokenRepository extends java.lang.Object implements CsrfTokenRepository
- Since:
- 3.2
-
-
Constructor Summary
Constructors Constructor Description HttpSessionCsrfTokenRepository()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CsrfToken
generateToken(javax.servlet.http.HttpServletRequest request)
Generates aCsrfToken
CsrfToken
loadToken(javax.servlet.http.HttpServletRequest request)
Loads the expectedCsrfToken
from theHttpServletRequest
void
saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void
setHeaderName(java.lang.String headerName)
void
setParameterName(java.lang.String parameterName)
Sets theHttpServletRequest
parameter name that theCsrfToken
is expected to appear onvoid
setSessionAttributeName(java.lang.String sessionAttributeName)
Sets theHttpSession
attribute name that theCsrfToken
is stored in
-
-
-
Method Detail
-
saveToken
public void saveToken(CsrfToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Description copied from interface:CsrfTokenRepository
Saves theCsrfToken
using theHttpServletRequest
andHttpServletResponse
. If theCsrfToken
is null, it is the same as deleting it.- Specified by:
saveToken
in interfaceCsrfTokenRepository
- Parameters:
token
- theCsrfToken
to save or null to deleterequest
- theHttpServletRequest
to useresponse
- theHttpServletResponse
to use
-
loadToken
public CsrfToken loadToken(javax.servlet.http.HttpServletRequest request)
Description copied from interface:CsrfTokenRepository
Loads the expectedCsrfToken
from theHttpServletRequest
- Specified by:
loadToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use- Returns:
- the
CsrfToken
or null if none exists
-
generateToken
public CsrfToken generateToken(javax.servlet.http.HttpServletRequest request)
Description copied from interface:CsrfTokenRepository
Generates aCsrfToken
- Specified by:
generateToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use- Returns:
- the
CsrfToken
that was generated. Cannot be null.
-
setParameterName
public void setParameterName(java.lang.String parameterName)
Sets theHttpServletRequest
parameter name that theCsrfToken
is expected to appear on- Parameters:
parameterName
- the new parameter name to use
-
setHeaderName
public void setHeaderName(java.lang.String headerName)
Sets the header name that theCsrfToken
is expected to appear on and the header that the response will contain theCsrfToken
.- Parameters:
headerName
- the new header name to use
-
setSessionAttributeName
public void setSessionAttributeName(java.lang.String sessionAttributeName)
Sets theHttpSession
attribute name that theCsrfToken
is stored in- Parameters:
sessionAttributeName
- the new attribute name to use
-
-