Class CsrfAuthenticationStrategy
- java.lang.Object
- 
- org.springframework.security.web.csrf.CsrfAuthenticationStrategy
 
- 
- All Implemented Interfaces:
- SessionAuthenticationStrategy
 
 public final class CsrfAuthenticationStrategy extends java.lang.Object implements SessionAuthenticationStrategy CsrfAuthenticationStrategyis in charge of removing theCsrfTokenupon authenticating. A newCsrfTokenwill then be generated by the framework upon the next request.- Since:
- 3.2
 
- 
- 
Constructor SummaryConstructors Constructor Description CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository)Creates a new instance
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description voidonAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Performs Http session-related functionality when a new authentication occurs.
 
- 
- 
- 
Constructor Detail- 
CsrfAuthenticationStrategypublic CsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository) Creates a new instance- Parameters:
- csrfTokenRepository- the- CsrfTokenRepositoryto use
 
 
- 
 - 
Method Detail- 
onAuthenticationpublic void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException Description copied from interface:SessionAuthenticationStrategyPerforms Http session-related functionality when a new authentication occurs.- Specified by:
- onAuthenticationin interface- SessionAuthenticationStrategy
- Throws:
- SessionAuthenticationException- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
 
 
- 
 
-