Package org.springframework.security.web.csrf

Class CsrfTokenRequestProcessor

java.lang.Object

org.springframework.security.web.csrf.CsrfTokenRequestProcessor

All Implemented Interfaces:

CsrfTokenRequestAttributeHandler, CsrfTokenRequestResolver

public class CsrfTokenRequestProcessor
extends java.lang.Object
implements CsrfTokenRequestAttributeHandler, CsrfTokenRequestResolver

An implementation of the CsrfTokenRequestAttributeHandler and CsrfTokenRequestResolver interfaces that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
CsrfTokenRequestProcessor()

Method Summary

Modifier and Type	Method	Description
void	handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.function.Supplier<CsrfToken> csrfToken)	Handles a request using a CsrfToken.
java.lang.String	resolveCsrfTokenValue(javax.servlet.http.HttpServletRequest request, CsrfToken csrfToken)	Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
void	setCsrfRequestAttributeName(java.lang.String csrfRequestAttributeName)	The CsrfToken is available as a request attribute named CsrfToken.class.getName().

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfTokenRequestProcessor

public CsrfTokenRequestProcessor()

Method Detail

setCsrfRequestAttributeName

public final void setCsrfRequestAttributeName(java.lang.String csrfRequestAttributeName)

The CsrfToken is available as a request attribute named CsrfToken.class.getName(). By default, an additional request attribute that is the same as CsrfToken.getParameterName() is set. This attribute allows overriding the additional attribute.

Parameters:

csrfRequestAttributeName - the name of an additional request attribute with the value of the CsrfToken. Default is CsrfToken.getParameterName()

handle

public void handle(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   java.util.function.Supplier<CsrfToken> csrfToken)

Description copied from interface: CsrfTokenRequestAttributeHandler

Handles a request using a CsrfToken.

Specified by:

handle in interface CsrfTokenRequestAttributeHandler

Parameters:

request - the HttpServletRequest being handled

response - the HttpServletResponse being handled

csrfToken - the CsrfToken created by the CsrfTokenRepository

resolveCsrfTokenValue

public java.lang.String resolveCsrfTokenValue(javax.servlet.http.HttpServletRequest request,
                                              CsrfToken csrfToken)

Description copied from interface: CsrfTokenRequestResolver

Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.

Specified by:

resolveCsrfTokenValue in interface CsrfTokenRequestResolver

Parameters:

request - the HttpServletRequest being processed

csrfToken - the CsrfToken created by the CsrfTokenRepository

Returns:

the token value resolved from the request