Package org.springframework.security.web.csrf
-
Interface Summary Interface Description CsrfToken Provides the information about an expected CSRF token.CsrfTokenRepository An API to allow changing the method in which the expectedCsrfToken
is associated to theHttpServletRequest
.CsrfTokenRequestAttributeHandler A callback interface that is used to make theCsrfToken
created by theCsrfTokenRepository
available as a request attribute.CsrfTokenRequestResolver Implementations of this interface are capable of resolving the token value of aCsrfToken
from the providedHttpServletRequest
. -
Class Summary Class Description CookieCsrfTokenRepository ACsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.CsrfAuthenticationStrategy CsrfAuthenticationStrategy
is in charge of removing theCsrfToken
upon authenticating.CsrfFilter Applies CSRF protection using a synchronizer token pattern.CsrfLogoutHandler CsrfLogoutHandler
is in charge of removing theCsrfToken
upon logout.CsrfTokenRequestProcessor An implementation of theCsrfTokenRequestAttributeHandler
andCsrfTokenRequestResolver
interfaces that is capable of making theCsrfToken
available as a request attribute and resolving the token value as either a header or parameter value of the request.DefaultCsrfToken A CSRF token that is used to protect against CSRF attacks.HttpSessionCsrfTokenRepository LazyCsrfTokenRepository ACsrfTokenRepository
that delays saving newCsrfToken
until the attributes of theCsrfToken
that were generated are accessed. -
Exception Summary Exception Description CsrfException Thrown when an invalid or missingCsrfToken
is found in the HttpServletRequestInvalidCsrfTokenException Thrown when an expectedCsrfToken
exists, but it does not match the value present on theHttpServletRequest
MissingCsrfTokenException Thrown when no expectedCsrfToken
is found but is required.