CsrfAuthenticationStrategy (spring-security-docs 5.8.12 API)

java.lang.Object
- org.springframework.security.web.csrf.CsrfAuthenticationStrategy

All Implemented Interfaces:

SessionAuthenticationStrategy
```
public final class CsrfAuthenticationStrategy
extends java.lang.Object
implements SessionAuthenticationStrategy
```
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating. A new CsrfToken will then be generated by the framework upon the next request.

Since:

3.2

Constructor Summary

Constructors
Constructor Description

CsrfAuthenticationStrategy(CsrfTokenRepository tokenRepository)
Creates a new instance

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Performs Http session-related functionality when a new authentication occurs.
`void`	`setRequestHandler(CsrfTokenRequestHandler requestHandler)`	Specify a `CsrfTokenRequestHandler` to use for making the `CsrfToken` available as a request attribute.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CsrfAuthenticationStrategy
```
public CsrfAuthenticationStrategy(CsrfTokenRepository tokenRepository)
```
    Creates a new instance
    
    Parameters:
    
    tokenRepository - the CsrfTokenRepository to use
- Method Detail
  - setRequestHandler
```
public void setRequestHandler(CsrfTokenRequestHandler requestHandler)
```
    Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.
    
    Parameters:
    
    requestHandler - the CsrfTokenRequestHandler to use
  - onAuthentication
```
public void onAuthentication(Authentication authentication,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws SessionAuthenticationException
```
    Description copied from interface: SessionAuthenticationStrategy
    
    Performs Http session-related functionality when a new authentication occurs.
    
    Specified by:
    
    onAuthentication in interface SessionAuthenticationStrategy
    
    Throws:
    
    SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.