Class ServerHttpSecurity.CsrfSpec
- java.lang.Object
- 
- org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
 
- 
- Enclosing class:
- ServerHttpSecurity
 
 public final class ServerHttpSecurity.CsrfSpec extends java.lang.ObjectConfigures CSRF Protection- Since:
- 5.0
- See Also:
- ServerHttpSecurity.csrf()
 
- 
- 
Method Summary
 
- 
- 
- 
Method Detail- 
accessDeniedHandlerpublic ServerHttpSecurity.CsrfSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) Configures theServerAccessDeniedHandlerused when a CSRF token is invalid. Default is to send anHttpStatus.FORBIDDEN.- Parameters:
- accessDeniedHandler- the access denied handler.
- Returns:
- the ServerHttpSecurity.CsrfSpecfor additional configuration
 
 - 
csrfTokenRepositorypublic ServerHttpSecurity.CsrfSpec csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository) Configures theServerCsrfTokenRepositoryused to persist the CSRF Token. Default isWebSessionServerCsrfTokenRepository.- Parameters:
- csrfTokenRepository- the repository to use
- Returns:
- the ServerHttpSecurity.CsrfSpecfor additional configuration
 
 - 
requireCsrfProtectionMatcherpublic ServerHttpSecurity.CsrfSpec requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher) Configures theServerWebExchangeMatcherused to determine when CSRF protection is enabled. Default is PUT, POST, DELETE requests.- Parameters:
- requireCsrfProtectionMatcher- the matcher to use
- Returns:
- the ServerHttpSecurity.CsrfSpecfor additional configuration
 
 - 
tokenFromMultipartDataEnabled@Deprecated public ServerHttpSecurity.CsrfSpec tokenFromMultipartDataEnabled(boolean enabled) Deprecated.Specifies ifCsrfWebFiltershould try to resolve the actual CSRF token from the body of multipart data requests.- Parameters:
- enabled- true if should read from multipart form body, else false. Default is false
- Returns:
- the ServerHttpSecurity.CsrfSpecfor additional configuration
 
 - 
csrfTokenRequestHandlerpublic ServerHttpSecurity.CsrfSpec csrfTokenRequestHandler(ServerCsrfTokenRequestHandler requestHandler) Specifies aServerCsrfTokenRequestHandlerthat is used to make theCsrfTokenavailable as an exchange attribute.- Parameters:
- requestHandler- the- ServerCsrfTokenRequestHandlerto use
- Returns:
- the ServerHttpSecurity.CsrfSpecfor additional configuration
- Since:
- 5.8
 
 - 
andpublic ServerHttpSecurity and() Allows method chaining to continue configuring theServerHttpSecurity- Returns:
- the ServerHttpSecurityto continue configuring
 
 - 
disablepublic ServerHttpSecurity disable() Disables CSRF Protection. Disabling CSRF Protection is only recommended when the application is never used within a browser.- Returns:
- the ServerHttpSecurityto continue configuring
 
 - 
configureprotected void configure(ServerHttpSecurity http) 
 
- 
 
-