Class CsrfAuthenticationStrategy
- java.lang.Object
-
- org.springframework.security.web.csrf.CsrfAuthenticationStrategy
-
- All Implemented Interfaces:
SessionAuthenticationStrategy
public final class CsrfAuthenticationStrategy extends java.lang.Object implements SessionAuthenticationStrategy
CsrfAuthenticationStrategy
is in charge of removing theCsrfToken
upon authenticating. A newCsrfToken
will then be generated by the framework upon the next request.- Since:
- 3.2
-
-
Constructor Summary
Constructors Constructor Description CsrfAuthenticationStrategy(CsrfTokenRepository tokenRepository)
Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.void
setRequestHandler(CsrfTokenRequestHandler requestHandler)
Specify aCsrfTokenRequestHandler
to use for making theCsrfToken
available as a request attribute.
-
-
-
Constructor Detail
-
CsrfAuthenticationStrategy
public CsrfAuthenticationStrategy(CsrfTokenRepository tokenRepository)
Creates a new instance- Parameters:
tokenRepository
- theCsrfTokenRepository
to use
-
-
Method Detail
-
setRequestHandler
public void setRequestHandler(CsrfTokenRequestHandler requestHandler)
Specify aCsrfTokenRequestHandler
to use for making theCsrfToken
available as a request attribute.- Parameters:
requestHandler
- theCsrfTokenRequestHandler
to use
-
onAuthentication
public void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException
Description copied from interface:SessionAuthenticationStrategy
Performs Http session-related functionality when a new authentication occurs.- Specified by:
onAuthentication
in interfaceSessionAuthenticationStrategy
- Throws:
SessionAuthenticationException
- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
-
-