Package org.springframework.security.web.csrf

Interface CsrfTokenRepository

    • Method Detail

      • generateToken

        CsrfToken generateToken​(javax.servlet.http.HttpServletRequest request)
        Generates a CsrfToken
        Parameters:
        request - the HttpServletRequest to use
        Returns:
        the CsrfToken that was generated. Cannot be null.

      • saveToken

        void saveToken​(CsrfToken token,
               javax.servlet.http.HttpServletRequest request,
               javax.servlet.http.HttpServletResponse response)
        Saves the CsrfToken using the HttpServletRequest and HttpServletResponse. If the CsrfToken is null, it is the same as deleting it.
        Parameters:
        token - the CsrfToken to save or null to delete
        request - the HttpServletRequest to use
        response - the HttpServletResponse to use

      • loadToken

        CsrfToken loadToken​(javax.servlet.http.HttpServletRequest request)
        Loads the expected CsrfToken from the HttpServletRequest
        Parameters:
        request - the HttpServletRequest to use
        Returns:
        the CsrfToken or null if none exists

      • loadDeferredToken

        default DeferredCsrfToken loadDeferredToken​(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)
        Defers loading the CsrfToken using the HttpServletRequest and HttpServletResponse until it is needed by the application.

        The returned DeferredCsrfToken is cached to allow subsequent calls to DeferredCsrfToken.get() to return the same CsrfToken without the cost of loading or generating the token again.

        Parameters:
        request - the HttpServletRequest to use
        response - the HttpServletResponse to use
        Returns:
        a DeferredCsrfToken that will load the CsrfToken
        Since:
        5.8