Class XorCsrfTokenRequestAttributeHandler
- java.lang.Object
-
- org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
-
- org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
-
- All Implemented Interfaces:
CsrfTokenRequestHandler,CsrfTokenRequestResolver
public final class XorCsrfTokenRequestAttributeHandler extends CsrfTokenRequestAttributeHandler
An implementation of theCsrfTokenRequestHandlerinterface that is capable of masking the value of theCsrfTokenon each request and resolving the raw token value from the masked value as either a header or parameter value of the request.- Since:
- 5.8
-
-
Constructor Summary
Constructors Constructor Description XorCsrfTokenRequestAttributeHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidhandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.function.Supplier<CsrfToken> deferredCsrfToken)Handles a request using aCsrfToken.java.lang.StringresolveCsrfTokenValue(javax.servlet.http.HttpServletRequest request, CsrfToken csrfToken)Returns the token value resolved from the providedHttpServletRequestandCsrfTokenornullif not available.voidsetSecureRandom(java.security.SecureRandom secureRandom)Specifies theSecureRandomused to generate random bytes that are used to mask the value of theCsrfTokenon each request.-
Methods inherited from class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
setCsrfRequestAttributeName
-
-
-
-
Method Detail
-
setSecureRandom
public void setSecureRandom(java.security.SecureRandom secureRandom)
Specifies theSecureRandomused to generate random bytes that are used to mask the value of theCsrfTokenon each request.- Parameters:
secureRandom- theSecureRandomto use to generate random bytes
-
handle
public void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.function.Supplier<CsrfToken> deferredCsrfToken)Description copied from interface:CsrfTokenRequestHandlerHandles a request using aCsrfToken.- Specified by:
handlein interfaceCsrfTokenRequestHandler- Overrides:
handlein classCsrfTokenRequestAttributeHandler- Parameters:
request- theHttpServletRequestbeing handledresponse- theHttpServletResponsebeing handleddeferredCsrfToken- theCsrfTokencreated by theCsrfTokenRepository
-
resolveCsrfTokenValue
public java.lang.String resolveCsrfTokenValue(javax.servlet.http.HttpServletRequest request, CsrfToken csrfToken)Description copied from interface:CsrfTokenRequestResolverReturns the token value resolved from the providedHttpServletRequestandCsrfTokenornullif not available.- Parameters:
request- theHttpServletRequestbeing processedcsrfToken- theCsrfTokencreated by theCsrfTokenRepository- Returns:
- the token value resolved from the request
-
-