Package org.springframework.security.web.csrf
-
Interface Summary Interface Description CsrfToken Provides the information about an expected CSRF token.CsrfTokenRepository An API to allow changing the method in which the expectedCsrfTokenis associated to theHttpServletRequest.CsrfTokenRequestHandler A callback interface that is used to make theCsrfTokencreated by theCsrfTokenRepositoryavailable as a request attribute.CsrfTokenRequestResolver Implementations of this interface are capable of resolving the token value of aCsrfTokenfrom the providedHttpServletRequest.DeferredCsrfToken An interface that allows delayed access to aCsrfTokenthat may be generated. -
Class Summary Class Description CookieCsrfTokenRepository ACsrfTokenRepositorythat persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.CsrfAuthenticationStrategy CsrfAuthenticationStrategyis in charge of removing theCsrfTokenupon authenticating.CsrfFilter Applies CSRF protection using a synchronizer token pattern.CsrfLogoutHandler CsrfLogoutHandleris in charge of removing theCsrfTokenupon logout.CsrfTokenRequestAttributeHandler An implementation of theCsrfTokenRequestHandlerinterface that is capable of making theCsrfTokenavailable as a request attribute and resolving the token value as either a header or parameter value of the request.DefaultCsrfToken A CSRF token that is used to protect against CSRF attacks.HttpSessionCsrfTokenRepository LazyCsrfTokenRepository Deprecated. XorCsrfTokenRequestAttributeHandler An implementation of theCsrfTokenRequestHandlerinterface that is capable of masking the value of theCsrfTokenon each request and resolving the raw token value from the masked value as either a header or parameter value of the request. -
Exception Summary Exception Description CsrfException Thrown when an invalid or missingCsrfTokenis found in the HttpServletRequestInvalidCsrfTokenException Thrown when an expectedCsrfTokenexists, but it does not match the value present on theHttpServletRequestMissingCsrfTokenException Thrown when no expectedCsrfTokenis found but is required.