Class CsrfAuthenticationStrategy
java.lang.Object
org.springframework.security.web.csrf.CsrfAuthenticationStrategy
- All Implemented Interfaces:
SessionAuthenticationStrategy
public final class CsrfAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy
CsrfAuthenticationStrategy
is in charge of removing the CsrfToken
upon
authenticating. A new CsrfToken
will then be generated by the framework upon
the next request.- Since:
- 3.2
-
Constructor Summary
ConstructorDescriptionCsrfAuthenticationStrategy
(CsrfTokenRepository csrfTokenRepository) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionvoid
onAuthentication
(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Performs Http session-related functionality when a new authentication occurs.
-
Constructor Details
-
CsrfAuthenticationStrategy
Creates a new instance- Parameters:
csrfTokenRepository
- theCsrfTokenRepository
to use
-
-
Method Details
-
onAuthentication
public void onAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws SessionAuthenticationException Description copied from interface:SessionAuthenticationStrategy
Performs Http session-related functionality when a new authentication occurs.- Specified by:
onAuthentication
in interfaceSessionAuthenticationStrategy
- Throws:
SessionAuthenticationException
- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
-