Class HttpSessionCsrfTokenRepository
java.lang.Object
org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- All Implemented Interfaces:
CsrfTokenRepository
- Since:
- 3.2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptiongenerateToken
(jakarta.servlet.http.HttpServletRequest request) Generates aCsrfToken
loadToken
(jakarta.servlet.http.HttpServletRequest request) Loads the expectedCsrfToken
from theHttpServletRequest
void
saveToken
(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) void
setHeaderName
(String headerName) void
setParameterName
(String parameterName) Sets theHttpServletRequest
parameter name that theCsrfToken
is expected to appear onvoid
setSessionAttributeName
(String sessionAttributeName) Sets theHttpSession
attribute name that theCsrfToken
is stored in
-
Constructor Details
-
HttpSessionCsrfTokenRepository
public HttpSessionCsrfTokenRepository()
-
-
Method Details
-
saveToken
public void saveToken(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:CsrfTokenRepository
Saves theCsrfToken
using theHttpServletRequest
andHttpServletResponse
. If theCsrfToken
is null, it is the same as deleting it.- Specified by:
saveToken
in interfaceCsrfTokenRepository
- Parameters:
token
- theCsrfToken
to save or null to deleterequest
- theHttpServletRequest
to useresponse
- theHttpServletResponse
to use
-
loadToken
Description copied from interface:CsrfTokenRepository
Loads the expectedCsrfToken
from theHttpServletRequest
- Specified by:
loadToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use- Returns:
- the
CsrfToken
or null if none exists
-
generateToken
Description copied from interface:CsrfTokenRepository
Generates aCsrfToken
- Specified by:
generateToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use- Returns:
- the
CsrfToken
that was generated. Cannot be null.
-
setParameterName
Sets theHttpServletRequest
parameter name that theCsrfToken
is expected to appear on- Parameters:
parameterName
- the new parameter name to use
-
setHeaderName
Sets the header name that theCsrfToken
is expected to appear on and the header that the response will contain theCsrfToken
.- Parameters:
headerName
- the new header name to use
-
setSessionAttributeName
Sets theHttpSession
attribute name that theCsrfToken
is stored in- Parameters:
sessionAttributeName
- the new attribute name to use
-