Package org.springframework.security.web.csrf

Interface CsrfTokenRepository

All Known Implementing Classes:

CookieCsrfTokenRepository, HttpSessionCsrfTokenRepository, LazyCsrfTokenRepository

public interface CsrfTokenRepository

An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest. For example, it may be stored in HttpSession.

Since:

3.2

See Also:

• HttpSessionCsrfTokenRepository

Method Summary

Modifier and Type	Method	Description
CsrfToken	generateToken(jakarta.servlet.http.HttpServletRequest request)	Generates a CsrfToken
CsrfToken	loadToken(jakarta.servlet.http.HttpServletRequest request)	Loads the expected CsrfToken from the HttpServletRequest
void	saveToken(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.

Method Details

generateToken

CsrfToken generateToken(jakarta.servlet.http.HttpServletRequest request)

Generates a CsrfToken

Parameters:

request - the HttpServletRequest to use

Returns:

the CsrfToken that was generated. Cannot be null.

saveToken

void saveToken(CsrfToken token,
 jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Saves the CsrfToken using the HttpServletRequest and HttpServletResponse. If the CsrfToken is null, it is the same as deleting it.

Parameters:

token - the CsrfToken to save or null to delete

request - the HttpServletRequest to use

response - the HttpServletResponse to use

loadToken

CsrfToken loadToken(jakarta.servlet.http.HttpServletRequest request)

Loads the expected CsrfToken from the HttpServletRequest

Parameters:

request - the HttpServletRequest to use

Returns:

the CsrfToken or null if none exists