org.springframework.security.web.csrf.CsrfTokenRequestProcessor

All Implemented Interfaces:: CsrfTokenRequestAttributeHandler, CsrfTokenRequestResolver

public class CsrfTokenRequestProcessor extends Object implements CsrfTokenRequestAttributeHandler, CsrfTokenRequestResolver

An implementation of the CsrfTokenRequestAttributeHandler and CsrfTokenRequestResolver interfaces that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.

Since:: 5.8

Constructor Summary

Constructors

Constructor

Description

CsrfTokenRequestProcessor()
Method Summary

Modifier and Type

Method

Description

void

handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> csrfToken)

Handles a request using a CsrfToken.

String

resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request, CsrfToken csrfToken)

Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.

final void

setCsrfRequestAttributeName(String csrfRequestAttributeName)

The CsrfToken is available as a request attribute named CsrfToken.class.getName().

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CsrfTokenRequestProcessor
  
  public CsrfTokenRequestProcessor()
Method Details
- setCsrfRequestAttributeName
  
  public final void setCsrfRequestAttributeName(String csrfRequestAttributeName)
  
  The CsrfToken is available as a request attribute named CsrfToken.class.getName(). By default, an additional request attribute that is the same as CsrfToken.getParameterName() is set. This attribute allows overriding the additional attribute.
  
  Parameters:
  
  csrfRequestAttributeName - the name of an additional request attribute with the value of the CsrfToken. Default is CsrfToken.getParameterName()
- handle
  
  public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> csrfToken)
  
  Description copied from interface: CsrfTokenRequestAttributeHandler
  
  Handles a request using a CsrfToken.
  
  Specified by:
  
  handle in interface CsrfTokenRequestAttributeHandler
  
  Parameters:
  
  request - the HttpServletRequest being handled
  
  response - the HttpServletResponse being handled
  
  csrfToken - the CsrfToken created by the CsrfTokenRepository
- resolveCsrfTokenValue
  
  public String resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request, CsrfToken csrfToken)
  
  Description copied from interface: CsrfTokenRequestResolver
  
  Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
  
  Specified by:
  
  resolveCsrfTokenValue in interface CsrfTokenRequestResolver
  
  Parameters:
  
  request - the HttpServletRequest being processed
  
  csrfToken - the CsrfToken created by the CsrfTokenRepository
  
  Returns:
  
  the token value resolved from the request

Class CsrfTokenRequestProcessor

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

CsrfTokenRequestProcessor

Method Details

setCsrfRequestAttributeName

handle

resolveCsrfTokenValue