Class LazyCsrfTokenRepository

java.lang.Object
org.springframework.security.web.csrf.LazyCsrfTokenRepository
All Implemented Interfaces:
CsrfTokenRepository

public final class LazyCsrfTokenRepository extends Object implements CsrfTokenRepository
A CsrfTokenRepository that delays saving new CsrfToken until the attributes of the CsrfToken that were generated are accessed.
Since:
4.1
  • Constructor Details

  • Method Details

    • setDeferLoadToken

      public void setDeferLoadToken(boolean deferLoadToken)
      Determines if loadToken(HttpServletRequest) should be lazily loaded.
      Parameters:
      deferLoadToken - true if should lazily load loadToken(HttpServletRequest). Default false.
    • generateToken

      public CsrfToken generateToken(jakarta.servlet.http.HttpServletRequest request)
      Generates a new token
      Specified by:
      generateToken in interface CsrfTokenRepository
      Parameters:
      request - the HttpServletRequest to use. The HttpServletRequest must have the HttpServletResponse as an attribute with the name of HttpServletResponse.class.getName()
      Returns:
      the CsrfToken that was generated. Cannot be null.
    • saveToken

      public void saveToken(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Does nothing if the CsrfToken is not null. Saving is done only when the CsrfToken.getToken() is accessed from generateToken(HttpServletRequest). If it is null, then the save is performed immediately.
      Specified by:
      saveToken in interface CsrfTokenRepository
      Parameters:
      token - the CsrfToken to save or null to delete
      request - the HttpServletRequest to use
      response - the HttpServletResponse to use
    • loadToken

      public CsrfToken loadToken(jakarta.servlet.http.HttpServletRequest request)
      Delegates to the injected CsrfTokenRepository
      Specified by:
      loadToken in interface CsrfTokenRepository
      Parameters:
      request - the HttpServletRequest to use
      Returns:
      the CsrfToken or null if none exists