Class LazyCsrfTokenRepository
java.lang.Object
org.springframework.security.web.csrf.LazyCsrfTokenRepository
- All Implemented Interfaces:
CsrfTokenRepository
A
CsrfTokenRepository
that delays saving new CsrfToken
until the
attributes of the CsrfToken
that were generated are accessed.- Since:
- 4.1
-
Constructor Summary
ConstructorDescriptionLazyCsrfTokenRepository
(CsrfTokenRepository delegate) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptiongenerateToken
(jakarta.servlet.http.HttpServletRequest request) Generates a new tokenloadToken
(jakarta.servlet.http.HttpServletRequest request) Delegates to the injectedCsrfTokenRepository
void
saveToken
(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Does nothing if theCsrfToken
is not null.void
setDeferLoadToken
(boolean deferLoadToken) Determines ifloadToken(HttpServletRequest)
should be lazily loaded.
-
Constructor Details
-
LazyCsrfTokenRepository
Creates a new instance- Parameters:
delegate
- theCsrfTokenRepository
to use. Cannot be null- Throws:
IllegalArgumentException
- if delegate is null.
-
-
Method Details
-
setDeferLoadToken
public void setDeferLoadToken(boolean deferLoadToken) Determines ifloadToken(HttpServletRequest)
should be lazily loaded.- Parameters:
deferLoadToken
- true if should lazily loadloadToken(HttpServletRequest)
. Default false.
-
generateToken
Generates a new token- Specified by:
generateToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use. TheHttpServletRequest
must have theHttpServletResponse
as an attribute with the name ofHttpServletResponse.class.getName()
- Returns:
- the
CsrfToken
that was generated. Cannot be null.
-
saveToken
public void saveToken(CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Does nothing if theCsrfToken
is not null. Saving is done only when theCsrfToken.getToken()
is accessed fromgenerateToken(HttpServletRequest)
. If it is null, then the save is performed immediately.- Specified by:
saveToken
in interfaceCsrfTokenRepository
- Parameters:
token
- theCsrfToken
to save or null to deleterequest
- theHttpServletRequest
to useresponse
- theHttpServletResponse
to use
-
loadToken
Delegates to the injectedCsrfTokenRepository
- Specified by:
loadToken
in interfaceCsrfTokenRepository
- Parameters:
request
- theHttpServletRequest
to use- Returns:
- the
CsrfToken
or null if none exists
-