Package org.springframework.security.web.csrf
package org.springframework.security.web.csrf
-
ClassDescriptionA
CsrfTokenRepositorythat persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.CsrfAuthenticationStrategyis in charge of removing theCsrfTokenupon authenticating.Thrown when an invalid or missingCsrfTokenis found in the HttpServletRequestApplies CSRF protection using a synchronizer token pattern.CsrfLogoutHandleris in charge of removing theCsrfTokenupon logout.Provides the information about an expected CSRF token.An API to allow changing the method in which the expectedCsrfTokenis associated to theHttpServletRequest.A callback interface that is used to make theCsrfTokencreated by theCsrfTokenRepositoryavailable as a request attribute.An implementation of theCsrfTokenRequestAttributeHandlerandCsrfTokenRequestResolverinterfaces that is capable of making theCsrfTokenavailable as a request attribute and resolving the token value as either a header or parameter value of the request.Implementations of this interface are capable of resolving the token value of aCsrfTokenfrom the providedHttpServletRequest.A CSRF token that is used to protect against CSRF attacks.Thrown when an expectedCsrfTokenexists, but it does not match the value present on theHttpServletRequestACsrfTokenRepositorythat delays saving newCsrfTokenuntil the attributes of theCsrfTokenthat were generated are accessed.Thrown when no expectedCsrfTokenis found but is required.