Package org.springframework.security.web.csrf

Class DefaultCsrfToken

java.lang.Object
org.springframework.security.web.csrf.DefaultCsrfToken
All Implemented Interfaces:
Serializable, CsrfToken
public final class DefaultCsrfToken extends Object implements CsrfToken
A CSRF token that is used to protect against CSRF attacks.
Since:
3.2
See Also:

  • Constructor Details

    • DefaultCsrfToken

      public DefaultCsrfToken(String headerName, String parameterName, String token)
      Creates a new instance
      Parameters:
      headerName - the HTTP header name to use
      parameterName - the HTTP parameter name to use
      token - the value of the token (i.e. expected value of the HTTP parameter of parametername).

  • Method Details

    • getHeaderName

      public String getHeaderName()
      Description copied from interface: CsrfToken
      Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter. Cannot be null.
      Specified by:
      getHeaderName in interface CsrfToken
      Returns:
      the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter

    • getParameterName

      public String getParameterName()
      Description copied from interface: CsrfToken
      Gets the HTTP parameter name that should contain the token. Cannot be null.
      Specified by:
      getParameterName in interface CsrfToken
      Returns:
      the HTTP parameter name that should contain the token.

    • getToken

      public String getToken()
      Description copied from interface: CsrfToken
      Gets the token value. Cannot be null.
      Specified by:
      getToken in interface CsrfToken
      Returns:
      the token value