Package org.springframework.security.web.csrf
package org.springframework.security.web.csrf
-
ClassDescriptionA
CsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.CsrfAuthenticationStrategy
is in charge of removing theCsrfToken
upon authenticating.Thrown when an invalid or missingCsrfToken
is found in the HttpServletRequestApplies CSRF protection using a synchronizer token pattern.CsrfLogoutHandler
is in charge of removing theCsrfToken
upon logout.Provides the information about an expected CSRF token.An API to allow changing the method in which the expectedCsrfToken
is associated to theHttpServletRequest
.An implementation of theCsrfTokenRequestHandler
interface that is capable of making theCsrfToken
available as a request attribute and resolving the token value as either a header or parameter value of the request.A callback interface that is used to make theCsrfToken
created by theCsrfTokenRepository
available as a request attribute.Implementations of this interface are capable of resolving the token value of aCsrfToken
from the providedHttpServletRequest
.A CSRF token that is used to protect against CSRF attacks.An interface that allows delayed access to aCsrfToken
that may be generated.Thrown when an expectedCsrfToken
exists, but it does not match the value present on theHttpServletRequest
Deprecated.Thrown when no expectedCsrfToken
is found but is required.An implementation of theCsrfTokenRequestHandler
interface that is capable of masking the value of theCsrfToken
on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.
CsrfTokenRepository.loadDeferredToken(HttpServletRequest, HttpServletResponse)
which returns aDeferredCsrfToken