Class CsrfAuthenticationStrategy
java.lang.Object
org.springframework.security.web.csrf.CsrfAuthenticationStrategy
- All Implemented Interfaces:
SessionAuthenticationStrategy
public final class CsrfAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating. A new CsrfToken will then be generated by the framework upon
the next request.- Since:
- 3.2
-
Constructor Summary
ConstructorsConstructorDescriptionCsrfAuthenticationStrategy(CsrfTokenRepository tokenRepository) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionvoidonAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Performs Http session-related functionality when a new authentication occurs.voidsetRequestHandler(CsrfTokenRequestHandler requestHandler) Specify aCsrfTokenRequestHandlerto use for making theCsrfTokenavailable as a request attribute.
-
Constructor Details
-
CsrfAuthenticationStrategy
Creates a new instance- Parameters:
tokenRepository- theCsrfTokenRepositoryto use
-
-
Method Details
-
setRequestHandler
Specify aCsrfTokenRequestHandlerto use for making theCsrfTokenavailable as a request attribute.- Parameters:
requestHandler- theCsrfTokenRequestHandlerto use
-
onAuthentication
public void onAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws SessionAuthenticationException Description copied from interface:SessionAuthenticationStrategyPerforms Http session-related functionality when a new authentication occurs.- Specified by:
onAuthenticationin interfaceSessionAuthenticationStrategy- Throws:
SessionAuthenticationException- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
-