Package org.springframework.security.web.csrf

Class CsrfTokenRequestAttributeHandler

java.lang.Object
org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
All Implemented Interfaces:
CsrfTokenRequestHandler, CsrfTokenRequestResolver
Direct Known Subclasses:
XorCsrfTokenRequestAttributeHandler
public class CsrfTokenRequestAttributeHandler extends Object implements CsrfTokenRequestHandler
An implementation of the CsrfTokenRequestHandler interface that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.
Since:
5.8

  • Constructor Details

    • CsrfTokenRequestAttributeHandler

      public CsrfTokenRequestAttributeHandler()

  • Method Details

    • setCsrfRequestAttributeName

      public final void setCsrfRequestAttributeName(String csrfRequestAttributeName)
      The CsrfToken is available as a request attribute named CsrfToken.class.getName(). By default, an additional request attribute that is the same as CsrfToken.getParameterName() is set. This attribute allows overriding the additional attribute.
      Parameters:
      csrfRequestAttributeName - the name of an additional request attribute with the value of the CsrfToken. Default is CsrfToken.getParameterName()

    • handle

      public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> deferredCsrfToken)
      Description copied from interface: CsrfTokenRequestHandler
      Handles a request using a CsrfToken.
      Specified by:
      handle in interface CsrfTokenRequestHandler
      Parameters:
      request - the HttpServletRequest being handled
      response - the HttpServletResponse being handled
      deferredCsrfToken - the CsrfToken created by the CsrfTokenRepository