Package org.springframework.security.web.csrf

Class HttpSessionCsrfTokenRepository

java.lang.Object

org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

All Implemented Interfaces:

CsrfTokenRepository

public final class HttpSessionCsrfTokenRepository
extends Object
implements CsrfTokenRepository

A CsrfTokenRepository that stores the CsrfToken in the HttpSession.

Since:

3.2

Constructor Summary

Constructors

Constructor	Description
HttpSessionCsrfTokenRepository()

Method Summary

Modifier and Type	Method	Description
CsrfToken	generateToken(jakarta.servlet.http.HttpServletRequest request)	Generates a CsrfToken
@Nullable CsrfToken	loadToken(jakarta.servlet.http.HttpServletRequest request)	Loads the expected CsrfToken from the HttpServletRequest
void	saveToken(@Nullable CsrfToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.
void	setHeaderName(String headerName)	Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
void	setParameterName(String parameterName)	Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
void	setSessionAttributeName(String sessionAttributeName)	Sets the HttpSession attribute name that the CsrfToken is stored in

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.web.csrf.CsrfTokenRepository

loadDeferredToken

Constructor Details

HttpSessionCsrfTokenRepository

public HttpSessionCsrfTokenRepository()

Method Details

saveToken

public void saveToken(@Nullable CsrfToken token,
 jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Description copied from interface: CsrfTokenRepository

Saves the CsrfToken using the HttpServletRequest and HttpServletResponse. If the CsrfToken is null, it is the same as deleting it.

Specified by:

saveToken in interface CsrfTokenRepository

Parameters:

token - the CsrfToken to save or null to delete

request - the HttpServletRequest to use

response - the HttpServletResponse to use

loadToken

public @Nullable CsrfToken loadToken(jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: CsrfTokenRepository

Loads the expected CsrfToken from the HttpServletRequest

Specified by:

loadToken in interface CsrfTokenRepository

Parameters:

request - the HttpServletRequest to use

Returns:

the CsrfToken or null if none exists

generateToken

public CsrfToken generateToken(jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: CsrfTokenRepository

Generates a CsrfToken

Specified by:

generateToken in interface CsrfTokenRepository

Parameters:

request - the HttpServletRequest to use

Returns:

the CsrfToken that was generated. Cannot be null.

setParameterName

public void setParameterName(String parameterName)

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

Parameters:

parameterName - the new parameter name to use

setHeaderName

public void setHeaderName(String headerName)

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

Parameters:

headerName - the new header name to use

setSessionAttributeName

public void setSessionAttributeName(String sessionAttributeName)

Sets the HttpSession attribute name that the CsrfToken is stored in

Parameters:

sessionAttributeName - the new attribute name to use