org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

All Implemented Interfaces:: CsrfTokenRequestHandler, CsrfTokenRequestResolver

public final class XorCsrfTokenRequestAttributeHandler extends CsrfTokenRequestAttributeHandler

An implementation of the CsrfTokenRequestHandler interface that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.

Since:: 5.8

Constructor Summary

Constructors

Constructor

Description

XorCsrfTokenRequestAttributeHandler()
Method Summary

Modifier and Type

Method

Description

void

handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> deferredCsrfToken)

Handles a request using a CsrfToken.

@Nullable String

resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request, CsrfToken csrfToken)

Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.

void

setSecureRandom(SecureRandom secureRandom)

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

Methods inherited from class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
setCsrfRequestAttributeName

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- XorCsrfTokenRequestAttributeHandler
  
  public XorCsrfTokenRequestAttributeHandler()
Method Details
- setSecureRandom
  
  public void setSecureRandom(SecureRandom secureRandom)
  
  Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.
  
  Parameters:
  
  secureRandom - the SecureRandom to use to generate random bytes
- handle
  
  public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> deferredCsrfToken)
  
  Description copied from interface: CsrfTokenRequestHandler
  
  Handles a request using a CsrfToken.
  
  Specified by:
  
  handle in interface CsrfTokenRequestHandler
  
  Overrides:
  
  handle in class CsrfTokenRequestAttributeHandler
  
  Parameters:
  
  request - the HttpServletRequest being handled
  
  response - the HttpServletResponse being handled
  
  deferredCsrfToken - the CsrfToken created by the CsrfTokenRepository
- resolveCsrfTokenValue
  
  public @Nullable String resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request, CsrfToken csrfToken)
  
  Description copied from interface: CsrfTokenRequestResolver
  
  Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
  
  Parameters:
  
  request - the HttpServletRequest being processed
  
  csrfToken - the CsrfToken created by the CsrfTokenRepository
  
  Returns:
  
  the token value resolved from the request

Class XorCsrfTokenRequestAttributeHandler

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

Methods inherited from class java.lang.Object

Constructor Details

XorCsrfTokenRequestAttributeHandler

Method Details

setSecureRandom

handle

resolveCsrfTokenValue