Package org.springframework.security.web.csrf

@NullMarked package org.springframework.security.web.csrf

APIs for protection against CSRF attacks.

Related Packages

Package	Description
org.springframework.security.web	Spring Security's web security module.

Class	Description
CookieCsrfTokenRepository	A CsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CsrfAuthenticationStrategy	CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating.
CsrfException	Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfFilter	Applies CSRF protection using a synchronizer token pattern.
CsrfLogoutHandler	CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfToken	Provides the information about an expected CSRF token.
CsrfTokenRepository	An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest.
CsrfTokenRequestAttributeHandler	An implementation of the CsrfTokenRequestHandler interface that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.
CsrfTokenRequestHandler	A callback interface that is used to make the CsrfToken created by the CsrfTokenRepository available as a request attribute.
CsrfTokenRequestResolver	Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided HttpServletRequest.
DefaultCsrfToken	A CSRF token that is used to protect against CSRF attacks.
DeferredCsrfToken	An interface that allows delayed access to a CsrfToken that may be generated.
HttpSessionCsrfTokenRepository	A CsrfTokenRepository that stores the CsrfToken in the HttpSession.
InvalidCsrfTokenException	Thrown when an expected CsrfToken exists, but it does not match the value present on the HttpServletRequest
MissingCsrfTokenException	Thrown when no expected CsrfToken is found but is required.
XorCsrfTokenRequestAttributeHandler	An implementation of the CsrfTokenRequestHandler interface that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.