Package org.springframework.security.web.server.csrf

@NullMarked package org.springframework.security.web.server.csrf

Reactive APIs for protecting against CSRF attacks.

Related Packages

Package	Description
org.springframework.security.web.server	WebFlux Spring Security support.

Class	Description
CookieServerCsrfTokenRepository	A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CsrfException	Thrown when an invalid or missing CsrfToken is found in the ServerWebExchange
CsrfServerLogoutHandler	CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfToken
CsrfWebFilter	Applies CSRF protection using a synchronizer token pattern.
DefaultCsrfToken	A CSRF token that is used to protect against CSRF attacks.
ServerCsrfTokenRepository	An API to allow changing the method in which the expected CsrfToken is associated to the ServerWebExchange.
ServerCsrfTokenRequestAttributeHandler	An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.
ServerCsrfTokenRequestHandler	A callback interface that is used to make the CsrfToken created by the ServerCsrfTokenRepository available as an exchange attribute.
ServerCsrfTokenRequestResolver	Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided ServerWebExchange.
WebSessionServerCsrfTokenRepository	A ServerCsrfTokenRepository that stores the CsrfToken in the WebSession.
XorServerCsrfTokenRequestAttributeHandler	An implementation of the ServerCsrfTokenRequestAttributeHandler and ServerCsrfTokenRequestResolver interfaces that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a form data value or header of the request.