org.springframework.security.web.server.csrf

Class WebSessionServerCsrfTokenRepository

java.lang.Object

org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

All Implemented Interfaces:

ServerCsrfTokenRepository

public class WebSessionServerCsrfTokenRepository
extends java.lang.Object
implements ServerCsrfTokenRepository

A ServerCsrfTokenRepository that stores the CsrfToken in the HttpSession.

Since:

5.0

Constructor Summary

Constructors

Constructor and Description
WebSessionServerCsrfTokenRepository()

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<CsrfToken>	generateToken(org.springframework.web.server.ServerWebExchange exchange) Generates a CsrfToken
reactor.core.publisher.Mono<CsrfToken>	loadToken(org.springframework.web.server.ServerWebExchange exchange) Loads the expected CsrfToken from the ServerWebExchange
reactor.core.publisher.Mono<java.lang.Void>	saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token) Saves the CsrfToken using the ServerWebExchange.
void	setHeaderName(java.lang.String headerName) Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
void	setParameterName(java.lang.String parameterName) Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
void	setSessionAttributeName(java.lang.String sessionAttributeName) Sets the HttpSession attribute name that the CsrfToken is stored in

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WebSessionServerCsrfTokenRepository

public WebSessionServerCsrfTokenRepository()

Method Detail

generateToken

public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerCsrfTokenRepository

Generates a CsrfToken

Specified by:

generateToken in interface ServerCsrfTokenRepository

Parameters:

exchange - the ServerWebExchange to use

Returns:

the CsrfToken that was generated. Cannot be null.

saveToken

public reactor.core.publisher.Mono<java.lang.Void> saveToken(org.springframework.web.server.ServerWebExchange exchange,
                                                             CsrfToken token)

Description copied from interface: ServerCsrfTokenRepository

Saves the CsrfToken using the ServerWebExchange. If the CsrfToken is null, it is the same as deleting it.

Specified by:

saveToken in interface ServerCsrfTokenRepository

Parameters:

exchange - the ServerWebExchange to use

token - the CsrfToken to save or null to delete

loadToken

public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerCsrfTokenRepository

Loads the expected CsrfToken from the ServerWebExchange

Specified by:

loadToken in interface ServerCsrfTokenRepository

Parameters:

exchange - the ServerWebExchange to use

Returns:

the CsrfToken or null if none exists

setParameterName

public void setParameterName(java.lang.String parameterName)

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

Parameters:

parameterName - the new parameter name to use

setHeaderName

public void setHeaderName(java.lang.String headerName)

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

Parameters:

headerName - the new header name to use

setSessionAttributeName

public void setSessionAttributeName(java.lang.String sessionAttributeName)

Sets the HttpSession attribute name that the CsrfToken is stored in

Parameters:

sessionAttributeName - the new attribute name to use