Class ServerCsrfTokenRequestAttributeHandler
java.lang.Object
org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
- All Implemented Interfaces:
ServerCsrfTokenRequestHandler
,ServerCsrfTokenRequestResolver
- Direct Known Subclasses:
XorServerCsrfTokenRequestAttributeHandler
public class ServerCsrfTokenRequestAttributeHandler
extends Object
implements ServerCsrfTokenRequestHandler
An implementation of the
ServerCsrfTokenRequestHandler
interface that is
capable of making the CsrfToken
available as an exchange attribute and
resolving the token value as either a form data value or header of the request.- Since:
- 5.8
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
handle
(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken) Handles a request using aCsrfToken
.reactor.core.publisher.Mono<String>
resolveCsrfTokenValue
(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken) Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.void
setTokenFromMultipartDataEnabled
(boolean tokenFromMultipartDataEnabled) Specifies if theServerCsrfTokenRequestResolver
should try to resolve the actual CSRF token from the body of multipart data requests.
-
Constructor Details
-
ServerCsrfTokenRequestAttributeHandler
public ServerCsrfTokenRequestAttributeHandler()
-
-
Method Details
-
handle
public void handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken) Description copied from interface:ServerCsrfTokenRequestHandler
Handles a request using aCsrfToken
.- Specified by:
handle
in interfaceServerCsrfTokenRequestHandler
- Parameters:
exchange
- theServerWebExchange
with the request being handledcsrfToken
- theMono<CsrfToken>
created by theServerCsrfTokenRepository
-
resolveCsrfTokenValue
public reactor.core.publisher.Mono<String> resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken) Description copied from interface:ServerCsrfTokenRequestResolver
Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestHandler
- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestResolver
- Parameters:
exchange
- theServerWebExchange
with the request being processedcsrfToken
- theCsrfToken
created by theServerCsrfTokenRepository
- Returns:
- the token value resolved from the request
-
setTokenFromMultipartDataEnabled
public void setTokenFromMultipartDataEnabled(boolean tokenFromMultipartDataEnabled) Specifies if theServerCsrfTokenRequestResolver
should try to resolve the actual CSRF token from the body of multipart data requests.- Parameters:
tokenFromMultipartDataEnabled
- true if should read from multipart form body, else false. Default is false
-