Class ServerCsrfTokenRequestAttributeHandler

java.lang.Object
org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
All Implemented Interfaces:
ServerCsrfTokenRequestHandler, ServerCsrfTokenRequestResolver
Direct Known Subclasses:
XorServerCsrfTokenRequestAttributeHandler

public class ServerCsrfTokenRequestAttributeHandler extends Object implements ServerCsrfTokenRequestHandler
An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.
Since:
5.8
  • Constructor Details

    • ServerCsrfTokenRequestAttributeHandler

      public ServerCsrfTokenRequestAttributeHandler()
  • Method Details

    • handle

      public void handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken)
      Description copied from interface: ServerCsrfTokenRequestHandler
      Handles a request using a CsrfToken.
      Specified by:
      handle in interface ServerCsrfTokenRequestHandler
      Parameters:
      exchange - the ServerWebExchange with the request being handled
      csrfToken - the Mono<CsrfToken> created by the ServerCsrfTokenRepository
    • resolveCsrfTokenValue

      public reactor.core.publisher.Mono<String> resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken)
      Description copied from interface: ServerCsrfTokenRequestResolver
      Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.
      Specified by:
      resolveCsrfTokenValue in interface ServerCsrfTokenRequestHandler
      Specified by:
      resolveCsrfTokenValue in interface ServerCsrfTokenRequestResolver
      Parameters:
      exchange - the ServerWebExchange with the request being processed
      csrfToken - the CsrfToken created by the ServerCsrfTokenRepository
      Returns:
      the token value resolved from the request
    • setTokenFromMultipartDataEnabled

      public void setTokenFromMultipartDataEnabled(boolean tokenFromMultipartDataEnabled)
      Specifies if the ServerCsrfTokenRequestResolver should try to resolve the actual CSRF token from the body of multipart data requests.
      Parameters:
      tokenFromMultipartDataEnabled - true if should read from multipart form body, else false. Default is false