Class WebSessionServerCsrfTokenRepository

java.lang.Object
org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
All Implemented Interfaces:
ServerCsrfTokenRepository

public class WebSessionServerCsrfTokenRepository extends Object implements ServerCsrfTokenRepository
A ServerCsrfTokenRepository that stores the CsrfToken in the HttpSession.
Since:
5.0
  • Constructor Details

    • WebSessionServerCsrfTokenRepository

      public WebSessionServerCsrfTokenRepository()
  • Method Details

    • generateToken

      public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Generates a CsrfToken
      Specified by:
      generateToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken that was generated. Cannot be null.
    • saveToken

      public reactor.core.publisher.Mono<Void> saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token)
      Description copied from interface: ServerCsrfTokenRepository
      Saves the CsrfToken using the ServerWebExchange. If the CsrfToken is null, it is the same as deleting it.
      Specified by:
      saveToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      token - the CsrfToken to save or null to delete
    • loadToken

      public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Loads the expected CsrfToken from the ServerWebExchange
      Specified by:
      loadToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken or null if none exists
    • setParameterName

      public void setParameterName(String parameterName)
      Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
      Parameters:
      parameterName - the new parameter name to use
    • setHeaderName

      public void setHeaderName(String headerName)
      Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
      Parameters:
      headerName - the new header name to use
    • setSessionAttributeName

      public void setSessionAttributeName(String sessionAttributeName)
      Sets the HttpSession attribute name that the CsrfToken is stored in
      Parameters:
      sessionAttributeName - the new attribute name to use