Class XorServerCsrfTokenRequestAttributeHandler
java.lang.Object
org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
- All Implemented Interfaces:
ServerCsrfTokenRequestHandler
,ServerCsrfTokenRequestResolver
public final class XorServerCsrfTokenRequestAttributeHandler
extends ServerCsrfTokenRequestAttributeHandler
An implementation of the
ServerCsrfTokenRequestAttributeHandler
and
ServerCsrfTokenRequestResolver
interfaces that is capable of masking the value
of the CsrfToken
on each request and resolving the raw token value from the
masked value as either a form data value or header of the request.- Since:
- 5.8
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
handle
(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken) Handles a request using aCsrfToken
.reactor.core.publisher.Mono<String>
resolveCsrfTokenValue
(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken) Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.void
setSecureRandom
(SecureRandom secureRandom) Specifies theSecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request.Methods inherited from class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
setTokenFromMultipartDataEnabled
-
Constructor Details
-
XorServerCsrfTokenRequestAttributeHandler
public XorServerCsrfTokenRequestAttributeHandler()
-
-
Method Details
-
setSecureRandom
Specifies theSecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request.- Parameters:
secureRandom
- theSecureRandom
to use to generate random bytes
-
handle
public void handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken) Description copied from interface:ServerCsrfTokenRequestHandler
Handles a request using aCsrfToken
.- Specified by:
handle
in interfaceServerCsrfTokenRequestHandler
- Overrides:
handle
in classServerCsrfTokenRequestAttributeHandler
- Parameters:
exchange
- theServerWebExchange
with the request being handledcsrfToken
- theMono<CsrfToken>
created by theServerCsrfTokenRepository
-
resolveCsrfTokenValue
public reactor.core.publisher.Mono<String> resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken) Description copied from interface:ServerCsrfTokenRequestResolver
Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestHandler
- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestResolver
- Overrides:
resolveCsrfTokenValue
in classServerCsrfTokenRequestAttributeHandler
- Parameters:
exchange
- theServerWebExchange
with the request being processedcsrfToken
- theCsrfToken
created by theServerCsrfTokenRepository
- Returns:
- the token value resolved from the request
-