Package org.springframework.security.web.server.csrf

Class XorServerCsrfTokenRequestAttributeHandler

java.lang.Object

org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

All Implemented Interfaces:

ServerCsrfTokenRequestHandler, ServerCsrfTokenRequestResolver

public final class XorServerCsrfTokenRequestAttributeHandler
extends ServerCsrfTokenRequestAttributeHandler

An implementation of the ServerCsrfTokenRequestAttributeHandler and ServerCsrfTokenRequestResolver interfaces that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a form data value or header of the request.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
XorServerCsrfTokenRequestAttributeHandler()

Method Summary

Modifier and Type	Method	Description
void	handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken)	Handles a request using a CsrfToken.
reactor.core.publisher.Mono<String>	resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken)	Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.
void	setSecureRandom(SecureRandom secureRandom)	Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

Methods inherited from class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

setTokenFromMultipartDataEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XorServerCsrfTokenRequestAttributeHandler

public XorServerCsrfTokenRequestAttributeHandler()

Method Details

setSecureRandom

public void setSecureRandom(SecureRandom secureRandom)

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

Parameters:

secureRandom - the SecureRandom to use to generate random bytes

handle

public void handle(org.springframework.web.server.ServerWebExchange exchange,
 reactor.core.publisher.Mono<CsrfToken> csrfToken)

Description copied from interface: ServerCsrfTokenRequestHandler

Handles a request using a CsrfToken.

Specified by:

handle in interface ServerCsrfTokenRequestHandler

Overrides:

handle in class ServerCsrfTokenRequestAttributeHandler

Parameters:

exchange - the ServerWebExchange with the request being handled

csrfToken - the Mono<CsrfToken> created by the ServerCsrfTokenRepository

resolveCsrfTokenValue

public reactor.core.publisher.Mono<String> resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange,
 CsrfToken csrfToken)

Description copied from interface: ServerCsrfTokenRequestResolver

Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.

Specified by:

resolveCsrfTokenValue in interface ServerCsrfTokenRequestHandler

Specified by:

resolveCsrfTokenValue in interface ServerCsrfTokenRequestResolver

Overrides:

resolveCsrfTokenValue in class ServerCsrfTokenRequestAttributeHandler

Parameters:

exchange - the ServerWebExchange with the request being processed

csrfToken - the CsrfToken created by the ServerCsrfTokenRepository

Returns:

the token value resolved from the request