Class CookieServerCsrfTokenRepository
java.lang.Object
org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- All Implemented Interfaces:
ServerCsrfTokenRepository
public final class CookieServerCsrfTokenRepository
extends Object
implements ServerCsrfTokenRepository
A
ServerCsrfTokenRepository
that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse()
.- Since:
- 5.1
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<CsrfToken>
generateToken
(org.springframework.web.server.ServerWebExchange exchange) Generates aCsrfToken
reactor.core.publisher.Mono<CsrfToken>
loadToken
(org.springframework.web.server.ServerWebExchange exchange) Loads the expectedCsrfToken
from theServerWebExchange
reactor.core.publisher.Mono<Void>
Saves theCsrfToken
using theServerWebExchange
.void
setCookieCustomizer
(Consumer<org.springframework.http.ResponseCookie.ResponseCookieBuilder> cookieCustomizer) Add aConsumer
for aResponseCookieBuilder
that will be invoked for each cookie being built, just before the call tobuild()
.void
setCookieDomain
(String cookieDomain) Deprecated.void
setCookieHttpOnly
(boolean cookieHttpOnly) Deprecated.UsesetCookieCustomizer(Consumer)
instead.void
setCookieMaxAge
(int cookieMaxAge) Deprecated.UsesetCookieCustomizer(Consumer)
instead.void
setCookieName
(String cookieName) Sets the cookie namevoid
setCookiePath
(String cookiePath) Sets the cookie pathvoid
setHeaderName
(String headerName) Sets the header namevoid
setParameterName
(String parameterName) Sets the parameter namevoid
setSecure
(boolean secure) Deprecated.UsesetCookieCustomizer(Consumer)
instead.Factory method to conveniently create an instance that has creates cookies withResponseCookie.isHttpOnly()
set to false.
-
Constructor Details
-
CookieServerCsrfTokenRepository
public CookieServerCsrfTokenRepository()
-
-
Method Details
-
setCookieCustomizer
public void setCookieCustomizer(Consumer<org.springframework.http.ResponseCookie.ResponseCookieBuilder> cookieCustomizer) Add aConsumer
for aResponseCookieBuilder
that will be invoked for each cookie being built, just before the call tobuild()
.- Parameters:
cookieCustomizer
- consumer for a cookie builder- Since:
- 6.1
-
withHttpOnlyFalse
Factory method to conveniently create an instance that has creates cookies withResponseCookie.isHttpOnly()
set to false.- Returns:
- an instance of CookieCsrfTokenRepository that creates cookies with
ResponseCookie.isHttpOnly()
set to false
-
generateToken
public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange) Description copied from interface:ServerCsrfTokenRepository
Generates aCsrfToken
- Specified by:
generateToken
in interfaceServerCsrfTokenRepository
- Parameters:
exchange
- theServerWebExchange
to use- Returns:
- the
CsrfToken
that was generated. Cannot be null.
-
saveToken
public reactor.core.publisher.Mono<Void> saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token) Description copied from interface:ServerCsrfTokenRepository
Saves theCsrfToken
using theServerWebExchange
. If theCsrfToken
is null, it is the same as deleting it.- Specified by:
saveToken
in interfaceServerCsrfTokenRepository
- Parameters:
exchange
- theServerWebExchange
to usetoken
- theCsrfToken
to save or null to delete
-
loadToken
public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange) Description copied from interface:ServerCsrfTokenRepository
Loads the expectedCsrfToken
from theServerWebExchange
- Specified by:
loadToken
in interfaceServerCsrfTokenRepository
- Parameters:
exchange
- theServerWebExchange
to use- Returns:
- the
CsrfToken
or null if none exists
-
setCookieHttpOnly
Deprecated.UsesetCookieCustomizer(Consumer)
instead. -
setCookieName
Sets the cookie name- Parameters:
cookieName
- The cookie name
-
setParameterName
Sets the parameter name- Parameters:
parameterName
- The parameter name
-
setHeaderName
Sets the header name- Parameters:
headerName
- The header name
-
setCookiePath
Sets the cookie path- Parameters:
cookiePath
- The cookie path
-
setCookieDomain
Deprecated.UsesetCookieCustomizer(Consumer)
instead. -
setSecure
Deprecated.UsesetCookieCustomizer(Consumer)
instead.- Since:
- 5.5
-
setCookieMaxAge
Deprecated.UsesetCookieCustomizer(Consumer)
instead.- Since:
- 5.8
-
setCookieCustomizer(Consumer)
instead.