Class CookieServerCsrfTokenRepository

java.lang.Object
org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
All Implemented Interfaces:
ServerCsrfTokenRepository

public final class CookieServerCsrfTokenRepository extends Object implements ServerCsrfTokenRepository
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse() .
Since:
5.1
  • Constructor Details

    • CookieServerCsrfTokenRepository

      public CookieServerCsrfTokenRepository()
  • Method Details

    • setCookieCustomizer

      public void setCookieCustomizer(Consumer<org.springframework.http.ResponseCookie.ResponseCookieBuilder> cookieCustomizer)
      Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().
      Parameters:
      cookieCustomizer - consumer for a cookie builder
      Since:
      6.1
    • withHttpOnlyFalse

      public static CookieServerCsrfTokenRepository withHttpOnlyFalse()
      Factory method to conveniently create an instance that has creates cookies with ResponseCookie.isHttpOnly() set to false.
      Returns:
      an instance of CookieCsrfTokenRepository that creates cookies with ResponseCookie.isHttpOnly() set to false
    • generateToken

      public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Generates a CsrfToken
      Specified by:
      generateToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken that was generated. Cannot be null.
    • saveToken

      public reactor.core.publisher.Mono<Void> saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token)
      Description copied from interface: ServerCsrfTokenRepository
      Saves the CsrfToken using the ServerWebExchange. If the CsrfToken is null, it is the same as deleting it.
      Specified by:
      saveToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      token - the CsrfToken to save or null to delete
    • loadToken

      public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerCsrfTokenRepository
      Loads the expected CsrfToken from the ServerWebExchange
      Specified by:
      loadToken in interface ServerCsrfTokenRepository
      Parameters:
      exchange - the ServerWebExchange to use
      Returns:
      the CsrfToken or null if none exists
    • setCookieHttpOnly

      @Deprecated(since="6.1") public void setCookieHttpOnly(boolean cookieHttpOnly)
      Deprecated.
    • setCookieName

      public void setCookieName(String cookieName)
      Sets the cookie name
      Parameters:
      cookieName - The cookie name
    • setParameterName

      public void setParameterName(String parameterName)
      Sets the parameter name
      Parameters:
      parameterName - The parameter name
    • setHeaderName

      public void setHeaderName(String headerName)
      Sets the header name
      Parameters:
      headerName - The header name
    • setCookiePath

      public void setCookiePath(String cookiePath)
      Sets the cookie path
      Parameters:
      cookiePath - The cookie path
    • setCookieDomain

      @Deprecated(since="6.1") public void setCookieDomain(String cookieDomain)
      Deprecated.
    • setSecure

      @Deprecated(since="6.1") public void setSecure(boolean secure)
      Deprecated.
      Since:
      5.5
    • setCookieMaxAge

      @Deprecated(since="6.1") public void setCookieMaxAge(int cookieMaxAge)
      Deprecated.
      Since:
      5.8