Class XorServerCsrfTokenRequestAttributeHandler
- java.lang.Object
-
- org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
-
- org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
-
- All Implemented Interfaces:
ServerCsrfTokenRequestHandler
,ServerCsrfTokenRequestResolver
public final class XorServerCsrfTokenRequestAttributeHandler extends ServerCsrfTokenRequestAttributeHandler
An implementation of theServerCsrfTokenRequestAttributeHandler
andServerCsrfTokenRequestResolver
interfaces that is capable of masking the value of theCsrfToken
on each request and resolving the raw token value from the masked value as either a form data value or header of the request.- Since:
- 5.8
-
-
Constructor Summary
Constructors Constructor Description XorServerCsrfTokenRequestAttributeHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken)
Handles a request using aCsrfToken
.reactor.core.publisher.Mono<java.lang.String>
resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken)
Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.void
setSecureRandom(java.security.SecureRandom secureRandom)
Specifies theSecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request.-
Methods inherited from class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
setTokenFromMultipartDataEnabled
-
-
-
-
Method Detail
-
setSecureRandom
public void setSecureRandom(java.security.SecureRandom secureRandom)
Specifies theSecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request.- Parameters:
secureRandom
- theSecureRandom
to use to generate random bytes
-
handle
public void handle(org.springframework.web.server.ServerWebExchange exchange, reactor.core.publisher.Mono<CsrfToken> csrfToken)
Description copied from interface:ServerCsrfTokenRequestHandler
Handles a request using aCsrfToken
.- Specified by:
handle
in interfaceServerCsrfTokenRequestHandler
- Overrides:
handle
in classServerCsrfTokenRequestAttributeHandler
- Parameters:
exchange
- theServerWebExchange
with the request being handledcsrfToken
- theMono<CsrfToken>
created by theServerCsrfTokenRepository
-
resolveCsrfTokenValue
public reactor.core.publisher.Mono<java.lang.String> resolveCsrfTokenValue(org.springframework.web.server.ServerWebExchange exchange, CsrfToken csrfToken)
Description copied from interface:ServerCsrfTokenRequestResolver
Returns the token value resolved from the providedServerWebExchange
andCsrfToken
orMono.empty()
if not available.- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestHandler
- Specified by:
resolveCsrfTokenValue
in interfaceServerCsrfTokenRequestResolver
- Overrides:
resolveCsrfTokenValue
in classServerCsrfTokenRequestAttributeHandler
- Parameters:
exchange
- theServerWebExchange
with the request being processedcsrfToken
- theCsrfToken
created by theServerCsrfTokenRepository
- Returns:
- the token value resolved from the request
-
-