Package org.springframework.security.web.csrf

Class XorCsrfTokenRequestAttributeHandler

java.lang.Object

org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

All Implemented Interfaces:

CsrfTokenRequestHandler, CsrfTokenRequestResolver

public final class XorCsrfTokenRequestAttributeHandler
extends CsrfTokenRequestAttributeHandler

An implementation of the CsrfTokenRequestHandler interface that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
XorCsrfTokenRequestAttributeHandler()

Method Summary

Modifier and Type	Method	Description
void	handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Supplier<CsrfToken> deferredCsrfToken)	Handles a request using a CsrfToken.
String	resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request, CsrfToken csrfToken)	Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
void	setSecureRandom(SecureRandom secureRandom)	Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

Methods inherited from class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

setCsrfRequestAttributeName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XorCsrfTokenRequestAttributeHandler

public XorCsrfTokenRequestAttributeHandler()

Method Details

setSecureRandom

public void setSecureRandom(SecureRandom secureRandom)

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

Parameters:

secureRandom - the SecureRandom to use to generate random bytes

handle

public void handle(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 Supplier<CsrfToken> deferredCsrfToken)

Description copied from interface: CsrfTokenRequestHandler

Handles a request using a CsrfToken.

Specified by:

handle in interface CsrfTokenRequestHandler

Overrides:

handle in class CsrfTokenRequestAttributeHandler

Parameters:

request - the HttpServletRequest being handled

response - the HttpServletResponse being handled

deferredCsrfToken - the CsrfToken created by the CsrfTokenRepository

resolveCsrfTokenValue

public String resolveCsrfTokenValue(jakarta.servlet.http.HttpServletRequest request,
 CsrfToken csrfToken)

Description copied from interface: CsrfTokenRequestResolver

Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.

Parameters:

request - the HttpServletRequest being processed

csrfToken - the CsrfToken created by the CsrfTokenRepository

Returns:

the token value resolved from the request