Search in sources :

Example 1 with CsrfLogoutHandler

use of org.springframework.security.web.csrf.CsrfLogoutHandler in project spring-security by spring-projects.

the class CsrfConfigurer method configure.

@SuppressWarnings("unchecked")
@Override
public void configure(H http) throws Exception {
    CsrfFilter filter = new CsrfFilter(this.csrfTokenRepository);
    RequestMatcher requireCsrfProtectionMatcher = getRequireCsrfProtectionMatcher();
    if (requireCsrfProtectionMatcher != null) {
        filter.setRequireCsrfProtectionMatcher(requireCsrfProtectionMatcher);
    }
    AccessDeniedHandler accessDeniedHandler = createAccessDeniedHandler(http);
    if (accessDeniedHandler != null) {
        filter.setAccessDeniedHandler(accessDeniedHandler);
    }
    LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
    if (logoutConfigurer != null) {
        logoutConfigurer.addLogoutHandler(new CsrfLogoutHandler(this.csrfTokenRepository));
    }
    SessionManagementConfigurer<H> sessionConfigurer = http.getConfigurer(SessionManagementConfigurer.class);
    if (sessionConfigurer != null) {
        sessionConfigurer.addSessionAuthenticationStrategy(new CsrfAuthenticationStrategy(this.csrfTokenRepository));
    }
    filter = postProcess(filter);
    http.addFilter(filter);
}
Also used : AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) AccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) CsrfLogoutHandler(org.springframework.security.web.csrf.CsrfLogoutHandler) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) CsrfAuthenticationStrategy(org.springframework.security.web.csrf.CsrfAuthenticationStrategy)

Aggregations

AccessDeniedHandler (org.springframework.security.web.access.AccessDeniedHandler)1 DelegatingAccessDeniedHandler (org.springframework.security.web.access.DelegatingAccessDeniedHandler)1 CsrfAuthenticationStrategy (org.springframework.security.web.csrf.CsrfAuthenticationStrategy)1 CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)1 CsrfLogoutHandler (org.springframework.security.web.csrf.CsrfLogoutHandler)1 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)1 InvalidSessionAccessDeniedHandler (org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)1 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)1 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)1 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)1 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)1