Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Expose Default Reactive CsrfProtectionMatcher 

Make so that users can augment the default protection logic with
their own.

Fixes: gh-5725
This commit is contained in:
Josh Cummings 2018-08-22 13:02:02 -06:00
parent 4ddaac3b8e
commit 416a276436
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
View File

@ -16,6 +16,12 @@
package org.springframework.security.web.server.csrf;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import reactor.core.publisher.Mono;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
@ -25,11 +31,6 @@ import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
/**
* <p>
@ -57,7 +58,9 @@ import java.util.Set;
* @since 5.0
*/
public class CsrfWebFilter implements WebFilter {
private ServerWebExchangeMatcher requireCsrfProtectionMatcher = new DefaultRequireCsrfProtectionMatcher();
public static final ServerWebExchangeMatcher DEFAULT_CSRF_MATCHER = new DefaultRequireCsrfProtectionMatcher();
private ServerWebExchangeMatcher requireCsrfProtectionMatcher = DEFAULT_CSRF_MATCHER;
private ServerCsrfTokenRepository csrfTokenRepository = new WebSessionServerCsrfTokenRepository();