admin管理员组

文章数量:1025217

The CsrfAuthenticationStrategy in Spring Security 5.8 is instantiated with CsrfTokenRequestAttributeHandler by default: .8.x/web/src/main/java//springframework/security/web/csrf/CsrfAuthenticationStrategy.java#L45

In Spring 6.X I see it has been changed to: .java#L44

In the project's Spring Security config, the XorCsrfTokenRequestAttributeHandler is used in the <security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher" request-handler-ref="xorCsrfTokenRequestAttributeHandler" />, however, this is not taken into account when the CsrfAuthenticationStrategy is instantiated. Is there a way to customize this behaviour?

The session-authentication-strategy-ref is already pointing to custom implementation, so using that is not an option.

The CsrfAuthenticationStrategy in Spring Security 5.8 is instantiated with CsrfTokenRequestAttributeHandler by default: .8.x/web/src/main/java//springframework/security/web/csrf/CsrfAuthenticationStrategy.java#L45

In Spring 6.X I see it has been changed to: .java#L44

In the project's Spring Security config, the XorCsrfTokenRequestAttributeHandler is used in the <security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher" request-handler-ref="xorCsrfTokenRequestAttributeHandler" />, however, this is not taken into account when the CsrfAuthenticationStrategy is instantiated. Is there a way to customize this behaviour?

The session-authentication-strategy-ref is already pointing to custom implementation, so using that is not an option.

本文标签:

版权声明:本文标题:How to Customize the Spring Security CsrfAuthenticationStrategy to use XorCsrfTokenRequestAttributeHandler in Spring Security 5. 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745615397a2159259.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。