CsrfAutoConfiguration class final

Auto-configuration class that registers CSRF protection components in the Jetleaf application context.

This configuration automatically provides:

  1. DefaultCsrfTokenRepositoryManager - For managing CSRF token repositories
  2. CsrfFilter - For enforcing CSRF protection

Automatic Registration

When this configuration is present in the application context, CSRF protection is automatically enabled and configured based on environment properties.

Customization

Applications can override the default CSRF configuration by:

  1. Providing a custom CsrfTokenRepository implementation as a pod
  2. Configuring CSRF behavior via environment properties
  3. Disabling CSRF globally via jetleaf.web.csrf.enabled=false

Environment Properties

jetleaf.web.csrf.enabled=true
jetleaf.web.csrf.header-name=X-CSRF-TOKEN
jetleaf.web.csrf.parameter-name=_csrf

Example

@Configuration()
class WebConfiguration {
  // CsrfAutoConfiguration is automatically applied
  // No additional setup needed
}

// To customize:
@Component()
class SessionCsrfTokenRepository implements CsrfTokenRepository {
  // Custom implementation
}
Annotations
  • @AutoConfiguration.new()
  • @Role.new(DesignRole.INFRASTRUCTURE)
  • @Named.new(CsrfAutoConfiguration.NAME)

Constructors

CsrfAutoConfiguration()
Auto-configuration class that registers CSRF protection components in the Jetleaf application context.
const

Properties

hashCode int
The hash code for this object.
no setterinherited
runtimeType Type
A representation of the runtime type of the object.
no setterinherited

Methods

csrfFilter(CsrfTokenRepositoryManager manager) CsrfFilter
Provides the CsrfFilter for enforcing CSRF protection.
csrfTokenRepository() CsrfTokenRepository
Provides the default CsrfTokenRepository implementation.
csrfTokenRepositoryManager() CsrfTokenRepositoryManager
Provides the default CsrfTokenRepositoryManager implementation.
noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
toString() String
A string representation of this object.
inherited

Operators

operator ==(Object other) bool
The equality operator.
inherited

Constants

CSRF_FILTER_POD → const String
Pod name for the csrf filter
NAME → const String
Name of the config class
TOKEN_REPOSITORY_MANAGER_POD → const String
Pod name for the token repository manager
TOKEN_REPOSITORY_POD → const String
Pod name for the token repository