Enum Class SpringAddonsSecurityProperties.Csrf
java.lang.Object
java.lang.Enum<SpringAddonsSecurityProperties.Csrf>
com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Csrf
- All Implemented Interfaces:
Serializable,Comparable<SpringAddonsSecurityProperties.Csrf>,Constable
- Enclosing class:
- SpringAddonsSecurityProperties
public static enum SpringAddonsSecurityProperties.Csrf
extends Enum<SpringAddonsSecurityProperties.Csrf>
- DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
- DISABLE disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client!
- SESSION stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS application (written with Angular, React, Vue, etc.)
- COOKIE_HTTP_ONLY stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)
- COOKIE_ACCESSIBLE_FROM_JS stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps
- Author:
- ch4mp
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>> -
Enum Constant Summary
Enum ConstantsEnum ConstantDescriptionStores CSRF in a XSRF-TOKEN cookie that is readable by JS apps.Stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)Disables CSRF protection.Stores CSRF token in servlet session or reactive web-session. -
Method Summary
Modifier and TypeMethodDescriptionReturns the enum constant of this class with the specified name.static SpringAddonsSecurityProperties.Csrf[]values()Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
DEFAULT
Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client) -
DISABLE
Disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client! -
SESSION
Stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS application (written with Angular, React, Vue, etc.) -
COOKIE_HTTP_ONLY
Stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps) -
COOKIE_ACCESSIBLE_FROM_JS
Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps. To be used when sessions are enabled and queries are issued with Angular, React, Vue, etc.
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException- if this enum class has no constant with the specified nameNullPointerException- if the argument is null
-