Package com.c4_soft.springaddons.security.oidc.starter.properties

Enum Class Csrf

java.lang.Object

java.lang.Enum<Csrf>

com.c4_soft.springaddons.security.oidc.starter.properties.Csrf

All Implemented Interfaces:

Serializable, Comparable<Csrf>, Constable

public enum Csrf
extends Enum<Csrf>

• DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
• DISABLE disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client!
• SESSION stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS application (written with Angular, React, Vue, etc.)
• COOKIE_HTTP_ONLY stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)
• COOKIE_ACCESSIBLE_FROM_JS stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps

Author:

ch4mp

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum.EnumDesc<E extends Enum<E>>

Enum Constant Summary

Enum Constants

Enum Constant	Description
COOKIE_ACCESSIBLE_FROM_JS	Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps.
DEFAULT	Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
DISABLE	Disables CSRF protection.
SESSION	Stores CSRF token in servlet session or reactive web-session.

Method Summary

Modifier and Type	Method	Description
static Csrf	valueOf(String name)	Returns the enum constant of this class with the specified name.
static Csrf[]	values()	Returns an array containing the constants of this enum class, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Details

DEFAULT

public static final Csrf DEFAULT

Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)

DISABLE

public static final Csrf DISABLE

Disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client!

SESSION

public static final Csrf SESSION

Stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS application (written with Angular, React, Vue, etc.)

COOKIE_ACCESSIBLE_FROM_JS

public static final Csrf COOKIE_ACCESSIBLE_FROM_JS

Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps. To be used when sessions are enabled and queries are issued with Angular, React, Vue, etc.

Method Details

values

public static Csrf[] values()

Returns an array containing the constants of this enum class, in the order they are declared.

Returns:

an array containing the constants of this enum class, in the order they are declared

valueOf

public static Csrf valueOf(String name)

Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum class has no constant with the specified name

NullPointerException - if the argument is null