最新消息：Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)

你的位置： HOME>matter>How to Customize the Spring Security CsrfAuthenticationStrategy to use XorCsrfTokenRequestAttributeHandler in Spring Security 5.

How to Customize the Spring Security CsrfAuthenticationStrategy to use XorCsrfTokenRequestAttributeHandler in Spring Security 5.

matteradmin2025-05-13 09:02:124PV0评论

The CsrfAuthenticationStrategy in Spring Security 5.8 is instantiated with CsrfTokenRequestAttributeHandler by default: .8.x/web/src/main/java//springframework/security/web/csrf/CsrfAuthenticationStrategy.java#L45

In Spring 6.X I see it has been changed to: .java#L44

In the project's Spring Security config, the XorCsrfTokenRequestAttributeHandler is used in the <security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher" request-handler-ref="xorCsrfTokenRequestAttributeHandler" />, however, this is not taken into account when the CsrfAuthenticationStrategy is instantiated. Is there a way to customize this behaviour?

The session-authentication-strategy-ref is already pointing to custom implementation, so using that is not an option.

Articles related to this article

comment list (0)

No comments so far

Programmer puzzle solving

Articles related to this article

comment list (0)