How to implement csrf per request in spring security 3.2.Currently it is handled per session .This is a must requirement
Please post the changes that needs to be performed.
in securitycontext.xml
<http>
<csrf />
</http>
is given and application is working with token per session
You can change the default implementation of CsrfTokenRepository by providing your own implementation of this interface and configure it like:
<http>
<csrf token-repository-ref="myRequestCsrfTokenRepository"/>
</http>
<b:bean id="myRequestCsrfTokenRepository"
class="com.company.security.RequestCsrfTokenRepository"/>
But... although you wrote that this is a must requirement, you should really rethink it again. I would even advice to try convincing the other end that this change could bring more security to the app users but can also bring a lot of inconveniences, sometimes strange behaviors and in general decrease the usability and user experience. E.g. see Different csrf token per request in Spring security