List of usage examples for org.springframework.security.web.csrf CsrfToken getToken
String getToken();
From source file:com.marklogic.samplestack.web.SessionController.java
/** * Exposes endpoint that returns CSRF token information and a session for use in login. * @param request The Http Request./*from w w w. j a v a2 s . com*/ * @param response The Http response. * @return A JsonNode with bare-bones acknowledgement. */ @RequestMapping(value = "session", method = RequestMethod.GET) public @ResponseBody JsonNode hello(HttpServletRequest request, HttpServletResponse response) { CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf"); String headerName = csrfToken.getHeaderName(); String token = csrfToken.getToken(); HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response); responseWrapper.addHeader(headerName, token); return errors.makeJsonResponse(200, "New Session"); }
From source file:br.com.edo.atmlist.config.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);// w w w .ja v a 2 s .c om } } filterChain.doFilter(request, response); }
From source file:com.aplikasi.penjualan.config.CsrfAttributeToCookieFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);/*from ww w . j ava 2 s . co m*/ } } filterChain.doFilter(request, response); }
From source file:co.edu.utb.softeng.springtodos.config.security.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);// w ww.j a v a2 s . c om } } filterChain.doFilter(request, response); }
From source file:com.arya.latihan.config.SecurityConfiguration.java
/** * Method untuk menyimpan CSRF TOKEN di cookie browser. * Token disimpan dengan nama XSRF-TOKEN karena AngularJS mengenal CSRF sebagai XSRF * @return Filter/*w ww . j a va 2 s . c o m*/ */ private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrfToken != null) { String token = csrfToken.getToken(); Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");// angular js menamai CSRF dengan XSRF if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); } }; }
From source file:com.ar.dev.tierra.api.config.CsrfHeaderFilter.java
/** * Metodo para agregar cookie contra CRSF * @param request//from w w w . j av a 2 s. com * @param response * @param filterChain * @throws ServletException * @throws IOException */ @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); }
From source file:io.interface21.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { // Angular is capable to handle CSRF protection and expected a token with name XSRF-TOKEN cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);// w w w. j a v a 2s .c o m } } filterChain.doFilter(request, response); }
From source file:pl.szcze.userserviceproject.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrfToken != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrfToken.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);// www . ja va 2 s .c o m } } filterChain.doFilter(request, response); }
From source file:au.gov.dto.dibp.appointments.security.csrf.CookieBasedCsrfTokenRepositoryTest.java
@Test public void testSaveAndLoadToken() throws Exception { CookieBasedCsrfTokenRepository repo = new CookieBasedCsrfTokenRepository(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); CsrfToken token = repo.generateToken(request); repo.saveToken(token, request, response); Cookie cookie = response.getCookie(token.getParameterName()); assertNotNull(cookie);//www . j a va 2 s . c om assertEquals(token.getToken(), cookie.getValue()); assertEquals(true, cookie.isHttpOnly()); request.setCookies(cookie); CsrfToken saved = repo.loadToken(request); assertEquals(token.getToken(), saved.getToken()); assertEquals(token.getHeaderName(), saved.getHeaderName()); assertEquals(token.getParameterName(), saved.getParameterName()); }
From source file:com.tamnd.app.filters.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);/*from w w w .j a v a 2s . c o m*/ } } filterChain.doFilter(request, response); // CsrfToken token = (CsrfToken) request.getAttribute(REQUEST_ATTRIBUTE_NAME); // if (token != null) { // response.setHeader(RESPONSE_HEADER_NAME, token.getHeaderName()); // response.setHeader(RESPONSE_PARAM_NAME, token.getParameterName()); // response.setHeader(RESPONSE_TOKEN_NAME , token.getToken()); // } // filterChain.doFilter(request, response); }