org.springframework.security.web.csrf.CsrfTokenRepository Java Examples

The following examples show how to use org.springframework.security.web.csrf.CsrfTokenRepository. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfig.java    From alf.io with GNU General Public License v3.0 6 votes vote down vote up
public OpenIdFormBasedWebSecurity(Environment environment,
                                  UserManager userManager,
                                  RecaptchaService recaptchaService,
                                  ConfigurationManager configurationManager,
                                  CsrfTokenRepository csrfTokenRepository,
                                  DataSource dataSource,
                                  PasswordEncoder passwordEncoder,
                                  OpenIdAuthenticationManager openIdAuthenticationManager,
                                  UserRepository userRepository,
                                  AuthorityRepository authorityRepository,
                                  UserOrganizationRepository userOrganizationRepository,
                                  OrganizationRepository organizationRepository) {
    super(environment, userManager, recaptchaService, configurationManager, csrfTokenRepository,
        dataSource, passwordEncoder, openIdAuthenticationManager, userRepository, authorityRepository,
        userOrganizationRepository, organizationRepository);
}
 
Example #2
Source File: AuthenticationHandler.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
@Autowired
AuthenticationHandler(HttpPathManager httpPathManager, CsrfTokenRepository csrfTokenRepository, AlertProperties alertProperties, AuthorizationUtility authorizationUtility,
    FilePersistenceUtil filePersistenceUtil, UserManagementAuthoritiesPopulator authoritiesPopulator,
    ConfigurationAccessor configurationAccessor, AuthenticationDescriptorKey authenticationDescriptorKey, AuthenticationEventManager authenticationEventManager) {
    this.httpPathManager = httpPathManager;
    this.csrfTokenRepository = csrfTokenRepository;
    this.alertProperties = alertProperties;
    this.authorizationUtility = authorizationUtility;
    this.filePersistenceUtil = filePersistenceUtil;
    this.authoritiesPopulator = authoritiesPopulator;
    this.configurationAccessor = configurationAccessor;
    this.authenticationDescriptorKey = authenticationDescriptorKey;
    this.authenticationEventManager = authenticationEventManager;
}
 
Example #3
Source File: AuthenticationController.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
@Autowired
public AuthenticationController(final LoginActions loginActions, final PasswordResetService passwordResetService, final ResponseFactory responseFactory, final CsrfTokenRepository csrfTokenRepository) {
    this.loginActions = loginActions;
    this.passwordResetService = passwordResetService;
    this.responseFactory = responseFactory;
    this.csrfTokenRepository = csrfTokenRepository;
}
 
Example #4
Source File: WebSecurityConfig.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
@Bean
public CsrfTokenRepository getCsrfTokenRepository() {
    HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
    repository.setSessionAttributeName(CSRF_SESSION_ATTRIBUTE);
    repository.setParameterName(CSRF_PARAM_NAME);
    return repository;
}
 
Example #5
Source File: WebSecurityConfig.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
public FormBasedWebSecurity(Environment environment,
                            UserManager userManager,
                            RecaptchaService recaptchaService,
                            ConfigurationManager configurationManager,
                            CsrfTokenRepository csrfTokenRepository,
                            DataSource dataSource,
                            PasswordEncoder passwordEncoder,
                            UserRepository userRepository,
                            AuthorityRepository authorityRepository,
                            UserOrganizationRepository userOrganizationRepository,
                            OrganizationRepository organizationRepository) {
    super(environment, userManager, recaptchaService, configurationManager,
        csrfTokenRepository, dataSource, passwordEncoder, null,
        userRepository, authorityRepository, userOrganizationRepository, organizationRepository);
}
 
Example #6
Source File: UnieapSecurityConfig.java    From open-capacity-platform with Apache License 2.0 4 votes vote down vote up
private CsrfTokenRepository csrfTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName("X-XSRF-TOKEN");
	return repository;
}
 
Example #7
Source File: AuthenticationUtils.java    From Insights with Apache License 2.0 4 votes vote down vote up
public CsrfTokenRepository csrfTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName(AuthenticationUtils.CSRF_COOKIE_NAME);
	return repository;
}
 
Example #8
Source File: SecurityRestServiceImpl.java    From jump-the-queue with Apache License 2.0 4 votes vote down vote up
/**
 * @param csrfTokenRepository the csrfTokenRepository to set
 */
@Inject
public void setCsrfTokenRepository(CsrfTokenRepository csrfTokenRepository) {

  this.csrfTokenRepository = csrfTokenRepository;
}
 
Example #9
Source File: WebSecurityBeansConfig.java    From jump-the-queue with Apache License 2.0 4 votes vote down vote up
/**
 * This method provides a new instance of {@code CsrfTokenRepository}
 *
 * @return the newly created {@code CsrfTokenRepository}
 */
@Bean
public CsrfTokenRepository csrfTokenRepository() {

  return new HttpSessionCsrfTokenRepository();
}
 
Example #10
Source File: PlatformSecurityConfiguration.java    From abixen-platform with GNU Lesser General Public License v2.1 4 votes vote down vote up
private CsrfTokenRepository csrfTokenRepository() {
    HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
    repository.setHeaderName("X-XSRF-TOKEN");
    return repository;
}
 
Example #11
Source File: SsoUiApplication.java    From building-microservices with Apache License 2.0 4 votes vote down vote up
private CsrfTokenRepository csrfTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName("X-XSRF-TOKEN");
	return repository;
}
 
Example #12
Source File: PolymerDemoSpringSessionConfig.java    From spring-polymer-demo with Artistic License 2.0 4 votes vote down vote up
private CsrfTokenRepository csrfTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName("X-XSRF-TOKEN");
	return repository;
}
 
Example #13
Source File: PolymerDemoOAuthConfig.java    From spring-polymer-demo with Artistic License 2.0 4 votes vote down vote up
private CsrfTokenRepository csrfTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName("X-XSRF-TOKEN");
	return repository;
}
 
Example #14
Source File: CSRFConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Bean
@ConditionalOnMissingBean
public CsrfTokenRepository jwtCsrfTokenRepository() {
    return new JWTCsrfTokenRepository(secretService.getHS256SecretBytes());
}
 
Example #15
Source File: OAuthConfiguration.java    From moserp with Apache License 2.0 2 votes vote down vote up
/**
 * Angular sends the CSRF token in a custom header named "X-XSRF-TOKEN"
 * rather than the default "X-CSRF-TOKEN" that Spring security expects.
 * Hence we are now telling Spring security to expect the token in the
 * "X-XSRF-TOKEN" header.<br><br>
 *
 * This customization is added to the <code>csrf()</code> filter.
 *
 * @return
 */
private CsrfTokenRepository getCSRFTokenRepository() {
    HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
    repository.setHeaderName(CSRF_ANGULAR_HEADER_NAME);
    return repository;
}
 
Example #16
Source File: OAuthConfiguration.java    From spring-boot-microservices with Apache License 2.0 2 votes vote down vote up
/**
 * Angular sends the CSRF token in a custom header named "X-XSRF-TOKEN"
 * rather than the default "X-CSRF-TOKEN" that Spring security expects.
 * Hence we are now telling Spring security to expect the token in the
 * "X-XSRF-TOKEN" header.<br><br>
 * 
 * This customization is added to the <code>csrf()</code> filter.
 * 
 * @return
 */
private CsrfTokenRepository getCSRFTokenRepository() {
	HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
	repository.setHeaderName(CSRF_ANGULAR_HEADER_NAME);
	return repository;
}