Java Code Examples for org.springframework.security.web.csrf.CsrfToken#getToken()
The following examples show how to use
org.springframework.security.web.csrf.CsrfToken#getToken() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: _CsrfCookieGeneratorFilter.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
Example 2
| Source File: CsrfCookieGeneratorFilter.java From ServiceCutter with Apache License 2.0 | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
Example 3
| Source File: CsrfCookieGeneratorFilter.java From expper with GNU General Public License v3.0 | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
Example 4
| Source File: CsrfCookieGeneratorFilter.java From demo-spring-security-cas with Apache License 2.0 | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
Example 5
| Source File: RelativePortalURLImpl.java From portals-pluto with Apache License 2.0 | 6 votes |
|
/**
* Constructs a PortalURLImpl instance using customized port.
*
* @param urlBase
* the absolute (protocol://domain:port) request url base
* @param contextPath
* the servlet context path.
* @param servletName
* the servlet name.
* @param urlParser
* the {@link PortalURLParser} used to construct a string
* representation of the url.
*/
public RelativePortalURLImpl(String urlBase, String contextPath,
String servletName, PortalURLParser urlParser, HttpServletRequest req) {
this.urlBase = urlBase;
StringBuffer buffer = new StringBuffer();
buffer.append(contextPath);
buffer.append(servletName);
servletPath = buffer.toString();
this.urlParser = urlParser;
this.servletRequest = req;
this.cloneId = (++cloneCtr) + 10000;
CsrfToken csrfToken = (CsrfToken)req.getAttribute(CsrfToken.class.getName());
this.csrfParameterName = csrfToken.getParameterName();
this.csrfParameterValue = csrfToken.getToken();
if (isDebug) {
LOG.debug("Constructed URL, clone ID: " + cloneId);
}
}
Example 6
| Source File: UnieapSecurityConfig.java From open-capacity-platform with Apache License 2.0 | 5 votes |
|
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request
.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = new Cookie("XSRF-TOKEN",
csrf.getToken());
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
};
}
Example 7
| Source File: AuthApi.java From springsecuritystudy with MIT License | 5 votes |
|
@RequestMapping(value="csrf-token")
public JSONResponse getCsrfToken(HttpServletRequest request) {
JSONResponse jsonResponse = new JSONResponse();
CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
String token = csrfToken.getToken();
jsonResponse.addMsg("csrfToken", token);
return jsonResponse;
}
Example 8
| Source File: CookieCsrfSignedTokenRepository.java From graviteeio-access-management with Apache License 2.0 | 5 votes |
|
@Override
public void saveToken(CsrfToken token, HttpServletRequest request,
HttpServletResponse response) {
if(request.getAttribute(DEFAULT_CSRF_COOKIE_NAME) != null) {
// Token already persisted in cookie.
return;
}
if(token == null) {
// Null token means delete it.
response.addCookie(jwtGenerator.generateCookie(DEFAULT_CSRF_COOKIE_NAME, null, true));
return;
}
String tokenValue = token.getToken();
try {
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.issuer(issuer)
.issueTime(new Date())
.claim(TOKEN_CLAIM, tokenValue)
.build();
JWSObject jwsObject = new JWSObject(new JWSHeader((JWSAlgorithm.HS256)), new Payload(claims.toJSONObject()));
jwsObject.sign(signer);
Cookie cookie = jwtGenerator.generateCookie(DEFAULT_CSRF_COOKIE_NAME, jwsObject.serialize(), true);
response.addCookie(cookie);
request.setAttribute(DEFAULT_CSRF_COOKIE_NAME, true);
} catch (JOSEException ex) {
LOGGER.error("Unable to generate CSRF token", ex);
}
}
Example 9
| Source File: CsrfTokenController.java From mojito with Apache License 2.0 | 5 votes |
|
@RequestMapping(method = RequestMethod.GET, value = CSRF_TOKEN_PATH)
@ResponseStatus(HttpStatus.OK)
public String getCsrfToken(HttpServletRequest httpServletRequest) {
CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
return csrfToken != null ? csrfToken.getToken() : null;
}
Example 10
| Source File: CookieCsrfSignedTokenRepository.java From gravitee-management-rest-api with Apache License 2.0 | 5 votes |
|
@Override
public void saveToken(CsrfToken token, HttpServletRequest request,
HttpServletResponse response) {
if(request.getAttribute(DEFAULT_CSRF_COOKIE_NAME) != null) {
// Token already persisted in cookie.
return;
}
if(token == null) {
// Null token means delete it.
response.addCookie(cookieGenerator.generate(DEFAULT_CSRF_COOKIE_NAME, null));
return;
}
String tokenValue = token.getToken();
try {
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.issuer(issuer)
.issueTime(new Date())
.claim(TOKEN_CLAIM, tokenValue)
.build();
JWSObject jwsObject = new JWSObject(new JWSHeader((JWSAlgorithm.HS256)), new Payload(claims.toJSONObject()));
jwsObject.sign(signer);
Cookie cookie = cookieGenerator.generate(DEFAULT_CSRF_COOKIE_NAME, jwsObject.serialize(), true);
response.addCookie(cookie);
request.setAttribute(DEFAULT_CSRF_COOKIE_NAME, true);
} catch (JOSEException ex) {
LOGGER.error("Unable to generate CSRF token", ex);
}
}
Example 11
| Source File: CsrfController.java From eds-starter6-jpa with Apache License 2.0 | 5 votes |
|
public static String getCsrfToken(HttpServletRequest request) {
CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (token != null) {
return token.getToken();
}
return null;
}
Example 12
| Source File: CachedCsrfTokenRepository.java From para with Apache License 2.0 | 5 votes |
|
private void storeTokenAsCookie(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
if (isValidButNotInCookie(token, request)) {
Cookie c = new Cookie(cookieName, token.getToken());
c.setMaxAge(Config.SESSION_TIMEOUT_SEC);
// don't enable HttpOnly - javascript can't access the cookie if enabled
c.setHttpOnly(false);
c.setSecure("https".equalsIgnoreCase(request.getScheme()));
c.setPath("/");
response.addCookie(c);
}
}
Example 13
| Source File: SyndesisCsrfRepository.java From syndesis with Apache License 2.0 | 4 votes |
|
@Override
public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
if (csrfToken != null && csrfToken.getHeaderName() != null && csrfToken.getToken() != null) {
httpServletResponse.setHeader(csrfToken.getHeaderName(), csrfToken.getToken());
}
}
Example 14
| Source File: SignInController.java From karate with MIT License | 4 votes |
|
@GetMapping("/token")
public String getCsrfToken(HttpServletRequest request) {
CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
return token.getToken();
}
Example 15
| Source File: CsrfTokenController.java From tutorials with MIT License | 4 votes |
|
@GetMapping("/csrf")
public @ResponseBody
String getCsrfToken(HttpServletRequest request) {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
return csrf.getToken();
}
Example 16
| Source File: CsrfTokenResponseCookieBindingFilter.java From secure-rest-spring-tut with MIT License | 3 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken token = (CsrfToken) request.getAttribute(REQUEST_ATTRIBUTE_NAME);
Cookie cookie = new Cookie(CSRF.RESPONSE_COOKIE_NAME, token.getToken());
cookie.setPath("/");
response.addCookie(cookie);
filterChain.doFilter(request, response);
}
