Java Code Examples for org.springframework.security.web.csrf.CsrfToken#getToken()

The following examples show how to use org.springframework.security.web.csrf.CsrfToken#getToken() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: _CsrfCookieGeneratorFilter.java    From jhipster-ribbon-hystrix with GNU General Public License v3.0 6 votes vote down vote up 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // Spring put the CSRF token in session attribute "_csrf"
    CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

    // Send the cookie only if the token has changed
    String actualToken = request.getHeader("X-CSRF-TOKEN");
    if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
        // Session cookie that will be used by AngularJS
        String pCookieName = "CSRF-TOKEN";
        Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
        cookie.setMaxAge(-1);
        cookie.setHttpOnly(false);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    filterChain.doFilter(request, response);
}
Example 2
Source File: CsrfCookieGeneratorFilter.java    From ServiceCutter with Apache License 2.0 6 votes vote down vote up 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // Spring put the CSRF token in session attribute "_csrf"
    CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

    // Send the cookie only if the token has changed
    String actualToken = request.getHeader("X-CSRF-TOKEN");
    if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
        // Session cookie that will be used by AngularJS
        String pCookieName = "CSRF-TOKEN";
        Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
        cookie.setMaxAge(-1);
        cookie.setHttpOnly(false);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    filterChain.doFilter(request, response);
}
Example 3
Source File: CsrfCookieGeneratorFilter.java    From expper with GNU General Public License v3.0 6 votes vote down vote up 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // Spring put the CSRF token in session attribute "_csrf"
    CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

    // Send the cookie only if the token has changed
    String actualToken = request.getHeader("X-CSRF-TOKEN");
    if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
        // Session cookie that will be used by AngularJS
        String pCookieName = "CSRF-TOKEN";
        Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
        cookie.setMaxAge(-1);
        cookie.setHttpOnly(false);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    filterChain.doFilter(request, response);
}
Example 4
Source File: CsrfCookieGeneratorFilter.java    From demo-spring-security-cas with Apache License 2.0 6 votes vote down vote up 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // Spring put the CSRF token in session attribute "_csrf"
    CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

    // Send the cookie only if the token has changed
    String actualToken = request.getHeader("X-CSRF-TOKEN");
    if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
        // Session cookie that will be used by AngularJS
        String pCookieName = "CSRF-TOKEN";
        Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
        cookie.setMaxAge(-1);
        cookie.setHttpOnly(false);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    filterChain.doFilter(request, response);
}
Example 5
Source File: RelativePortalURLImpl.java    From portals-pluto with Apache License 2.0 6 votes vote down vote up 
/**
 * Constructs a PortalURLImpl instance using customized port.
 * 
 * @param urlBase
 *           the absolute (protocol://domain:port) request url base
 * @param contextPath
 *           the servlet context path.
 * @param servletName
 *           the servlet name.
 * @param urlParser
 *           the {@link PortalURLParser} used to construct a string
 *           representation of the url.
 */
public RelativePortalURLImpl(String urlBase, String contextPath,
      String servletName, PortalURLParser urlParser, HttpServletRequest req) {
   this.urlBase = urlBase;
   StringBuffer buffer = new StringBuffer();
   buffer.append(contextPath);
   buffer.append(servletName);
   servletPath = buffer.toString();
   this.urlParser = urlParser;
   this.servletRequest = req;
   this.cloneId = (++cloneCtr) + 10000;
   CsrfToken csrfToken = (CsrfToken)req.getAttribute(CsrfToken.class.getName());
   this.csrfParameterName = csrfToken.getParameterName();
   this.csrfParameterValue = csrfToken.getToken();
   if (isDebug) {
      LOG.debug("Constructed URL, clone ID: " + cloneId);
   }
}
Example 6
Source File: UnieapSecurityConfig.java    From open-capacity-platform with Apache License 2.0 5 votes vote down vote up 
private Filter csrfHeaderFilter() {
	return new OncePerRequestFilter() {
		@Override
		protected void doFilterInternal(HttpServletRequest request,
				HttpServletResponse response, FilterChain filterChain)
				throws ServletException, IOException {
			CsrfToken csrf = (CsrfToken) request
					.getAttribute(CsrfToken.class.getName());
			if (csrf != null) {
				Cookie cookie = new Cookie("XSRF-TOKEN",
						csrf.getToken());
				cookie.setPath("/");
				response.addCookie(cookie);
			}
			filterChain.doFilter(request, response);
		}
	};
}
Example 7
Source File: AuthApi.java    From springsecuritystudy with MIT License 5 votes vote down vote up 
@RequestMapping(value="csrf-token")
public JSONResponse getCsrfToken(HttpServletRequest request) {
    JSONResponse jsonResponse = new JSONResponse();
    CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
    String token = csrfToken.getToken();
    jsonResponse.addMsg("csrfToken", token);
    return jsonResponse;
}
Example 8
Source File: CookieCsrfSignedTokenRepository.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up 
@Override
public void saveToken(CsrfToken token, HttpServletRequest request,
                      HttpServletResponse response) {

    if(request.getAttribute(DEFAULT_CSRF_COOKIE_NAME) != null) {
        // Token already persisted in cookie.
        return;
    }

    if(token == null) {
        // Null token means delete it.
        response.addCookie(jwtGenerator.generateCookie(DEFAULT_CSRF_COOKIE_NAME, null, true));
        return;
    }

    String tokenValue = token.getToken();

    try {
        JWTClaimsSet claims = new JWTClaimsSet.Builder()
                .issuer(issuer)
                .issueTime(new Date())
                .claim(TOKEN_CLAIM, tokenValue)
                .build();

        JWSObject jwsObject = new JWSObject(new JWSHeader((JWSAlgorithm.HS256)), new Payload(claims.toJSONObject()));
        jwsObject.sign(signer);

        Cookie cookie = jwtGenerator.generateCookie(DEFAULT_CSRF_COOKIE_NAME, jwsObject.serialize(), true);
        response.addCookie(cookie);
        request.setAttribute(DEFAULT_CSRF_COOKIE_NAME, true);
    } catch (JOSEException ex) {
        LOGGER.error("Unable to generate CSRF token", ex);
    }
}
Example 9
Source File: CsrfTokenController.java    From mojito with Apache License 2.0 5 votes vote down vote up 
@RequestMapping(method = RequestMethod.GET, value = CSRF_TOKEN_PATH)
@ResponseStatus(HttpStatus.OK)
public String getCsrfToken(HttpServletRequest httpServletRequest) {

    CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());

    return csrfToken != null ? csrfToken.getToken() : null;
}
Example 10
Source File: CookieCsrfSignedTokenRepository.java    From gravitee-management-rest-api with Apache License 2.0 5 votes vote down vote up 
@Override
public void saveToken(CsrfToken token, HttpServletRequest request,
                      HttpServletResponse response) {

    if(request.getAttribute(DEFAULT_CSRF_COOKIE_NAME) != null) {
        // Token already persisted in cookie.
        return;
    }

    if(token == null) {
        // Null token means delete it.
        response.addCookie(cookieGenerator.generate(DEFAULT_CSRF_COOKIE_NAME, null));
        return;
    }

    String tokenValue = token.getToken();

    try {
        JWTClaimsSet claims = new JWTClaimsSet.Builder()
                .issuer(issuer)
                .issueTime(new Date())
                .claim(TOKEN_CLAIM, tokenValue)
                .build();

        JWSObject jwsObject = new JWSObject(new JWSHeader((JWSAlgorithm.HS256)), new Payload(claims.toJSONObject()));
        jwsObject.sign(signer);

        Cookie cookie = cookieGenerator.generate(DEFAULT_CSRF_COOKIE_NAME, jwsObject.serialize(), true);
        response.addCookie(cookie);
        request.setAttribute(DEFAULT_CSRF_COOKIE_NAME, true);
    } catch (JOSEException ex) {
        LOGGER.error("Unable to generate CSRF token", ex);
    }
}
Example 11
Source File: CsrfController.java    From eds-starter6-jpa with Apache License 2.0 5 votes vote down vote up 
public static String getCsrfToken(HttpServletRequest request) {
	CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
	if (token != null) {
		return token.getToken();
	}
	return null;
}
Example 12
Source File: CachedCsrfTokenRepository.java    From para with Apache License 2.0 5 votes vote down vote up 
private void storeTokenAsCookie(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
	if (isValidButNotInCookie(token, request)) {
		Cookie c = new Cookie(cookieName, token.getToken());
		c.setMaxAge(Config.SESSION_TIMEOUT_SEC);
		// don't enable HttpOnly - javascript can't access the cookie if enabled
		c.setHttpOnly(false);
		c.setSecure("https".equalsIgnoreCase(request.getScheme()));
		c.setPath("/");
		response.addCookie(c);
	}
}
Example 13
Source File: SyndesisCsrfRepository.java    From syndesis with Apache License 2.0 4 votes vote down vote up 
@Override
public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    if (csrfToken != null && csrfToken.getHeaderName() != null && csrfToken.getToken() != null) {
        httpServletResponse.setHeader(csrfToken.getHeaderName(), csrfToken.getToken());
    }
}
Example 14
Source File: SignInController.java    From karate with MIT License 4 votes vote down vote up 
@GetMapping("/token")
public String getCsrfToken(HttpServletRequest request) {
    CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
    return token.getToken();
}
Example 15
Source File: CsrfTokenController.java    From tutorials with MIT License 4 votes vote down vote up 
@GetMapping("/csrf")
public @ResponseBody
String getCsrfToken(HttpServletRequest request) {
    CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
    return csrf.getToken();
}
Example 16
Source File: CsrfTokenResponseCookieBindingFilter.java    From secure-rest-spring-tut with MIT License 3 votes vote down vote up 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
	throws ServletException, IOException {

	CsrfToken token = (CsrfToken) request.getAttribute(REQUEST_ATTRIBUTE_NAME);

	Cookie cookie = new Cookie(CSRF.RESPONSE_COOKIE_NAME, token.getToken());
	cookie.setPath("/");

	response.addCookie(cookie);

	filterChain.doFilter(request, response);
}