本文整理汇总了Java中org.springframework.security.web.csrf.CsrfToken类的典型用法代码示例。如果您正苦于以下问题:Java CsrfToken类的具体用法?Java CsrfToken怎么用?Java CsrfToken使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CsrfToken类属于org.springframework.security.web.csrf包,在下文中一共展示了CsrfToken类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doFilterInternal
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
示例2: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
示例3: doFilterInternal
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException
{
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
示例4: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
示例5: postHandle
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object handler, ModelAndView modelAndView) throws Exception {
// A veces "modelAndView" es null cuando no encuentra la pagina
if (modelAndView != null) {
// CSRF
CsrfToken token = (CsrfToken) request.getAttribute("_csrf");
modelAndView.addObject("_csrf", token);
// User role
if (sessionService.getUsuarioActual() != null) {
modelAndView.addObject("isAdmin", sessionService.usuarioActualHasRole("ROLE_ADMIN"));
}
}
}
示例6: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request
.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = new Cookie("XSRF-TOKEN",
csrf.getToken());
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
};
}
示例7: getCsrfToken
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
/**
* Retrieves the CSRF token from the server session.
*
* @param request {@link HttpServletRequest} to retrieve the current session from
* @param response {@link HttpServletResponse} to send additional information
* @return the Spring Security {@link CsrfToken}
*/
@Produces(MediaType.APPLICATION_JSON)
@GET
@Path("/csrftoken/")
@PermitAll
public CsrfToken getCsrfToken(@Context HttpServletRequest request, @Context HttpServletResponse response) {
// return (CsrfToken) request.getSession().getAttribute(
// HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"));
CsrfToken token = this.csrfTokenRepository.loadToken(request);
if (token == null) {
LOG.warn("No CsrfToken could be found - instanciating a new Token");
token = this.csrfTokenRepository.generateToken(request);
this.csrfTokenRepository.saveToken(token, request, response);
}
return token;
}
示例8: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter()
{
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException
{
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
示例9: doFilterInternal
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
if (ignoredMatcher.matches(request)) {
filterChain.doFilter(request, response);
return;
}
final CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, ANGULAR_CSRF_DEFAULT_COOKIE_NAME);
if (cookie == null || csrf.getToken() != null && !csrf.getToken().equals(cookie.getValue())) {
cookie = new Cookie(ANGULAR_CSRF_DEFAULT_COOKIE_NAME, csrf.getToken());
cookie.setMaxAge(-1);
cookie.setPath(getCookiePath(request));
cookie.setSecure(request.isSecure());
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
示例10: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
示例11: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null
&& !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
示例12: doFilterInternal
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie==null || token!=null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
示例13: doFilterInternal
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Spring put the CSRF token in session attribute "_csrf"
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
// Send the cookie only if the token has changed
String actualToken = request.getHeader("X-CSRF-TOKEN");
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
// Session cookie that will be used by AngularJS
String pCookieName = "CSRF-TOKEN";
Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
cookie.setMaxAge(-1);
cookie.setHttpOnly(false);
cookie.setPath("/");
response.addCookie(cookie);
}
response.addHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "86400"); // 24 Hours
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, x-auth-token");
filterChain.doFilter(request, response);
}
示例14: testSaveAndLoadToken
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
@Test
public void testSaveAndLoadToken() throws Exception {
CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository();
String csrfCookieName = "csrfCookie";
csrfTokenRepository.setCsrfCookieName(csrfCookieName);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
CsrfToken token = csrfTokenRepository.generateToken(request);
csrfTokenRepository.saveToken(token, request, response);
Cookie cookie = response.getCookie(csrfCookieName);
assertNotNull(cookie);
assertEquals(token.getToken(), cookie.getValue());
assertEquals(true, cookie.isHttpOnly());
request.setCookies(cookie);
CsrfToken saved = csrfTokenRepository.loadToken(request);
assertEquals(token.getToken(), saved.getToken());
assertEquals(token.getHeaderName(), saved.getHeaderName());
assertEquals(token.getParameterName(), saved.getParameterName());
}
示例15: csrfHeaderFilter
import org.springframework.security.web.csrf.CsrfToken; //导入依赖的package包/类
private Filter csrfHeaderFilter()
{
return new OncePerRequestFilter()
{
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException
{
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if(csrf != null)
{
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if(cookie == null || token != null && !token.equals(cookie.getValue()))
{
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}