java - Renaming Spring csrf token variable -


my application runs under portal application. both implemented in spring , both use csrf security.

my need change how csrf token named in session, both tokens can work without conflicts. tried far creating token repository , trying change parameter name , session attribute name in security config class.

final httpsessioncsrftokenrepository tokenrepository = new httpsessioncsrftokenrepository(); tokenrepository.setheadername("toolbiz-csrf-token"); tokenrepository.setparametername("toolbiz_csfr"); //tokenrepository.setsessionattributename("toolbiz_csrf");

when make request spring doesn't new setup much, , log produces following line:

invalid csrf token found

what should more? missing something?

this worked me:-

@configuration @order(securityproperties.access_override_order) public class optosoftwebfrontsecurity extends websecurityconfigureradapter {  @override protected void configure(httpsecurity http) throws exception {     http.authorizerequests().antmatchers("/assets/**").permitall()             .anyrequest().authenticated().and().formlogin().and()             .httpbasic().disable()             .addfilterafter(new csrfheaderfilter(), csrffilter.class)             .csrf().csrftokenrepository(csrftokenrepository()); }  private csrftokenrepository csrftokenrepository() {     httpsessioncsrftokenrepository repository = new httpsessioncsrftokenrepository();     repository.setheadername("x-xsrf-token");     repository.setparametername("_csrf");     return repository; }  }

and filter:-

public class csrfheaderfilter extends onceperrequestfilter {     @override     protected void dofilterinternal(httpservletrequest request,             httpservletresponse response, filterchain filterchain)             throws servletexception, ioexception {         csrftoken csrf = (csrftoken) request.getattribute(csrftoken.class                 .getname());         if (csrf != null) {             cookie cookie = webutils.getcookie(request, "xsrf-token");             string token = csrf.gettoken();             if (cookie == null || token != null                     && !token.equals(cookie.getvalue())) {                 cookie = new cookie("xsrf-token", token);                 cookie.setpath("/");                 response.addcookie(cookie);             }         }         filterchain.dofilter(request, response);     } }

did override websecurityconfigureradapter#configure method?


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more