Example 41 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project gravitee-access-management by gravitee-io.
the class CookieCsrfSignedTokenRepository method loadToken.
@Override
public CsrfToken loadToken(HttpServletRequest request) {
Cookie cookie = WebUtils.getCookie(request, DEFAULT_CSRF_COOKIE_NAME);
if (cookie == null) {
return null;
}
String cookieValue = cookie.getValue();
if (!StringUtils.hasLength(cookieValue)) {
return null;
}
try {
JWT jwt = jwtParser.parse(cookieValue);
String token = jwt.get(TOKEN_CLAIM).toString();
if (!StringUtils.hasLength(token)) {
return null;
}
return new DefaultCsrfToken(DEFAULT_CSRF_HEADER_NAME, DEFAULT_CSRF_PARAMETER_NAME, token);
} catch (Exception ex) {
LOGGER.error("Unable to verify CSRF token", ex);
}
return null;
}
Also used :
Cookie(javax.servlet.http.Cookie)
JWT(io.gravitee.am.common.jwt.JWT)
SecureRandomString(io.gravitee.am.common.utils.SecureRandomString)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Example 42 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project gravitee-access-management by gravitee-io.
the class CookieCsrfSignedTokenRepository method generateToken.
@Override
public CsrfToken generateToken(HttpServletRequest request) {
CsrfToken csrfToken = loadToken(request);
if (csrfToken != null) {
return csrfToken;
}
UUID token = UUID.randomUUID();
return new DefaultCsrfToken(DEFAULT_CSRF_HEADER_NAME, DEFAULT_CSRF_PARAMETER_NAME, token.toString());
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
UUID(java.util.UUID)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Aggregations
DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)42
Test (org.junit.jupiter.api.Test)21
CsrfToken (org.springframework.security.web.csrf.CsrfToken)21
BeforeEach (org.junit.jupiter.api.BeforeEach)6
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5
Cookie (javax.servlet.http.Cookie)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5
HashMap (java.util.HashMap)4
Test (org.junit.Test)4
UUID (java.util.UUID)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
MockHttpSession (org.springframework.mock.web.MockHttpSession)3
MvcResult (org.springframework.test.web.servlet.MvcResult)3
ModelAndView (org.springframework.web.servlet.ModelAndView)3
ParseException (java.text.ParseException)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
