@Bean public CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName("X-XSRF-TOKEN"); return repository; }
@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .antMatchers("/", "/health", "/login**", "/webjars/**").permitAll() .anyRequest().authenticated() .and().logout().logoutSuccessUrl("/").permitAll() .and().csrf().csrfTokenRepository(new HttpSessionCsrfTokenRepository()); }
/** * define csrf header entry. * * @return csrf header entry */ @Bean public CsrfTokenRepository csrfTokenRepository() { final HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName(ResourcePaths.XSRF_HEADER); return repository; }
@Override protected void configure(HttpSecurity http) throws Exception { log.info("configuring security with USSD gateway: {}", environment.getProperty("grassroot.ussd.gateway", "127.0.0.1")); http .authorizeRequests() .antMatchers("/index").permitAll() .antMatchers("/signup").permitAll() .antMatchers("/signup/extra").permitAll() .antMatchers("/user/recovery").permitAll() .antMatchers("/user/recovery/success").permitAll() .antMatchers("/grass-root-verification/*").permitAll() .antMatchers("/livewire/public/**").permitAll() .antMatchers("/cardauth/**").permitAll() .antMatchers("/donate/**").permitAll() .antMatchers("/ussd/**").access(assembleUssdGatewayAccessString()) .anyRequest().authenticated() .and() .formLogin() .successHandler(savedRequestAwareAuthenticationSuccessHandler()) .defaultSuccessUrl("/home") .loginPage("/login") .loginProcessingUrl("/login") .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login") .permitAll().and() .rememberMe() .rememberMeServices(rememberMeServices()) .useSecureCookie(true).and() .headers().frameOptions().sameOrigin().and() // in future see if can path restrict this .csrf().csrfTokenRepository(new HttpSessionCsrfTokenRepository()); }
private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); /** * You'll see references to the X-XSRF-TOKEN header in the javascript code. */ repository.setHeaderName("X-XSRF-TOKEN"); return repository; }
@Bean protected CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName( "X-XSRF-TOKEN" ); return repository; }
@Bean public CsrfTokenRepository getCsrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setSessionAttributeName(CSRF_SESSION_ATTRIBUTE); repository.setParameterName(CSRF_PARAM_NAME); return repository; }
private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName("X-XSRF-TOKEN"); return repository; }
private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); log.info(Json.toJson(repository)); repository.setHeaderName(CSRF_HEADER_NAME); return repository; }
/** * This method provides a new instance of {@code CsrfTokenRepository} * * @return the newly created {@code CsrfTokenRepository} */ @Bean public CsrfTokenRepository csrfTokenRepository() { return new HttpSessionCsrfTokenRepository(); }
@Bean public CsrfTokenRepository csrfTokenRepository() { final HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName(CsrfCookieGeneratorFilter.ANGULAR_CSRF_DEFAULT_HEADER_NAME); return repository; }
@SuppressWarnings("unused") private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName("X-XSRF-TOKEN"); return repository; }
private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName("X-XSRF-TOKEN");//for AngularJS's built-in CSRF feature return repository; }
/** * Configure CSRF token repository to accept CSRF token from AngularJS friendly header. * * @return CsrfTokenRepository */ private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName(CsrfHeaderFilter.HEADER_NAME); return repository; }
CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName(XXSRFTOKEN); return repository; }
private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setSessionAttributeName("_csrf"); return repository; }
@Bean public CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName(MccyConstants.X_XSRF_TOKEN); return repository; }
/** * Method csrfTokenRepository creates repository for csrf security token * @return repository for csrf security token */ private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setHeaderName("X-XSRF-TOKEN"); return repository; }
