venu
Reputation: 2979
How to handle CSRF protection with Spring RESTful web services?
I have a Spring web application with CSRF protection enabled. I am able to access the RESTful service via AJAX calls, but when I am accessing the service with other applications like httpurlconnection, I get a 401 error (CSRF token null).
I understand that to access the RESTful service I need to pass a token in the request header, but how can I get the CSRF token?
Upvotes: 14
Views: 12830
Answers (1)
holmis83
Reputation: 16604
You can create a mapping in Spring MVC that gets the CSRF token:
@RequestMapping(value="/csrf-token", method=RequestMethod.GET)
public @ResponseBody String getCsrfToken(HttpServletRequest request) {
CsrfToken token = (CsrfToken)request.getAttribute(CsrfToken.class.getName());
return token.getToken();
}
Upvotes: 27
Related Questions
- CSRF protection with Angular + Spring Boot + REST + JWT
- Spring CSRF protection scenario?
- Spring security - CSRF with REST methods
- Protecting web application from CSRF attack using Spring Security
- Spring Security, Stateless REST service and CSRF
- Rest Services and CSRF
- how could I use csrf in spring security
- CSRF and Spring Security
- CSRF protection in web application
- Spring Security, Rest Authentication and CSRF