Reputation: 311
Spring Security 4 JTwig put CSRF token in forms
How can i put CSRF token in form using JTwig?
I tried this extension but it doesn't work (showing error about {% csrf %} has no endblock). Also i tried putting HttpServletRequest object in model and then get token using this snippet, but it had no effect at all.
Is there some generic way to implement csrf-token even without template engine?
Upvotes: 1
Views: 489
Answers (1)
Reputation: 364
The following code worked for me:
I created a class called ControllerSetup (or you can name it anything you want) and I placed it inside the same folder as my Application class (the one with the public static void main() method). The code is as follows:
package some.pkg.of.myapp;
import javax.servlet.http.HttpServletRequest;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ModelAttribute;
@ControllerAdvice
public class ControllerSetup {
@ModelAttribute
public void initModel(HttpServletRequest request, Model model) {
model.addAttribute("_csrf", request.getAttribute("_csrf"));
}
}
Now, any model in any of my controllers will automatically have an attribute called _csrf. I would use it in my JTwig forms as follows:
<form method="post" action="/some/action/url">
<!-- My fields and buttons here -->
<input type="hidden"
name="{{ _csrf.parameterName }}" value="{{ _csrf.token }}" />
</form>
Upvotes: 3
Related Questions
- Getting CSRF token via AJAX
- How to enable CSRF token with Spring Boot
- spring security get csrf token in java area
- How to add csrf token to the html form?
- Spring Security CSRF Token not working with AJAX
- Avoid CSRF token in URLS
- how could I use csrf in spring security
- How can I send some jsp forms without csrf token in spring security
- Spring: Generate new csrf token programmatically
- CSRF Token coming empty in login form using Spring MVC and Spring Security