6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Spring boot csrf use\",\"text\":\"

I just want to use CSRF token with some url which are used for direct access.

\\n\\n

And I don't want to use CSRF for that url which are basically REST apis for other end.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Kraken\"},\"upvoteCount\":2,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

you can directly use this code for a particular type of request which need to be served with out CSRF.

\\n\\n

http.csrf().ignoringAntMatchers(\\\"/rest/v1/**\\\");\\n

\\n\\n

here /rest/v1/** will allow you to server all the request coming on the url starts with \\\"rest/v1/\\\".

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Dev Sabby\"},\"upvoteCount\":1}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","spring",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/spring/1","children":"spring"}]}],["$","span","spring-boot",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/spring-boot/1","children":"spring-boot"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/f240552e481654ec1a4a8220510e7fbb?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Kraken","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/9763124/kraken","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Kraken"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",288]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Spring boot csrf use"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I just want to use CSRF token with some url which are used for direct access.

\n\n

And I don't want to use CSRF for that url which are basically REST apis for other end.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",155]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","50585571",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/fz9IL5u6.jpg?s=256","alt":"Akshay Pethani","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4439996/akshay-pethani","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Akshay Pethani"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",2580]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

I find that the easiest way is to create an array of String with patterns, like this:

\n\n

String [] publicUrls = new String [] {\n            \"/public/**\",\n            \"/login\",\n            \"/logout\"\n    };\n

\n\n

Here is the code I use in CSRF. And the code for ignore URLs is this .ignoringAntMatchers(publicUrls):

\n\n

http.csrf()\n        .csrfTokenRepository(csrfTokenRepository())\n        .ignoringAntMatchers(publicUrls)\n

\n\n

Spring official doc ref

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}],["$","div","50617191",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/41e12f5ba204b26a7fddac3ea0caba01?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Dev Sabby","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4613430/dev-sabby","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Dev Sabby"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1427]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

you can directly use this code for a particular type of request which need to be served with out CSRF.

\n\n

http.csrf().ignoringAntMatchers(\"/rest/v1/**\");\n

\n\n

here /rest/v1/** will allow you to server all the request coming on the url starts with \"rest/v1/\".

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","60876213",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/60876213","className":"text-blue-600 hover:underline","children":"Spring Boot security can not disable CSRF protection"}]}],["$","li","40929943",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40929943","className":"text-blue-600 hover:underline","children":"Spring Boot CSRF"}]}],["$","li","40219400",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40219400","className":"text-blue-600 hover:underline","children":"Spring (Boot) application and csrf"}]}],["$","li","57647869",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/57647869","className":"text-blue-600 hover:underline","children":"Spring Boot does not require CSRF token"}]}],["$","li","56767125",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/56767125","className":"text-blue-600 hover:underline","children":"Cannot disable CSRF security in Spring Boot"}]}],["$","li","35944979",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35944979","className":"text-blue-600 hover:underline","children":"Cannot disable csrf Spring boot"}]}],["$","li","52498171",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/52498171","className":"text-blue-600 hover:underline","children":"How to handle security.enable-csrf in Spring Boot 2?"}]}],["$","li","28209344",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28209344","className":"text-blue-600 hover:underline","children":"Using just Spring Security CSRF feature"}]}],["$","li","36745521",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/36745521","className":"text-blue-600 hover:underline","children":"how could I use csrf in spring security"}]}],["$","li","29149931",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29149931","className":"text-blue-600 hover:underline","children":"Spring boot csrf filter"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Spring boot csrf use

Answers (2)

Related Questions