Java HttpSessionCsrfTokenRepository示例

编程语言: Java

命名空间/包名称: org.springframework.security.web.csrf

hotexamples.com的示例: 4

Java HttpSessionCsrfTokenRepository - 已找到4个示例。这些是从开源项目中提取的最受好评的org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository现实Java示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

setHeaderName(3)

saveToken(1)

setParameterName(1)

setSessionAttributeName(1)

示例#1

显示文件

文件： WebSecurityConfig.java 项目： ravikumardhv/CICD

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
    csrfTokenRepository.setHeaderName(CSRF_HEADER_NAME);
    http.csrf().csrfTokenRepository(csrfTokenRepository);

    http.authorizeRequests()
        .antMatchers("/assets/**", "/webjars/**", "/login/**", "/api-docs/**")
        .permitAll()
        .antMatchers("/jsondoc/**", "/jsondoc-ui.html")
        .permitAll()
        .anyRequest()
        .fullyAuthenticated();

    http.formLogin().loginProcessingUrl("/login").loginPage("/login").failureUrl("/login?error");

    http.httpBasic();

    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout");

    http.headers()
        .defaultsDisabled()
        .contentTypeOptions()
        .and()
        .xssProtection()
        .and()
        .httpStrictTransportSecurity()
        .and()
        .addHeaderWriter(
            new StaticHeadersWriter(
                "Access-Control-Allow-Origin", "http://petstore.swagger.wordnik.com"))
        .addHeaderWriter(new CsrfTokenCookieWriter(csrfTokenRepository, CSRF_COOKIE_NAME));
  }

示例#2

显示文件

文件： WebSecurityConfig.java 项目： Drooids/alf.io

 @Bean
 public CsrfTokenRepository getCsrfTokenRepository() {
   HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
   repository.setSessionAttributeName(CSRF_SESSION_ATTRIBUTE);
   repository.setParameterName(CSRF_PARAM_NAME);
   return repository;
 }

示例#3

显示文件

文件： SecurityConfiguration.java 项目： reverseskydiver/springboot-marklogic-security-sample

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // Sync HTTP Header names to AngularJs name (default Spring: X-CSRF-TOKEN)
    HttpSessionCsrfTokenRepository tokenRepository = new HttpSessionCsrfTokenRepository();
    tokenRepository.setHeaderName("X-XSRF-TOKEN");
    // ~~
    http.csrf()
        // .csrfTokenRepository(tokenRepository)
        .disable()
        .csrf() // for testing purposes
        .and()
        .authorizeRequests()
        .antMatchers("/admin/**")
        .hasRole("ADMIN")
        .and()
        .authorizeRequests()
        .antMatchers("/**")
        .hasRole("USER");

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    // injects filter to read out x-auth-token header and validates it
    SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter =
        new XAuthTokenConfigurer(userDetailsServiceBean());
    http.apply(securityConfigurerAdapter);

    // Since we use the client-side AngularJS login view, we do not have to cover redirection
    /*
    .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/")
            .usernameParameter("usr")
            .passwordParameter("pwd")
            .permitAll()
    .and()
        .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login")
            .permitAll();
    */
  }

示例#4

显示文件

文件： SecurityConfig.java 项目： qjyzwlz/LearningAnalyticsProcessor

 private CsrfTokenRepository csrfTokenRepository() {
   HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
   repository.setHeaderName("X-XSRF-TOKEN");
   return repository;
 }