How to handle CSRF protection with Spring RESTful web services?

Question

How to handle CSRF protection with Spring RESTful web services?

I have a Spring web application with CSRF protection enabled. I can access the RESTful service through AJAX calls, but when I access the service with other applications like httpurlconnection, I get error 401 (CSRF token is null).

I understand that to access the RESTful service I need to pass a token in the request header, but how can I get the CSRF token?

+6

spring rest spring-mvc spring-security csrf

venu Oct 14 '15 at 12:41

source share

1 answer

holmis83 · Accepted Answer · 2015-10-14T15:01:02+0000

You can create a mapping in Spring MVC that receives the CSRF token:

@RequestMapping(value="/csrf-token", method=RequestMethod.GET) public @ResponseBody String getCsrfToken(HttpServletRequest request) { CsrfToken token = (CsrfToken)request.getAttribute(CsrfToken.class.getName()); return token.getToken(); }

How to handle CSRF protection with Spring RESTful web services?

More articles: