Skip to content
/ CsrfRestExample Public
forked from show123456/CsrfRestExample

Example how to secure Spring Boot REST application against csrf withoung using session

0 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mohsennn/CsrfRestExample

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

CsrfRestExample

Example how to secure scalable Spring Boot REST application against CSRF without using session.

Anti-CSRF tokens are stored in a Redis database to support multiple instances of the application. Spring security is instructed to use this TokenRepository instead of default HttpSessionCsrfTokenRepository.

GET /info

unauthorized access to info resoucre

GET /login

authorized resource that returns also csrf_token token in headers

PUT /info

authorized access to resource that can be accessed only with correct csrf_token

About

Example how to secure Spring Boot REST application against csrf withoung using session

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%