Description
CSRF Issue Latest spring Version:An expected CSRF token cannot be found
Summary
WIth Spring security version 5 with below configuration and Passing X-XSRF-TOKEN in POST request am able to get proceed .
@OverRide
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling(handling -> handling.authenticationEntryPoint(userAuthenticationEntryPoint))
.addFilterBefore(new UsernamePasswordAuthFilter(userAuthenticationProvider), BasicAuthenticationFilter.class)
.addFilterBefore(new JwtAuthFilter(userAuthenticationProvider), UsernamePasswordAuthFilter.class)
.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeRequests(requests -> requests
.antMatchers(HttpMethod.GET, "/v1/csrf").permitAll()
.antMatchers(HttpMethod.POST, "/v1/test").permitAll()
.antMatchers(HttpMethod.POST, "/v1/signIn", "/v1/signUp", "/test").permitAll()
.anyRequest().authenticated());
}
Passing X-XSRF-TOKEN in POST request am able to get proceed whereas ,
With Webflux
@bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
.authorizeExchange(exchange -> exchange.anyExchange().permitAll());
return http.build();
}
Keep on getting "An expected CSRF token cannot be found"