CsrfCookieGeneratorFilter.java example

Explorer

jhipster-sample-app-java7-master
- src
  - main
    - java
      - com
        mycompany
        myapp
        Application.java
        ApplicationWebXml.java
        aop
        logging
        LoggingAspect.java
        async
        ExceptionHandlingAsyncTaskExecutor.java
        package-info.java
        config
        AsyncConfiguration.java
        CacheConfiguration.java
        CloudDatabaseConfiguration.java
        Constants.java
        DatabaseConfiguration.java
        JHipsterProperties.java
        JacksonConfiguration.java
        LocaleConfiguration.java
        LoggingAspectConfiguration.java
        MailConfiguration.java
        MetricsConfiguration.java
        SecurityConfiguration.java
        ThymeleafConfiguration.java
        WebConfigurer.java
        apidoc
        SwaggerConfiguration.java
        package-info.java
        audit
        AuditEventConverter.java
        package-info.java
        liquibase
        AsyncSpringLiquibase.java
        package-info.java
        locale
        AngularCookieLocaleResolver.java
        package-info.java
        metrics
        DatabaseHealthIndicator.java
        JHipsterHealthIndicatorConfiguration.java
        JavaMailHealthIndicator.java
        package-info.java
        package-info.java
        domain
        AbstractAuditingEntity.java
        Authority.java
        BankAccount.java
        Label.java
        Operation.java
        PersistentAuditEvent.java
        PersistentToken.java
        User.java
        package-info.java
        util
        CustomDateTimeDeserializer.java
        CustomDateTimeSerializer.java
        CustomLocalDateSerializer.java
        FixedH2Dialect.java
        ISO8601LocalDateDeserializer.java
        repository
        AuthorityRepository.java
        BankAccountRepository.java
        CustomAuditEventRepository.java
        LabelRepository.java
        OperationRepository.java
        PersistenceAuditEventRepository.java
        PersistentTokenRepository.java
        UserRepository.java
        package-info.java
        security
        AjaxAuthenticationFailureHandler.java
        AjaxAuthenticationSuccessHandler.java
        AjaxLogoutSuccessHandler.java
        AuthoritiesConstants.java
        CustomPersistentRememberMeServices.java
        Http401UnauthorizedEntryPoint.java
        SecurityUtils.java
        SpringSecurityAuditorAware.java
        UserDetailsService.java
        UserNotActivatedException.java
        package-info.java
        service
        AuditEventService.java
        MailService.java
        UserService.java
        package-info.java
        util
        RandomUtil.java
        web
        filter
        CachingHttpHeadersFilter.java
        CsrfCookieGeneratorFilter.java
        StaticResourcesProductionFilter.java
        gzip
        GZipResponseUtil.java
        GZipServletFilter.java
        GZipServletOutputStream.java
        GZipServletResponseWrapper.java
        GzipResponseHeadersNotModifiableException.java
        package-info.java
        package-info.java
        propertyeditors
        LocaleDateTimeEditor.java
        package-info.java
        rest
        AccountResource.java
        AuditResource.java
        BankAccountResource.java
        LabelResource.java
        LogsResource.java
        OperationResource.java
        UserResource.java
        dto
        KeyAndPasswordDTO.java
        LoggerDTO.java
        ManagedUserDTO.java
        UserDTO.java
        package-info.java
        errors
        CustomParameterizedException.java
        ErrorConstants.java
        ErrorDTO.java
        ExceptionTranslator.java
        FieldErrorDTO.java
        ParameterizedErrorDTO.java
        package-info.java
        util
        HeaderUtil.java
        PaginationUtil.java
  - test
    - java
      - com
        mycompany
        myapp
        security
        SecurityUtilsTest.java
        service
        UserServiceTest.java
        web
        rest
        AccountResourceTest.java
        AuditResourceTest.java
        BankAccountResourceTest.java
        LabelResourceTest.java
        OperationResourceTest.java
        TestUtil.java
        UserResourceTest.java

package com.mycompany.myapp.web.filter;

import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Filter used to put the CSRF token generated by Spring Security in a cookie for use by AngularJS.
 */
public class CsrfCookieGeneratorFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        // Spring put the CSRF token in session attribute "_csrf"
        CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

        // Send the cookie only if the token has changed
        String actualToken = request.getHeader("X-CSRF-TOKEN");
        if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
            // Session cookie that will be used by AngularJS
            String pCookieName = "CSRF-TOKEN";
            Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
            cookie.setMaxAge(-1);
            cookie.setHttpOnly(false);
            cookie.setPath("/");
            response.addCookie(cookie);
        }
        filterChain.doFilter(request, response);
    }
}