spring rest spring-mvc spring-security csrf

How to handle CSRF protection with Spring RESTful web services?

I have a Spring web application with CSRF protection enabled. I am able to access the RESTful service via AJAX calls, but when I am accessing the service with other applications like httpurlconnection, I get a 401 error (CSRF token null).

I understand that to access the RESTful service I need to pass a token in the request header, but how can I get the CSRF token?

Solution

You can create a mapping in Spring MVC that gets the CSRF token:

@RequestMapping(value="/csrf-token", method=RequestMethod.GET)
public @ResponseBody String getCsrfToken(HttpServletRequest request) {
    CsrfToken token = (CsrfToken)request.getAttribute(CsrfToken.class.getName());
    return token.getToken();
}

How to track progress of DataBufferUtils.write()?
Dot operator not clickable and lightbulb icon appearing in IntelliJ
Setting a Spring bean class name using a SpEL expression and PropertyPlaceHolder
Overriding beans in Integration tests
How to control exception while developing RESTful API with Java?
Inject Mocks for objects created by Factory classes
Spring transaction rolled back on RuntimeException
Artemis Auto configuration problem when using corda-rpc with Spring boot
Spring Boot ignores dashes in property names in YML files
How to set up liquibase in Spring for multiple data sources?
Maven and Spring Boot - non resolvable parent pom - repo.spring.io (Unknown host)
Load Multiple CSV files into database using Spring Batch
Spring Boot i18n resolution
How to configure Azure Application Insight for a Java Spring Boot in a Pod in Azure AKS
Spring @Async with CompletableFuture
Possible to access HealthIndicator methods as endpoints?
org.springframework.dao.OptimisticLockingFailureException: Attempt to update step execution id=1 with wrong version (2), where current version is 3
Issue: FileNotFoundException for AppConfig.xml in Spring Project
Custom Spring annotation for request parameters
Spring Boot Upload Multipart 413 Request Entity Too Large
Spring Batch - Deleting metadata post job completion throws error - Incorrect result size: expected 1, actual 0
How to prevent spring boot from auto creating instance of bean 'entityManagerFactory' at startup?
com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `java.time.LocalTime` from String "7:45PM"
Spring Integration webflux fails for every other calls
Asynchronous publish ignoring errors and timeouts
Spring @ExceptionHandler handling multiple kinds of exceptions
Configuring Hazelcast via Spring Boot application.yml
Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured
Programmatically restart Spring Boot application / Refresh Spring Context
Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException