Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Invalid CSRF token found for http://localhost:9000/send-pin
- JSESSIONID:"68DD14E708EEE9F8E5AF5F8B71A47DD0"
- XSRF-TOKEN:"76f55f0f-50c0-4061-badd-e26450954193"
- AUTH1:"yes"
- JSESSIONID:"45A27BA6EBB00A060F3C0DDC2339BD25"
- XSRF-TOKEN:"76f55f0f-50c0-4061-badd-e26450954193"
- AUTH1:"yes"
- JSESSIONID:"45A27BA6EBB00A060F3C0DDC2339BD25"
- XSRF-TOKEN:"6ee8435b-c4b1-4455-b812-89faa57c78a5"
- <div ng-show="processStep=='start'" >
- <hr><hr>
- <h3>Login Form</h3>
- <hr><hr>
- <div class="alert alert-danger" ng-show="error">
- There was a problem logging in. Please try again.
- </div>
- <form role="form" ng-submit="login()">
- <div class="form-group">
- <label for="username">Username:</label>
- <input type="text" class="form-control" id="username" name="username" ng-model="credentials.username"/>
- </div>
- <div class="form-group">
- <label for="password">Password:</label>
- <input type="password" class="form-control" id="password" name="password" ng-model="credentials.password"/>
- </div>
- <button type="submit" class="btn btn-primary">Submit</button>
- </form>
- </div>
- $scope.login = function() {
- auth.authenticate1($scope.credentials, function(authenticated1) {
- if (authenticated1=='yes') {
- $scope.uname = $scope.credentials.username;//used by pinForm to send username to server.
- $scope.existing = "yes";//used by `/send-pin` to skip check for weblead by id
- var resultmessage = { "name": $scope.credentials.username };
- $http.post('/send-pin', resultmessage).then(function(response) {
- $scope.processStep = response.data.content;
- auth.usrname = response.data.name;
- });
- $scope.error = false;
- } else { $scope.error = true; }
- })
- }
- authenticate1 : function(credentials, callback) {
- var headers = credentials && credentials.username ? {
- authorization : "Basic " + btoa(credentials.username + ":" + credentials.password)
- } : {};
- $http.get('user', {
- headers : headers
- }).success(function(data) {
- if (data.name) { auth.authenticated1 = 'yes'; }
- else { auth.authenticated1 = 'no'; }
- callback && callback(auth.authenticated1);
- }).error(function() {
- auth.authenticated1 = 'no';
- callback && callback(false);
- });
- },
- @SpringBootApplication
- @Controller
- @EnableJpaRepositories(basePackages = "demo", considerNestedRepositories = true)
- public class UiApplication extends WebMvcConfigurerAdapter {
- @Autowired
- private Users users;
- @RequestMapping(value = "/{[path:[^\.]*}")
- public String redirect() {
- // Forward to home page so that route is preserved.
- return "forward:/";
- }
- @RequestMapping("/user")
- @ResponseBody
- public Principal user(HttpServletResponse response, HttpSession session, Principal user) {
- response.addCookie(new Cookie("AUTH1", "yes"));
- return user;
- }
- public static void main(String[] args) {
- SpringApplication.run(UiApplication.class, args);
- }
- @Bean
- public LocaleResolver localeResolver() {
- SessionLocaleResolver slr = new SessionLocaleResolver();
- slr.setDefaultLocale(Locale.US);
- return slr;
- }
- @Bean
- public LocaleChangeInterceptor localeChangeInterceptor() {
- LocaleChangeInterceptor lci = new LocaleChangeInterceptor();
- lci.setParamName("lang");
- return lci;
- }
- @Override
- public void addViewControllers(ViewControllerRegistry registry) {
- registry.addViewController("/login").setViewName("login");
- }
- @Override
- public void addInterceptors(InterceptorRegistry registry) {
- registry.addInterceptor(localeChangeInterceptor());
- }
- @Order(Ordered.HIGHEST_PRECEDENCE)
- @Configuration
- protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
- @Autowired
- private Users users;
- @Override
- public void init(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(users);
- }
- }
- @SuppressWarnings("deprecation")
- @Configuration
- @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
- @EnableWebMvcSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.httpBasic().and().authorizeRequests()
- .antMatchers("/registration-form").permitAll()
- .antMatchers("/confirm-email**").permitAll()
- .antMatchers("/submit-phone").permitAll()
- .antMatchers("/check-pin").permitAll()
- .antMatchers("/send-pin").permitAll()
- .antMatchers("/index.html", "/", "/login", "/message", "/home", "/public*", "/confirm*", "/register*")
- .permitAll().anyRequest().authenticated().and().csrf()
- .csrfTokenRepository(csrfTokenRepository()).and()
- .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
- }
- private Filter csrfHeaderFilter() {
- return new OncePerRequestFilter() {
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
- CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
- if (csrf != null) {
- Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
- String token = csrf.getToken();
- if (cookie == null || token != null && !token.equals(cookie.getValue())) {
- cookie = new Cookie("XSRF-TOKEN", token);
- cookie.setPath("/");
- response.addCookie(cookie);
- }
- }
- filterChain.doFilter(request, response);
- }
- };
- }
- private CsrfTokenRepository csrfTokenRepository() {
- HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
- repository.setHeaderName("X-XSRF-TOKEN");
- return repository;
- }
- }
- }
- 2016-01-20 02:02:06.811 DEBUG 3995 --- [nio-9000-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@70b8c8bb
- 2016-01-20 02:02:06.813 DEBUG 3995 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : /send-pin at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
- 2016-01-20 02:02:06.813 DEBUG 3995 --- [nio-9000-exec-5] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:9000/send-pin
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement