API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 20th, 2016
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.95 KB | None | 0 0
raw download clone embed print report
  1. Invalid CSRF token found for http://localhost:9000/send-pin
  2.  
  3. JSESSIONID:"68DD14E708EEE9F8E5AF5F8B71A47DD0"
  4. XSRF-TOKEN:"76f55f0f-50c0-4061-badd-e26450954193"
  5.  
  6. AUTH1:"yes"
  7. JSESSIONID:"45A27BA6EBB00A060F3C0DDC2339BD25"
  8. XSRF-TOKEN:"76f55f0f-50c0-4061-badd-e26450954193"
  9.  
  10. AUTH1:"yes"
  11. JSESSIONID:"45A27BA6EBB00A060F3C0DDC2339BD25"
  12. XSRF-TOKEN:"6ee8435b-c4b1-4455-b812-89faa57c78a5"
  13.  
  14. <div ng-show="processStep=='start'" >
  15. <hr><hr>
  16. <h3>Login Form</h3>
  17. <hr><hr>
  18. <div class="alert alert-danger" ng-show="error">
  19. There was a problem logging in. Please try again.
  20. </div>
  21. <form role="form" ng-submit="login()">
  22. <div class="form-group">
  23. <label for="username">Username:</label>
  24. <input type="text" class="form-control" id="username" name="username" ng-model="credentials.username"/>
  25. </div>
  26. <div class="form-group">
  27. <label for="password">Password:</label>
  28. <input type="password" class="form-control" id="password" name="password" ng-model="credentials.password"/>
  29. </div>
  30. <button type="submit" class="btn btn-primary">Submit</button>
  31. </form>
  32. </div>
  33.  
  34. $scope.login = function() {
  35. auth.authenticate1($scope.credentials, function(authenticated1) {
  36. if (authenticated1=='yes') {
  37. $scope.uname = $scope.credentials.username;//used by pinForm to send username to server.
  38. $scope.existing = "yes";//used by `/send-pin` to skip check for weblead by id
  39. var resultmessage = { "name": $scope.credentials.username };
  40. $http.post('/send-pin', resultmessage).then(function(response) {
  41. $scope.processStep = response.data.content;
  42. auth.usrname = response.data.name;
  43. });
  44. $scope.error = false;
  45. } else { $scope.error = true; }
  46. })
  47. }
  48.  
  49. authenticate1 : function(credentials, callback) {
  50.  
  51. var headers = credentials && credentials.username ? {
  52. authorization : "Basic " + btoa(credentials.username + ":" + credentials.password)
  53. } : {};
  54.  
  55. $http.get('user', {
  56. headers : headers
  57. }).success(function(data) {
  58. if (data.name) { auth.authenticated1 = 'yes'; }
  59. else { auth.authenticated1 = 'no'; }
  60. callback && callback(auth.authenticated1);
  61. }).error(function() {
  62. auth.authenticated1 = 'no';
  63. callback && callback(false);
  64. });
  65. },
  66.  
  67. @SpringBootApplication
  68. @Controller
  69. @EnableJpaRepositories(basePackages = "demo", considerNestedRepositories = true)
  70. public class UiApplication extends WebMvcConfigurerAdapter {
  71.  
  72. @Autowired
  73. private Users users;
  74.  
  75. @RequestMapping(value = "/{[path:[^\.]*}")
  76. public String redirect() {
  77. // Forward to home page so that route is preserved.
  78. return "forward:/";
  79. }
  80.  
  81. @RequestMapping("/user")
  82. @ResponseBody
  83. public Principal user(HttpServletResponse response, HttpSession session, Principal user) {
  84. response.addCookie(new Cookie("AUTH1", "yes"));
  85. return user;
  86. }
  87.  
  88. public static void main(String[] args) {
  89. SpringApplication.run(UiApplication.class, args);
  90. }
  91.  
  92. @Bean
  93. public LocaleResolver localeResolver() {
  94. SessionLocaleResolver slr = new SessionLocaleResolver();
  95. slr.setDefaultLocale(Locale.US);
  96. return slr;
  97. }
  98.  
  99. @Bean
  100. public LocaleChangeInterceptor localeChangeInterceptor() {
  101. LocaleChangeInterceptor lci = new LocaleChangeInterceptor();
  102. lci.setParamName("lang");
  103. return lci;
  104. }
  105.  
  106. @Override
  107. public void addViewControllers(ViewControllerRegistry registry) {
  108. registry.addViewController("/login").setViewName("login");
  109. }
  110.  
  111. @Override
  112. public void addInterceptors(InterceptorRegistry registry) {
  113. registry.addInterceptor(localeChangeInterceptor());
  114. }
  115.  
  116. @Order(Ordered.HIGHEST_PRECEDENCE)
  117. @Configuration
  118. protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
  119.  
  120. @Autowired
  121. private Users users;
  122.  
  123. @Override
  124. public void init(AuthenticationManagerBuilder auth) throws Exception {
  125. auth.userDetailsService(users);
  126. }
  127. }
  128.  
  129. @SuppressWarnings("deprecation")
  130. @Configuration
  131. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
  132. @EnableWebMvcSecurity
  133. @EnableGlobalMethodSecurity(prePostEnabled = true)
  134. protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  135.  
  136. @Override
  137. protected void configure(HttpSecurity http) throws Exception {
  138. http.httpBasic().and().authorizeRequests()
  139. .antMatchers("/registration-form").permitAll()
  140. .antMatchers("/confirm-email**").permitAll()
  141. .antMatchers("/submit-phone").permitAll()
  142. .antMatchers("/check-pin").permitAll()
  143. .antMatchers("/send-pin").permitAll()
  144. .antMatchers("/index.html", "/", "/login", "/message", "/home", "/public*", "/confirm*", "/register*")
  145. .permitAll().anyRequest().authenticated().and().csrf()
  146. .csrfTokenRepository(csrfTokenRepository()).and()
  147. .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
  148. }
  149.  
  150. private Filter csrfHeaderFilter() {
  151. return new OncePerRequestFilter() {
  152. @Override
  153. protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
  154.  
  155. CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
  156. if (csrf != null) {
  157. Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
  158. String token = csrf.getToken();
  159. if (cookie == null || token != null && !token.equals(cookie.getValue())) {
  160. cookie = new Cookie("XSRF-TOKEN", token);
  161. cookie.setPath("/");
  162. response.addCookie(cookie);
  163. }
  164. }
  165. filterChain.doFilter(request, response);
  166. }
  167. };
  168. }
  169.  
  170. private CsrfTokenRepository csrfTokenRepository() {
  171. HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
  172. repository.setHeaderName("X-XSRF-TOKEN");
  173. return repository;
  174. }
  175.  
  176. }
  177.  
  178. }
  179.  
  180. 2016-01-20 02:02:06.811 DEBUG 3995 --- [nio-9000-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@70b8c8bb
  181. 2016-01-20 02:02:06.813 DEBUG 3995 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : /send-pin at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
  182. 2016-01-20 02:02:06.813 DEBUG 3995 --- [nio-9000-exec-5] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:9000/send-pin
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!