Added support for JWT CSRF in Spring Security

2016-06-27 13:26:58 -04:00
parent 6a057f33b1
commit f1630a0199
8 changed files with 213 additions and 0 deletions
--- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java
+++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java
@@ -0,0 +1,23 @@
+package io.jsonwebtoken.jjwtfun.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CsrfTokenRepository;
+
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    CsrfTokenRepository jwtCsrfTokenRepository;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+            .csrf().csrfTokenRepository(jwtCsrfTokenRepository).and()
+            .authorizeRequests()
+            .antMatchers("/**")
+            .permitAll();
+    }
+}