-2

I am trying to return CSRF token from a REST controller with spring 4 with xml based configuration.

I have tried this:

@RestController
public class Somecontroller{
@RequestMapping("/csrf")
public CsrfToken csrf(CsrfToken token) {
    return token;
}
}

But I just get a 404. What am I missing? Everything else is working, as I can log initially.

dabicho
  • 383
  • 4
  • 19
  • have you enabled @EnableWebSecurity? – kuhajeyan Nov 23 '16 at 06:44
  • 1
    Possible duplicate of [How to access Spring CSRF](https://stackoverflow.com/questions/33125598/how-to-access-spring-csrf-restful-web-service). – holmis83 Nov 23 '16 at 10:32
  • I am using xml based configuration for spring security (not annotation based), from what I have read on the web, it is suposed to be enabled. Also, the linked question is about sending the token from client to server. I need to let know the client the value of a token instead. I read that a controller should be able to get the token as a parameter to the mapping method, but when I add such method and try to access it, I get 404 status error. – dabicho Nov 23 '16 at 18:05

1 Answers1

0

I was looking for a way to inform the client of the csrf value. I have seen examples where csrf is read from the session attributes with a name "_csrf". Which strikes me as odd and prone to being changed in the future.

However I ended up going with that.

dabicho
  • 383
  • 4
  • 19
  • I have seen some users using `CsrfToken requestToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());` instead. – tom_mai78101 Jan 29 '20 at 18:52