I am new to groovy, I have implemented CSRF Token in grails in following manner. CSRF filter is added in resource.groovy
csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
accessDeniedHandler = ref('fnAccessDeniedHandler')
requireCsrfProtectionMatcher = ref('fnRequireCsrfProtectionMatcher')
}
But i don't know how to initialize fnAccessDeniedHandler and fnRequireCsrfProtectionMatcher . Thanks in advance.
The value in ref has to be a bean(https://docs.grails.org/latest/guide/spring.html). If you want to override accessDeniedHandler and requireCsrfProtectionMatcher, You would need to create custom classes, and create beans in resources.groovy. As an example, to create bean fnAccessDeniedHandler, you would do something like this.
Add the following in resources.groovy
fnAccessDeniedHandler(CustomAccessDeniedHandler)
And create a class CustomAccessDeniedHandler which implements AccessDeniedHandler.
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
public static final Logger LOG
= Logger.getLogger(CustomAccessDeniedHandler.class);
@Override
public void handle(
HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException exc) throws IOException, ServletException {
Authentication auth
= SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
LOG.warn("User: " + auth.getName()
+ " attempted to access the protected URL: "
+ request.getRequestURI());
}
response.sendRedirect(request.getContextPath() + "/accessDenied");
}
}
