Built with the tools and technologies:
User logs in via GET request or a default Spring provided login form and gets a csrf token in response. He then sends his CSRF token anytime he wants to make a state-changing request i.e PUT, POST, DELETE. Worst case scenario? attacker gets ur CSRF and tries to make a request but he cudn't coz Spring checks for the JSESSIONID in the sent cookie if it matches the one token was generated for. So even if the attacker also grabs ur JSESSIONID, he wud not b able to send it as a requet header coz the cookie that is automatically sent along with the request will fail the auth coz it will have a different JSESSIONID.
- Basic Auth via Login Form
- CSRF Safety
- Session Hijack Safety
Before getting started with SpringSecurityAuthTemplate, ensure your runtime environment meets the following requirements:
- Programming Language: Java
Install SpringSecurityAuthTemplate using one of the following methods:
Build from source:
- Clone the SpringSecurityAuthTemplate repository:
❯ git clone https://github.com/Devang-sharma609/SpringSecurityAuthTemplate- Navigate to the project directory:
❯ cd SpringSecurityAuthTemplateRun Application File with the @SpringBootApplication annotation Use Postman for API Requests