New Toronto Group
 - New Toronto Group

AngularJS with Spring Security and CSRF Token

| Posted on November 27th, 2014 by Alain Thibodeau


I was recently working on an AngularJS application with Spring Security. We needed to implement Cross Site Request Forgery protection.

For more about this type of attack, take a look at the explanation on the open web application security project.

By default AngularJS provides a mechanism to implement Cross Site Request Forgery, however this mechanism works with cookies only. Since Spring Security works by setting a token as an HTTP parameter, the out of the box solution AngularJS provides wouldn’t work. There are several posted discussions about how to implement CSRF with Spring Security within single page applications. While reading these solutions, I discovered a simple AngularJS interceptor that did the trick.

As mentioned in the documentation, the spring-security-csrf-token-interceptor works by making a head call to receive the X-CSRF-TOKEN, it then stores this token and sends it out with every http request.

Problem Solved!

 

Posted in AngularJS  | Comments (0)

Comments (0)


Add a Comment





To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey

Allowed tags: <b><i><br>Add a new comment: