Skip to content

Update webflux-form sample to use Thymeleaf Built in CSRF Support #6061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Nov 8, 2018 · 6 comments · Fixed by #6097
Closed

Update webflux-form sample to use Thymeleaf Built in CSRF Support #6061

rwinch opened this issue Nov 8, 2018 · 6 comments · Fixed by #6097
Assignees
@rwinch
Labels
in: docs An issue in Documentation or samples status: first-timers-only An issue that can only be worked on by brand new contributors
Milestone
5.2.0.M1

Comments

@rwinch
Copy link
Member

rwinch commented Nov 8, 2018
edited
Loading

Summary

Thymeleaf provides automatic integration with Spring Security's CSRF support. We should update the webflux-form sample to demonstrate it.

  • Update the dependencies to include both org.springframework.boot:spring-boot-starter-thymeleaf org.thymeleaf.extras:thymeleaf-extras-springsecurity5
  • Remove the CsrfControllerAdvice
  • Ensure the tests still pass by running ../../../gradlew check
@rwinch rwinch added Samples status: first-timers-only An issue that can only be worked on by brand new contributors labels Nov 8, 2018
@rwinch rwinch added this to the 5.2.x milestone Nov 8, 2018
@dbuos
Copy link
Contributor

dbuos commented Nov 8, 2018

I'd like to take this one 😁

@rwinch
Copy link
Member Author

rwinch commented Nov 8, 2018

Thanks @Daniel69 The issue is all yours! If you need any help, please don't hesitate to reach out to me

@dbuos
Copy link
Contributor

dbuos commented Nov 8, 2018

Thank @rwinch, I'll start by reading https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md

@dbuos
Copy link
Contributor

dbuos commented Nov 9, 2018

@rwinch I removed the CsrfControllerAdvice and added a dependency to org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.0.4.RELEASE because 'org.thymeleaf.extras:thymeleaf-extras-springsecurity' alone does not resolve, but two tests fail once I remove the Controller Advice (loginWhenInvalidUsernameThenError and loginAndLogout).
When I run the example alone after these changes and attempt to login, the only message that I can see is : 'CSRF Token has been associated to this client', no matter I use 'user' or 'invalid' as username.

@rwinch
Copy link
Member Author

rwinch commented Nov 13, 2018

@Daniel69 Sorry for the delay getting back to you. The problem is that we aren't using Spring Boot 2.1.0.RELEASE yet. I created #6082 which will resolve this. Once it is updated to Boot 2.1.0.RELEASE you should be able to remove the version from org.thymeleaf.extras:thymeleaf-extras-springsecurity5 too

@rwinch
Copy link
Member Author

rwinch commented Nov 14, 2018
edited
Loading

Thanks again for your patience. Now that #6082 has been resolved, you should be able to rebase off of master and remove the version from thymeleaf-extras-springsecurity5.

If you need any help with this, please let me know.

@rwinch rwinch self-assigned this Nov 14, 2018
@rwinch rwinch modified the milestones: 5.2.x, 5.2.0.M1 Nov 14, 2018
This was referenced Nov 14, 2018
Closed
Closed
dbuos added a commit to dbuos/spring-security that referenced this issue Nov 14, 2018
@dbuos
Update webflux-form sample to use Built in CSRF Support
e54c5b0 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: spring-projectsgh-6061
@dbuos dbuos mentioned this issue Nov 14, 2018
Merged
rwinch pushed a commit that referenced this issue Nov 14, 2018
@dbuos @rwinch
Update webflux-form sample to use Built in CSRF Support
808fbfa 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: gh-6061
rwinch pushed a commit that referenced this issue Nov 14, 2018
@dbuos @rwinch
Update webflux-form sample to use Built in CSRF Support
8655caa 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: gh-6061
jer051 pushed a commit to jer051/spring-security that referenced this issue Nov 21, 2018
@dbuos
Update webflux-form sample to use Built in CSRF Support
1b348b9 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: spring-projectsgh-6061
@rwinch rwinch added the in: docs An issue in Documentation or samples label May 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: docs An issue in Documentation or samples status: first-timers-only An issue that can only be worked on by brand new contributors
Projects
None yet
Milestone
5.2.0.M1
Development

Successfully merging a pull request may close this issue.

Update webflux-form sample to use Built in CSRF Support dbuos/spring-security
2 participants
@dbuos @rwinch