Spring Boot Rest API with Spring Security Tocken | Code Factory

Reference Link : Link

Donate : Link

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <parent>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>2.1.6.RELEASE</version>
  <relativePath/> <!-- lookup parent from repository -->
 </parent>
 <groupId>com.example</groupId>
 <artifactId>SpringBootRestWithSpringSecurity</artifactId>
 <version>0.0.1-SNAPSHOT</version>
 <name>SpringBootRestWithSpringSecurity</name>
 <description>Spring Boot Rest API</description>
<properties>
  <java.version>1.8</java.version>
 </properties>
<dependencies>
  <dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-actuator</artifactId>
  </dependency>
  <dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-security</artifactId>
  </dependency>
  <dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-web</artifactId>
  </dependency>
<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-test</artifactId>
   <scope>test</scope>
  </dependency>
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-test</artifactId>
   <scope>test</scope>
  </dependency>
 </dependencies>
<build>
  <plugins>
   <plugin>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-maven-plugin</artifactId>
   </plugin>
  </plugins>
 </build>
</project>

application.properties

spring.security.user.name=root
spring.security.user.password=root

SpringBootRestWithSpringSecurity.java

package com.example;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringBootRestWithSpringSecurity {
public static void main(String[] args) {
  SpringApplication.run(SpringBootRestWithSpringSecurity.class, args);
 }
}

RestController.java

package com.example.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import com.example.model.Employee;
@org.springframework.web.bind.annotation.RestController
public class RestController {
@GetMapping("/loginPage")
 public String main(HttpServletRequest request, HttpServletResponse response) throws IOException {
  HttpSession session = request.getSession();
  System.out.println(request.getAttribute("_csrf"));
  CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
  System.out.println(csrfToken.getToken());
  return csrfToken.getToken();
 }
@PostMapping("/getData")
 public Employee getData(HttpServletRequest request) {
  return new Employee("EMP_ID", "EMP_NAME");
 }
}

Employee.java

package com.example.model;
public class Employee {
private String id;
 private String name;
public Employee(String id, String name) {
  this.id = id;
  this.name = name;
 }
 
 public String getId() {
  return id;
 }
 public void setId(String id) {
  this.id = id;
 }
 public String getName() {
  return name;
 }
 public void setName(String name) {
  this.name = name;
 }
}

http://localhost:8080/loginPage without authentication

http://localhost:8080/loginPage with authentication

http://localhost:8080/getData without _csrf tocken

http://localhost:8080/getData with _csrf tocken