CSRFController.java

  1. package edu.ucsb.cs156.example.controllers;

  3. import org.springframework.context.annotation.Profile;
  4. import org.springframework.security.web.csrf.CsrfToken;
  5. import org.springframework.web.bind.annotation.GetMapping;
  6. import org.springframework.web.bind.annotation.RestController;

  8.   
  9. import io.swagger.v3.oas.annotations.Operation;
  10. import io.swagger.v3.oas.annotations.tags.Tag;

  12. /**
  13.  * The CSRF controller is used to get a CSRF token. 
  14.  * This is only enabled in the development profile, 
  15.  * and is used to test APIs with Postman or swagger.ui/
  16.  * 
  17.  * For more information on CSRF, do a web search on "Cross-Site Request Forgery".
  18.  */

  20. @Profile("development")
  21. @Tag(name = "CSRF (enabled only in development; can be used with Postman to test APIs)")
  22. @RestController
  23. public class CSRFController {

  25.   /**
  26.    * This method returns a CSRF token.
  27.    * @param token the CSRF token, injected by Spring automatically
  28.    * @return the CSRF token
  29.    */
  30.   @Operation(summary= "Get a CSRF Token")
  31.   @GetMapping("/csrf")
  32.   public CsrfToken csrf(CsrfToken token) {
  33.     return token;
  34.   }
  35. }
Created with JaCoCo 0.8.12.202403310830