重命名Spring csrf令牌变量

时间:2015-07-08 12:51:45

标签: java spring spring-security csrf csrf-protection

我的应用程序在另一个门户应用程序下运行两者都是在春天实现的,都使用csrf安全性。

我的需求基本上是改变csrf令牌在会话中的命名方式,因此这两个令牌都可以正常工作而不会发生冲突。到目前为止我尝试创建另一个令牌存储库并尝试更改安全配置类中的参数名称和会话属性名称。

final HttpSessionCsrfTokenRepository tokenRepository = new HttpSessionCsrfTokenRepository();
tokenRepository.setHeaderName("TOOLBIZ-CSRF-TOKEN");
tokenRepository.setParameterName("toolbiz_csfr");
//tokenRepository.setSessionAttributeName("toolbiz_csrf");

当我提出请求时Spring并不是非常喜欢这个新设置,并且日志产生以下行:

Invalid CSRF token found

我该怎么做?我错过了什么吗?

2 个答案:

答案 0 :(得分:2)

这对我有用: - 

dbPath = ActiveWorkbook.Path & "\WaitAnalysisDB.accdb"
tblName = "Wait_Data_Table"
strcon = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source='" & dbPath & "';"
conn.Open strcon

过滤器: - 

Dim conn As New ADODB.Connection, rs As New ADODB.Recordset, dbPath As String, tblName As String
Dim rngColHeads As Range, rngTblRcds As Range, colHead As String, rcdDetail As String
Dim ch As Integer, cl As Integer, notNull As Boolean, strcon As String, lr As Integer
Dim currentdate As String
Dim strdbcheck As String


'Code Checks if There Are Records for the Date in the DB
'If there is, then it skips the SQL code

currentdate = Date
dbPath = ActiveWorkbook.Path & "\WaitAnalysisDB.accdb"
tblName = "Wait_Data_Table"
strcon = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source='" & dbPath & "';"
conn.Open strcon

strdbcheck = "SELECT * FROM " & tblName
rs.Open strdbcheck, conn

rs.Filter = "Date= #" & currentdate & "#"
If Not rs.EOF Then
    Set rs = Nothing
    Set conn = Nothing
    GoTo SkipExport
Else
    Set rs = Nothing
    Set conn = Nothing
        GoTo Export
End If



Export:

'Set Up Connections
dbPath = ActiveWorkbook.Path & "\WaitAnalysisDB.accdb"
tblName = "Wait_Data_Table"

'Create Date Column
Worksheets("Wait Analysis DATA").Select
lr = Cells(Rows.Count, "K").End(xlUp).Row
currentdate = Date: Range("O1").Value = "Date": Range(Range("O2"), Range("O" & lr)).Value = currentdate

Set rngColHeads = ActiveSheet.Range(Range("a1"), Range("a1").End(xlToRight))
Set rngTblRcds = ActiveSheet.Range(Range("K2:k" & lr).Offset(0, -10), Range("K2:k" & lr).Offset(0, 4))

'SQL connection String
strcon = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source='" & dbPath & "';"

'Create String for Columns for SQL
colHead = "(["
For ch = 1 To rngColHeads.Count
    colHead = colHead & rngColHeads.Columns(ch).Value
    Select Case ch
        Case Is = rngColHeads.Count
            colHead = colHead & "])"
        Case Else
            colHead = colHead & "],["
    End Select
Next ch


On Error GoTo EndUpdate
conn.Open strcon
conn.BeginTrans

Dim tempcl As Integer

For cl = 1 To rngTblRcds.Rows.Count

    If Range("a2").Offset(cl - 1, 0) = "" Then
        tempcl = cl - Range("a2").Offset(cl, 0).End(xlUp).Rows.Count

        notNull = False
        rcdDetail = "('"
        For ch = 1 To rngColHeads.Count
        Select Case rngTblRcds.Rows(tempcl).Columns(ch).Value
            Case Is = Empty
                Select Case ch
                    Case Is = rngColHeads.Count
                        rcdDetail = Left(rcdDetail, Len(rcdDetail) - 1) & "NULL)"
                    Case Else
                        rcdDetail = Left(rcdDetail, Len(rcdDetail) - 1) & "NULL,'"
                End Select
            Case Else
                notNull = True
                Select Case ch
                    Case "11":
                        rcdDetail = rcdDetail & rngTblRcds.Rows(cl).Columns(ch).Value & "','"
                    Case Is = rngColHeads.Count
                        rcdDetail = rcdDetail & rngTblRcds.Rows(tempcl).Columns(ch).Value & "')"
                    Case Else
                        rcdDetail = rcdDetail & rngTblRcds.Rows(tempcl).Columns(ch).Value & "','"
                End Select
            End Select
    Next ch
        tempcl = 0
        GoTo skipads

    End If


    notNull = False
    rcdDetail = "('"
    For ch = 1 To rngColHeads.Count
        Select Case rngTblRcds.Rows(cl).Columns(ch).Value
            Case Is = Empty
                Select Case ch
                    Case Is = rngColHeads.Count
                        rcdDetail = Left(rcdDetail, Len(rcdDetail) - 1) & "NULL)"
                    Case Else
                        rcdDetail = Left(rcdDetail, Len(rcdDetail) - 1) & "NULL,'"
                End Select
            Case Else
                notNull = True
                Select Case ch
                    Case Is = rngColHeads.Count
                        rcdDetail = rcdDetail & rngTblRcds.Rows(cl).Columns(ch).Value & "')"
                    Case Else
                        rcdDetail = rcdDetail & rngTblRcds.Rows(cl).Columns(ch).Value & "','"
                End Select
            End Select
    Next ch

skipads:
    Select Case notNull
        Case Is = True
            rs.Open "INSERT INTO " & tblName & colHead & " VALUES " & rcdDetail, conn
        Case Is = False
                'do not insert record
    End Select


Next cl

EndUpdate:
    If Err.Number <> 0 Then
        On Error Resume Next
        conn.RollbackTrans
        MsgBox "There was an error. This will exit the macro.", vbCritical, "Error!"
        End
    Else
        On Error Resume Next
        conn.CommitTrans
    End If

    conn.Close
    Set rs = Nothing
    Set conn = Nothing
    On Error GoTo 0



SkipExport:

您是否覆盖了WebSecurityConfigurerAdapter #configure方法?

答案 1 :(得分:0)

请记住在重命名标题之前删除您已经拥有的任何旧Cookie。我有同样的问题,一切都设置得很好,但浏览器中的旧cookie导致过滤功能基本没用。

相关问题
最新问题