我已经在Spring Boot Application中实现了Spring Securitym oAuth2。
我对应用程序进行了漏洞测试,并在https://myapp:post/login?_csrf=处发现了XSS攻击漏洞
攻击示例如下
攻击请求:https://myapp:post/login?_csrf=<script>alert('hello!');</script>
服务器响应:
{
"timestamp": 1530781641320,
"status": 403,
"error": "Forbidden",
"message": "Invalid CSRF Token '<script>alert('hello!');</script>' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.",
"path": "/login"
}
此回复<script>alert('hello!');</script>应该类似于<script>alert('hello!');</script>
我想设置_csrf参数<script>alert('hello!');</script>,但我不知道该怎么做。是否有任何过滤器来捕获csrf错误响应并确定响应?
这是我的WebSecurityConfigurerAdapter
@Configuration
public class OAuthWebFormConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/oauth/confirm_access").setViewName("authorize");
}
@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationManager customAuthenticationManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin().loginPage("/login").permitAll()
.and()
.requestMatchers()
.antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.csrf()
.csrfTokenRepository(cookieCsrfTokenRepository())
.and()
.headers()
.frameOptions().sameOrigin()
.xssProtection().xssProtectionEnabled(true);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/assets/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(customAuthenticationManager);
}
private CookieCsrfTokenRepository cookieCsrfTokenRepository() {
CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository();
csrfTokenRepository.setCookieHttpOnly(true);
return csrfTokenRepository;
}
}
}