我有一个用于获取csrf_token的GET方法。我第一次调用该方法时收到null吗?
@GetMapping("check/mobile/{mobile}/otp/{otp}")
public Response checkOtp(@PathVariable String mobile, @PathVariable int otp) {
return otpService.checkOtp(mobile, otp);
}
public Response checkOtp(String mobile, int otp) {
Response response = new Response();
response.setStatus(ResponseStatusEnum.SUCCESS);
response.setDescription(messages.get("otp.success"));
Authentication authentication = new UsernamePasswordAuthenticationToken(mobile, "",
AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(authentication);
response.setData(getCsrfToken());
return response;
}
private CsrfToken getCsrfToken() {
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder
.currentRequestAttributes();
HttpSession session = attr.getRequest().getSession();
return (CsrfToken) session.getAttribute(
"org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository.CSRF_TOKEN");
}