Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2991: Add CSRF Token to OpenID XML Sample

This commit is contained in:
Rob Winch 2015-07-21 10:42:24 -05:00
parent 07fb2af74b
commit cd4a7e95cc
3 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
samples/openid-xml/openid.gradle
View File

@ -5,7 +5,8 @@ apply plugin: 'jetty'
dependencies { dependencies {
compile project(':spring-security-core'), compile project(':spring-security-core'),
project(':spring-security-openid') project(':spring-security-openid'),
"org.springframework:spring-webmvc:$springVersion"
providedCompile "javax.servlet:javax.servlet-api:$servletApiVersion" providedCompile "javax.servlet:javax.servlet-api:$servletApiVersion"

9
samples/openid-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -10,12 +10,11 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http pattern="/openidlogin.jsp*" security="none" />
<http pattern="/images/*" security="none" />
<http pattern="/css/*" security="none" />
<http pattern="/js/*" security="none" />
<http> <http>
<intercept-url pattern="/openidlogin.jsp*" access="permitAll"/>
<intercept-url pattern="/images/*" access="permitAll"/>
<intercept-url pattern="/css/*" access="permitAll"/>
<intercept-url pattern="/js/*" access="permitAll"/>
<intercept-url pattern="/**" access="authenticated"/> <intercept-url pattern="/**" access="authenticated"/>
<logout/> <logout/>
<openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService" <openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService"

7
samples/openid-xml/src/main/webapp/openidlogin.jsp
View File

@ -1,4 +1,5 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %> <%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
@ -36,8 +37,8 @@
</c:if> </c:if>
<!-- Simple OpenID Selector --> <!-- Simple OpenID Selector -->
<form action="<c:url value='login/openid'/>" method="post" id="openid_form"> <form:form action="login/openid" method="post" id="openid_form">
<input type="hidden" name="action" value="verify" /> <input type="hidden" name="action" value="verify" />
<fieldset> <fieldset>
<legend>Sign-in or Create New Account</legend> <legend>Sign-in or Create New Account</legend>
@ -57,7 +58,7 @@
Find out <a href="http://openid.net/what/">more about OpenID</a> and <a href="http://openid.net/get/">how to get an OpenID enabled account</a>.</p> Find out <a href="http://openid.net/what/">more about OpenID</a> and <a href="http://openid.net/get/">how to get an OpenID enabled account</a>.</p>
</noscript> </noscript>
</fieldset> </fieldset>
</form> </form:form>
<!-- /Simple OpenID Selector --> <!-- /Simple OpenID Selector -->
</body> </body>