Add CSRF filter + response validation to the core Quarkus lib (!3) · Merge requests · Eclipse Foundation / IT / APIs / Eclipse Foundation API SDK · GitLab

Snippets Groups Projects

Merged Martin Lowe requested to merge malowe/master/3 into master 4 years ago

This enables a CSRF feature that can be used on any app that makes use of this lib. Enable the csrf through security.csrf.enabled, and configure security.csrf.salt to strengthen the security of the app.

Once done, any mutator requests become guarded by CSRF. Other requests can manually call the CSRF helper to validate a request as done in the test resource.

Additionally, added authenticated test profile for testing security/authentication layer separate from the rest of the application. Authentication has been disabled by default, and can be enabled by setting the field in the application.properties file of the app.

Signed-off-by: Martin Lowe martin.lowe@eclipse-foundation.org

Activity

Martin Lowe added 1 commit 4 years ago
added 1 commit

947fc66f - Add call to get reference to DB object

Compare with previous version
Martin Lowe added 12 commits 4 years ago
added 12 commits

947fc66f...82b48092 - 10 commits from branch master

eb28414f - Add CSRF filter + response validation to the core Quarkus lib

0d314806 - Add call to get reference to DB object

Compare with previous version
Martin Lowe added 1 commit 4 years ago
added 1 commit

7dec6db7 - Fix bad type check in equals for BareNode class

Compare with previous version
Mikaël Barbero approved this merge request 4 years ago

approved this merge request
Martin Lowe merged 4 years ago

merged
Martin Lowe mentioned in commit ec658765 4 years ago

mentioned in commit ec658765

Please register or sign in to reply

Copyright © Eclipse Foundation, Inc. All Rights Reserved. Privacy Policy | Terms of Use | Copyright Agent