Add CSRF filter + response validation to the core Quarkus lib

Review changes
Download
Patches
Plain diff

Merged Add CSRF filter + response validation to the core Quarkus lib

Overview 0
Commits 3
Pipelines 0
Changes 17

Merged Martin Lowe requested to merge malowe/master/3 into master 4 years ago

Overview 0
Commits 3
Pipelines 0
Changes 17

This enables a CSRF feature that can be used on any app that makes use of this lib. Enable the csrf through security.csrf.enabled, and configure security.csrf.salt to strengthen the security of the app.

Once done, any mutator requests become guarded by CSRF. Other requests can manually call the CSRF helper to validate a request as done in the test resource.

Additionally, added authenticated test profile for testing security/authentication layer separate from the rest of the application. Authentication has been disabled by default, and can be enabled by setting the field in the application.properties file of the app.

Signed-off-by: Martin Lowe martin.lowe@eclipse-foundation.org

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

0 Assignees

None

Select assignees

0 Reviewers

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

No estimate or time spent

0 Participants

There are currently no pipelines.

To run a merge request pipeline, the jobs in the CI/CD configuration file must be configured to run in merge request pipelines and you must have sufficient permissions in the source project.