Skip to content
  • Martin Lowe's avatar
    Add CSRF filter + response validation to the core Quarkus lib · eb28414f
    Martin Lowe authored
    
    
    This enables a CSRF feature that can be used on any app that makes use
    of this lib. Enable the csrf through `security.csrf.enabled`, and
    configure `security.csrf.salt` to strengthen the security of the app.
    
    Once done, any mutator requests become guarded by CSRF. Other requests
    can manually call the CSRF helper to validate a request as done in the
    test resource.
    
    Additionally, added authenticated test profile for testing
    security/authentication layer separate from the rest of the application.
    Authentication has been disabled by default, and can be enabled by
    setting the field in the application.properties file of the app.
    
    Signed-off-by: Martin Lowe's avatarMartin Lowe <martin.lowe@eclipse-foundation.org>
    eb28414f