Hello, I’m trying to create a simple project with a POST endpoint, something like this:
@PostMapping(value = "/foos")
@PreAuthorize("hasAuthority('foo-admin')")
public ResponseEntity<FooDTO> createFoo(@Valid @NotNull @RequestBody FooDTO fooDTO){
return ResponseEntity.ok(fooService.createFoo(fooDTO));
}
To enable Okta oicd login security I have this configuration:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
static class OAuth2SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated();
}
}
Notice that altought http.csrf().disable() is a possibility I’m trying to learn how to use the csrf token.
I’m able to run successfully some tests, like this:
@Test
@WithMockUser(authorities="foo-admin")
public void createFooShouldReturnOk() throws Exception{
MvcResult result = mockMvc.perform(MockMvcRequestBuilders.post("/foos")
.contentType(MediaType.APPLICATION_JSON)
.content(body)
.with(csrf())
.accept(MediaType.APPLICATION_JSON))
.andExpect(status().isOk())
.andDo(MockMvcResultHandlers.print())
.andReturn();
assertThat(result.getResponse()).isNotNull();
}
But I don’t know how to get a csrf token to use on Postman, for example. One thing that I noticed is that even if I login on my app on the browser there isn’t a csrf token cookie there, so I’m thinking that I’m missing some configuration on my admin dashboard or something like that.
Is there a way to generate a csrf token or should I disable that verification and rely only on Okta oicd?