Development environment
- Java 1.8.0
- Spring Boot 2.0.6
- H2
- Maven 3.5.4
using an embedded database H2.
mvn clean package
java -jar .\target\demo.jar
password | admin | |
---|---|---|
kkamimura@example.com | iWKw06pvj | true |
rsakuma@example.com | sk10ZIaiq | false |
tyukinaga@example.com | me02yFufL | false |
zsawatari@example.com | FjqU39aia | false |
ehiyama@example.com | ruFOep18r | false |
ログイン時に必要なCSRFトークンを取得する
curl -i -c cookie.txt "http://localhost:9000/app/prelogin"
example
type cookie.txt
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_localhost FALSE /app FALSE 0 XSRF-TOKEN b6554c4e-810e-431b-8244-5e43270a5c30
#HttpOnly_localhost FALSE /app FALSE 0 JSESSIONID E56CF9C4BDD6638071D83A7E5B093991
プレログインAPIで取得したCSRFトークンを_csrfパラメータに指定する
curl -i -b cookie.txt -c cookie.txt -X POST "http://localhost:9000/app/login" -d "email=kkamimura@example.com" -d "pass=iWKw06pvj" -d "_csrf={CSRF_TOKEN}"
curl -i -b cookie.txt -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/logout"
curl -i -b cookie.txt "http://localhost:9000/app/hello"
curl -i -b cookie.txt "http://localhost:9000/app/hello/{message}"
認証が不要でもPOST時はCSRFトークンが必要
curl -i -b cookie.txt -X POST "http://localhost:9000/app/hello" -d "message=world" -d "_csrf={CSRF_TOKEN}"
curl -i -b cookie.txt "http://localhost:9000/app/memo/1"
curl -i -b cookie.txt "http://localhost:9000/app/memo/list"
curl -i -b cookie.txt "http://localhost:9000/app/user"
curl -i -b cookie.txt "http://localhost:9000/app/user/echo/{message}"
curl -i -b cookie.txt -H "Content-Type:application/json" -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/user/echo" -d "{\"message\": \"hello world\"}"
curl -i -b cookie.txt "http://localhost:9000/app/admin"
curl -i -b cookie.txt "http://localhost:9000/app/admin/echo/{message}"
curl -i -b cookie.txt -H "Content-Type:application/json" -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/admin/echo" -d "{\"message\": \"hello world\"}"