Failed to add CSRF for Spring boot starter for camunda 7.10.6-ee

romankh3 · August 19, 2019, 8:53am

Hello, the community!

I tried to add CSRF Prevention for my Spring Boot app with Camunda Spring boot starter.

Camunda version: 7.10.6-ee
Camunda Spring boot starver version: 3.1.3

I have added filter, based on this documentation:

  @Bean
    public FilterRegistrationBean<CsrfPreventionFilter> csrfPreventionFilterFilterRegistrationBean() {
        CsrfPreventionFilter csrfPreventionFilter = new CsrfPreventionFilter();
    csrfPreventionFilter.setEntryPoints(
            "/api/engine/engine/default/history/task/count, /api/engine/engine/default/history/variable/count"
    );
    csrfPreventionFilter.setRandomClass("java.security.SecureRandom");
    csrfPreventionFilter.setDenyStatus(404);

    final FilterRegistrationBean<CsrfPreventionFilter> filterRegistrationBean = new FilterRegistrationBean<>();
    filterRegistrationBean.setFilter(csrfPreventionFilter);
    filterRegistrationBean.addUrlPatterns("/*");
    return filterRegistrationBean;
}

And I have updated application.yaml, based on the same document.

camunda:
   bpm:
     webapp:
           csrf:
             enable-secure-cookie: true
             enable-same-site-cookie: true

Nevertheless, It didn’t help me at all.

I read the topic related to it: [Issue with CSRF Prevention filter of camunda-bpm-wildfly-7.10.0](http://Issue with CSRF Prevention filter of camunda-bpm-wildfly-7.10.0)
And as I understood in my version of the camunda spring boot starter this issue has been resolved.

Any ideas?

romankh3 · August 20, 2019, 11:02am

@Niall, do you have any ideas?

Yana · August 21, 2019, 3:41pm

Hello @romankh3,

In case you are customer, it might be better to create a support ticket for the issue. [info]

Best regards,
Yana

system · January 30, 2024, 11:53am