Index: core-module/src/main/java/egovframework/com/ext/jstree/support/security/controller/SecurityController.java =================================================================== diff -u -rcda948dac69b47bc140da3151ee29d61adbf06af -r5029b84ee1b548164c6a131285a05fa90a9486a9 --- core-module/src/main/java/egovframework/com/ext/jstree/support/security/controller/SecurityController.java (.../SecurityController.java) (revision cda948dac69b47bc140da3151ee29d61adbf06af) +++ core-module/src/main/java/egovframework/com/ext/jstree/support/security/controller/SecurityController.java (.../SecurityController.java) (revision 5029b84ee1b548164c6a131285a05fa90a9486a9) @@ -1,6 +1,8 @@ package egovframework.com.ext.jstree.support.security.controller; import egovframework.com.ext.jstree.support.mvc.GenericAbstractController; +import org.springframework.security.web.csrf.CsrfToken; +import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; @@ -14,6 +16,8 @@ @RequestMapping(value = {"/api/jsTreeServiceFramework/security"}) public class SecurityController extends GenericAbstractController { + public static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); + @RequestMapping("/csrf.do") public String jsTreeCSRFtoJson() { return "egovframework/com/ext/jstree/csrf"; @@ -27,8 +31,10 @@ token = request.getHeader("X-CSRF-TOKEN"); } + CsrfToken sessionToken = (CsrfToken) request.getSession().getAttribute(DEFAULT_CSRF_TOKEN_ATTR_NAME); + ModelAndView modelAndView = new ModelAndView("jsonView"); - modelAndView.addObject("result", token); + modelAndView.addObject("result", sessionToken.getToken().toString()); return modelAndView; }