Use js.cookie

Author: Dave Syer

README.adoc

@@ -20,7 +20,7 @@ self-hosted OAuth2 Authorization Server with a choice of
 authentication providers (https://developers.facebook.com[Facebook] or
 https://developer.github.com/[Github]). The samples are all
 single-page apps using Spring Boot and Spring OAuth on the back
-end. They also all use https://angularjs.org/[AngularJS] on the front
+end. They also all use plain https://jquery.org/[jQuery] on the front
 end, but the changes needed to convert to a different JavaScript
 framework or to use server side rendering would be minimal.
 

logout/README.adoc

@@ -95,35 +95,34 @@ protected void configure(HttpSecurity http) throws Exception {
 == Adding the CSRF Token in the Client
 
 Since we are not using a higher level framework in this sample, we
-need to explicitly add the CSRF token, which is available as a cookie. The code is simple, if a bit long winded:
+need to explicitly add the CSRF token, which we made available as a
+cookie from the backend. To make the code a bit simpler, we include an
+additional library:
+
+.pom.xml
+[source,xml]
+----
+<dependency>
+ <groupId>org.webjars</groupId>
+ <artifactId>js-cookie</artifactId>
+ <version>2.1.0</version>
+</dependency>
+----
+
+then we can use `Cookies` convenience methods in xhr:
 
 .index.html
+[source,html]
 ----
 $.ajaxSetup({
 beforeSend : function(xhr, settings) {
  if (settings.type == 'POST' || settings.type == 'PUT'
  || settings.type == 'DELETE') {
- function getCookie(name) {
- var cookieValue = null;
- if (document.cookie && document.cookie != '') {
- var cookies = document.cookie.split(';');
- for (var i = 0; i < cookies.length; i++) {
- var cookie = jQuery.trim(cookies[i]);
- // Does this cookie string begin with the name we want?
- if (cookie.substring(0, name.length + 1) == (name + '=')) {
- cookieValue = decodeURIComponent(cookie
- .substring(name.length + 1));
- break;
- }
- }
- }
- return cookieValue;
- }
  if (!(/^http:.*/.test(settings.url) || /^https:.*/
  .test(settings.url))) {
  // Only send the token to relative URLs i.e. locally.
  xhr.setRequestHeader("X-XSRF-TOKEN",
- getCookie('XSRF-TOKEN'));
+ Cookies.get('XSRF-TOKEN'));
  }
  }
 }

logout/pom.xml

@@ -1,79 +1,79 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-<modelVersion>4.0.0</modelVersion>
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
 
-<groupId>com.example</groupId>
-<artifactId>social-logout</artifactId>
-<version>0.0.1-SNAPSHOT</version>
-<packaging>jar</packaging>
+ <groupId>com.example</groupId>
+ <artifactId>social-logout</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>jar</packaging>
 
-<name>social-logout</name>
-<description>Demo project for Spring Boot</description>
+ <name>social-logout</name>
+ <description>Demo project for Spring Boot</description>
 
-<parent>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-starter-parent</artifactId>
-<version>1.5.2.RELEASE</version>
-<relativePath /> <!-- lookup parent from repository -->
-</parent>
+ <parent>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-parent</artifactId>
+ <version>1.5.2.RELEASE</version>
+ <relativePath /> <!-- lookup parent from repository -->
+ </parent>
 
-<properties>
-<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-<java.version>1.8</java.version>
-</properties>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <java.version>1.8</java.version>
+ </properties>
 
-<dependencies>
-<dependency>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-starter-actuator</artifactId>
-</dependency>
-<dependency>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-starter-security</artifactId>
-</dependency>
-<dependency>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-starter-web</artifactId>
-</dependency>
-<dependency>
-<groupId>org.springframework.security.oauth</groupId>
-<artifactId>spring-security-oauth2</artifactId>
-</dependency>
-<dependency>
-<groupId>org.webjars</groupId>
-<artifactId>angularjs</artifactId>
-<version>1.4.3</version>
-</dependency>
-<dependency>
-<groupId>org.webjars</groupId>
-<artifactId>jquery</artifactId>
-<version>2.1.1</version>
-</dependency>
-<dependency>
-<groupId>org.webjars</groupId>
-<artifactId>bootstrap</artifactId>
-<version>3.2.0</version>
-</dependency>
-<dependency>
-<groupId>org.webjars</groupId>
-<artifactId>webjars-locator</artifactId>
-</dependency>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-actuator</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security.oauth</groupId>
+ <artifactId>spring-security-oauth2</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.webjars</groupId>
+ <artifactId>js-cookie</artifactId>
+ <version>2.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.webjars</groupId>
+ <artifactId>jquery</artifactId>
+ <version>2.1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.webjars</groupId>
+ <artifactId>bootstrap</artifactId>
+ <version>3.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.webjars</groupId>
+ <artifactId>webjars-locator</artifactId>
+ </dependency>
 
-<dependency>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-starter-test</artifactId>
-<scope>test</scope>
-</dependency>
-</dependencies>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
 
-<build>
-<plugins>
-<plugin>
-<groupId>org.springframework.boot</groupId>
-<artifactId>spring-boot-maven-plugin</artifactId>
-</plugin>
-</plugins>
-</build>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
 
 </project>

logout/src/main/resources/static/index.html

@@ -24,33 +24,19 @@ <h1>Login</h1>
  <button onClick="logout()" class="btn btn-primary">Logout</button>
  </div>
  </div>
+ <script type="text/javascript"
+ src="/webjars/js-cookie/js.cookie.js"></script>
  <script type="text/javascript">
  $
  .ajaxSetup({
  beforeSend : function(xhr, settings) {
  if (settings.type == 'POST' || settings.type == 'PUT'
  || settings.type == 'DELETE') {
- function getCookie(name) {
- var cookieValue = null;
- if (document.cookie && document.cookie != '') {
- var cookies = document.cookie.split(';');
- for (var i = 0; i < cookies.length; i++) {
- var cookie = jQuery.trim(cookies[i]);
- // Does this cookie string begin with the name we want?
- if (cookie.substring(0, name.length + 1) == (name + '=')) {
- cookieValue = decodeURIComponent(cookie
- .substring(name.length + 1));
- break;
- }
- }
- }
- return cookieValue;
- }
  if (!(/^http:.*/.test(settings.url) || /^https:.*/
  .test(settings.url))) {
  // Only send the token to relative URLs i.e. locally.
  xhr.setRequestHeader("X-XSRF-TOKEN",
- getCookie('XSRF-TOKEN'));
+ Cookies.get('XSRF-TOKEN'));
  }
  }
  }