VOOZH about

URL: https://www.geeksforgeeks.org/advance-java/csrf-protection-in-spring-security/

⇱ CSRF Protection in Spring Security - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

CSRF Protection in Spring Security

Last Updated : 4 May, 2026

CSRF (Cross-Site Request Forgery) protection in Spring Security prevents unauthorized actions performed on behalf of authenticated users. It ensures that every state-changing request is verified as coming from a trusted source. This mechanism strengthens application security by validating user intent.

  • Prevents unauthorized requests by validating a CSRF token in each state-changing operation.
  • Uses secure token mechanism (generation, storage, and validation) to verify request authenticity.
  • Enabled by default in Spring Security, especially for web applications handling form submissions

Example: We can implement the CSRF Token generation from the server side and it can be embedded into the client-side form to validate the CSRF tokens can access the server. In Implementation, we can prevent the authenticated attackers from the unknown domains.

CSRF Token Generation:

Embedded with Client-side forms:

Core Concepts of CSRF Protection

  • CSRF Attack : An attacker tricks an authenticated user into sending unwanted requests to a web application.
  • CSRF Token : A unique secret value added to each request to verify it originates from a trusted source.
  • CSRF Token Repository : Stores and manages CSRF tokens on the server side (e.g., session or cookies).
  • CSRF Token Generation : Creates a secure, random token for each user session or request.
  • CSRF Token Validation : Verifies the token in incoming requests before allowing the operation.

Step by Step Implementation of CSRF Protection in Spring Security

Below are the steps to implement a simple user login management system and we will add CSRF protection into the application.

Step 1: Create Project

Create the spring project using Spring Initializer on creating the project add the below dependencies into the project.

Dependencies

  • Spring Web
  • Spring Security
  • Spring data for mongodb
  • Thymeleaf
  • Lombok
  • Spring Dev Tools

Once created the project, then the file structure looks like the below image.

File Structure:👁 Project Structure

Step 2: Provide Configuration

Open the application.properties file, it will be located in resource folder then the put the below code for the mongodb database configuration and server assigning to the server.

server.port=8081
spring.data.mongodb.uri=mongodb://localhost:27017/user-data

Step 3: Create Model Class

Create the new package and it named as model and create the new Java class in that package named as User.

  • Go to src -> csrfdemo -> model -> User and put the below code.

Step 4: Create Repository

Create the new package and it named as repository and create the new java interface in that package named as UserRepository.

  • Go to src -> csrfdemo -> repository -> UserRepository and put the below code.

Step 5: Create Config Class

Create the new package named as csrfConfig and create the new Java class in that package named as AppConfig.

  • Go to src -> csrfdemo -> csrfConfig -> AppConfig and put the below code.

Step 6: Create Controller

Create the new package and it named as controller and create the new java class in that package named as UserController.

  • Go to src -> csrfdemo -> controller -> UserController and put the below code.

Step 7: Create Main Class

Open the main class and put the below code.

Note: No need any changes into the main class.

Step 8: Create login.html file

Create the html file and named as login.html and it can be saved as the templates folder.

  • Go to src -> resources -> templates -> login.html and put the below html code.

Step 9: Create signup.html file

Create the html file and named as signup.html and it can be saved as the templates folder.

  • Go to src -> resources -> templates -> signup.html and put the below html code.

Step 10: dashboard.html file

Create the html file and named as dashboard.html and it can be saved as the templates folder.

  • Go to src -> resources -> templates -> dashboard.html and put the below html code.

Step 11: Run project

Once the completed the spring project, and it runs as the spring project then it will run on the port 8081.

👁 Spring Boot Project Started

SignUp Page:

👁 Sign-Up Page

Login Page:

👁 Login Page

Dashboard:

👁 Dashboard

Explanation: The above project demonstrates CSRF protection in Spring Security. It generates a CSRF token in the security configuration and embeds it within forms for verification. When a client sends a request, the server validates the CSRF token to ensure the request is legitimate. If the token is valid, access is granted; otherwise, the request is rejected.

Comment

Explore