1
00:00:00,180 --> 00:00:06,689
In the previous video, we looked at how to resolve a CSR official by disabling and deadly insider Web

2
00:00:06,689 --> 00:00:14,680
application, but in this video, let's try to explore how to handle CSR properly by generating a CSR

3
00:00:14,850 --> 00:00:22,680
token on the backend and maintain the same, by the way, for further communications between the front

4
00:00:22,680 --> 00:00:23,310
end and back.

5
00:00:23,550 --> 00:00:27,660
For the same, let's go to the same place where we disable the CSR.

6
00:00:27,660 --> 00:00:37,260
If are disabled, called the SRF token repository and CSR token repository will accept any implementation

7
00:00:37,590 --> 00:00:45,720
that generator CSR of tokens and pass on to the UI through cookies or any of that approach.

8
00:00:45,930 --> 00:00:55,230
So in this scenario, I will try to take CSR one repository, which is an implementation provided by

9
00:00:55,230 --> 00:00:56,190
spring security.

10
00:00:56,200 --> 00:00:56,880
By default.

11
00:00:57,060 --> 00:01:05,610
We can go and see inside this bus here by default, CSR Goken will be generated and will be passed on

12
00:01:05,610 --> 00:01:11,450
to the UI under the name axis of hyphen token.

13
00:01:11,730 --> 00:01:19,590
Now we have made CSR configurations on the back and say to generate a token every time a first request

14
00:01:19,590 --> 00:01:28,110
is coming from the UI application with its GDP, only Folt will make sure that token or cookie can be

15
00:01:28,350 --> 00:01:30,960
read by our UI application.

16
00:01:30,990 --> 00:01:38,010
That's where we can configure sample token repository followed by unmetered, since we want to maintain

17
00:01:38,010 --> 00:01:40,780
these configurations also by doing security.

18
00:01:40,980 --> 00:01:46,890
Now we are set on the backend, but on the Frinton application also, we should make sure that we are

19
00:01:46,890 --> 00:01:55,740
capturing this token and parsing every time to the backend so that all my board delete are state.

20
00:01:55,770 --> 00:02:03,240
Changing operations will be successfully as long as the tokens are same, which are being maintained

21
00:02:03,240 --> 00:02:07,450
by both you and the back button and go to the front, end quote.

22
00:02:07,890 --> 00:02:14,340
You can see login that component Barbas, which will call my login service to perform the login operation.

23
00:02:14,580 --> 00:02:20,270
Once I get the response, I'm saving the user details inside the sition storage.

24
00:02:20,550 --> 00:02:29,460
Similarly, before navigating to the dashboard, I feel the conduct is received from the backend inside

25
00:02:29,460 --> 00:02:36,510
a variable called of hyphen, token, industrial and storage of my application.

26
00:02:36,660 --> 00:02:42,180
Further, I just have to call the get cookie, which is a utility method that I have written.

27
00:02:42,390 --> 00:02:49,580
It will look for the cookie with the name given for the matter and pass the value inside that cookie.

28
00:02:49,800 --> 00:02:57,720
So once I have that value, I will store inside my sition storage with the same name and its corresponding

29
00:02:57,720 --> 00:02:58,090
value.

30
00:02:58,590 --> 00:03:06,960
With this we are saving, but the next step is we should make sure we are passing the same token for

31
00:03:06,960 --> 00:03:09,240
all the for the request for that.

32
00:03:09,420 --> 00:03:14,430
We can make changes inside our interceptor class and we discuss.

33
00:03:14,580 --> 00:03:22,350
Interceptor has a method called intercept, which will be called every time by ANGULAR when we are sending

34
00:03:22,350 --> 00:03:26,730
a request to a package service inside this intercept method.

35
00:03:27,090 --> 00:03:34,140
Let's try to fix the exercise of token that we already stored in the kitchen storage every time and

36
00:03:34,140 --> 00:03:41,460
passes that value inside their value so that the same value will be passed on to the back end.

37
00:03:41,460 --> 00:03:47,130
Also, since the tokens will be same both on the front end and back in during the communications that

38
00:03:47,130 --> 00:03:51,530
are happening, the server also will not complain anything.

39
00:03:51,720 --> 00:04:00,270
Now I just pulling the value from position storage and I add in the headers with the header name hyphen

40
00:04:00,270 --> 00:04:05,430
Exocet of hyphen token, which is expected from the spring security.

41
00:04:05,790 --> 00:04:09,900
Now we make changes both on the front end and back.

42
00:04:09,900 --> 00:04:15,990
And I'll also keep a breakpoint for your reference, so that we can see what is happening when we are

43
00:04:15,990 --> 00:04:22,890
performing it, logging of the application and any further requests are going through the application.

44
00:04:23,340 --> 00:04:25,950
So I'm just launching the browser very first time.

45
00:04:25,950 --> 00:04:32,280
I'm just entering the credentials and it will be intercepted by my interceptor since this is making

46
00:04:32,280 --> 00:04:36,840
a get request to the back end to validate the user details.

47
00:04:36,960 --> 00:04:42,660
And since this is going very first time to the back and our accessories will be null and they won't

48
00:04:42,660 --> 00:04:43,890
be any harder at it.

49
00:04:44,040 --> 00:04:50,970
Now, I got a response from the back end and we can see there is a cookie that we received and the value

50
00:04:50,970 --> 00:04:59,550
inside that is this value which and displaying it starts with B nine four and now I'm storing that data

51
00:04:59,550 --> 00:04:59,910
inside.

52
00:04:59,980 --> 00:05:01,210
Mentioned storage.

53
00:05:01,390 --> 00:05:04,560
If you go to the browser now, we are into the dashboard.

54
00:05:05,410 --> 00:05:12,820
Now, if I click on this balance or loans, any of these sections, I should get a valid response.

55
00:05:13,230 --> 00:05:18,890
We are passing the acquisitive token again and again for every request that is happening.

56
00:05:19,240 --> 00:05:22,710
So now there is a breakpoint stopped here.

57
00:05:22,960 --> 00:05:29,620
And since the request has been intercepted, it will try to look for the same Exocet of value that we

58
00:05:29,620 --> 00:05:35,230
store previously and it will add to the headers since this is going to the back end with the reality

59
00:05:35,230 --> 00:05:39,300
of sort of GOKEN, we should get the response from the back.

60
00:05:39,580 --> 00:05:45,040
Similarly, if you go and look for balance, also, we should get the response.

61
00:05:45,100 --> 00:05:46,980
The same applies for cards as well.

62
00:05:47,470 --> 00:05:54,130
And you can see all the communication with the back end is happening seamlessly because now we handle

63
00:05:54,130 --> 00:05:58,830
the CSIRO in a proper manner by generating its CSR.

64
00:05:59,590 --> 00:06:02,580
But now let's try to test the remaining services.

65
00:06:02,590 --> 00:06:11,590
Also, like I have a contact us and notices so notices again, it is calling the database using a method

66
00:06:11,740 --> 00:06:16,240
and try to fetch all the notices associated in the database.

67
00:06:16,390 --> 00:06:19,090
And all those notices are being displayed here.

68
00:06:19,480 --> 00:06:23,220
But if you go and click the contact us, this is a put request.

69
00:06:23,350 --> 00:06:32,140
And since this is there is no security alert for this contact, but we are free to access it even without

70
00:06:32,140 --> 00:06:32,640
logging it.

71
00:06:32,830 --> 00:06:38,740
So I'm just making and contact message to the bank by entering some details.

72
00:06:38,920 --> 00:06:46,450
Name is Materne emails and all the read Yahoo dot com.

73
00:06:47,740 --> 00:06:52,530
Please connect with me regarding home.

74
00:06:52,930 --> 00:06:53,320
No.

75
00:06:53,470 --> 00:06:58,060
OK, so as soon as I click send message, nothing is happening.

76
00:06:58,210 --> 00:07:02,130
And if you go and see again we are getting it for error.

77
00:07:02,500 --> 00:07:04,610
Let's try to look into that in the next.

78
00:07:04,960 --> 00:07:05,440
Thank you.

79
00:07:05,440 --> 00:07:05,800
And by.