added doc how to use CSRF

Author: sterlp

README.md

@@ -306,6 +306,23 @@ public class ExampleApplication {
 
 ![History](screenshots/history-screen.png)
 
+## Spring Boot CSRF config for the UI
+
+Axios should work with the following spring config out of the box with csrf:
+
+```java
+@Bean
+SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    http
+        .httpBasic(org.springframework.security.config.Customizer.withDefaults())
+        .csrf(c -> 
+            c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+             .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+        );
+    return http.build();
+}
+```
+
 # Alternatives
 
 -   quartz

example/README.md

@@ -0,0 +1,5 @@
+# UI login
+
+-   url: http://localhost:8080/task-ui
+-   user: admin
+-   password: admin

example/pom.xml

@@ -37,6 +37,11 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>uk.co.jemos.podam</groupId>
             <artifactId>podam</artifactId>

example/src/main/java/org/sterl/spring/example_app/ExampleApplication.java

@@ -8,6 +8,15 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.web.config.EnableSpringDataWebSupport;
 import org.springframework.data.web.config.EnableSpringDataWebSupport.PageSerializationMode;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.transaction.support.TransactionTemplate;
 import org.sterl.spring.persistent_tasks.EnableSpringPersistentTasks;
 import org.sterl.spring.persistent_tasks.scheduler.SchedulerService;
@@ -16,6 +25,7 @@
 import org.sterl.spring.persistent_tasks.trigger.TriggerService;
 import org.sterl.spring.persistent_tasks_ui.EnableSpringPersistentTasksUI;
 
+@EnableWebSecurity
 @SpringBootApplication
 @EnableSpringPersistentTasks
 @EnableSpringPersistentTasksUI
@@ -53,4 +63,25 @@ SchedulerService schedulerB(
         return new SchedulerService("schedulerB", triggerService, 
                 new TaskExecutorComponent(triggerService, 7), editSchedulerStatus, trx);
     }
+    
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+            .httpBasic(org.springframework.security.config.Customizer.withDefaults())
+            .csrf(c -> 
+                c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                 .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+            );
+        return http.build();
+    }
+    
+    @Bean
+    UserDetailsService users() {
+        UserDetails admin = User.builder()
+            .username("admin")
+            .password("admin")
+            .roles("ADMIN")
+            .build();
+        return new InMemoryUserDetailsManager(admin);
+    }
 }