Skip to Content

X-CSRF-Token logic implementation for Java application


We have developed common utilities functionality in Java application having few RESTful web services and now planning to implement X-CSRF-Token implementation to make it REST webservices more secured.

I found some information at

but some how as per the instruction given in this link is not working.

Could you please provide some Java example to generate csrf token and to consume it from UI5 application ?


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Posted on Dec 01, 2017 at 01:45 AM

    Hello, Ashutosh.To pass CSRF as a parameter by using Ajax. My solution is base on JQuery. thanks

        function getCookie(c_name) {
            if(document.cookie.length > 0) {
                c_start = document.cookie.indexOf(c_name + "=");
                if(c_start != -1) {
                    c_start = c_start + c_name.length + 1;
                    c_end = document.cookie.indexOf(";", c_start);
                    if(c_end == -1) c_end = document.cookie.length;
                    return unescape(document.cookie.substring(c_start,c_end));
            return "";
        $(function () {
                headers: {
                    "X-CSRFToken": getCookie("csrftoken")

    it is being fetched from the request header at the server side.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 01, 2017 at 06:59 AM

    Hello Richard,

    Thank you for your quick response.

    Could you please provide some Java example to generate csrf token and to consume it from UI5 application?

    Best regards,

    Ashutosh Bharambe

    Add a comment
    10|10000 characters needed characters exceeded

    • Hello, Ashutosh. I would like to show you a simple example how Java generate a Token. Actually, Tokens are created base on your business requirement.

       import java.util.Calendar;
       import java.util.Date;
       import java.util.HashMap;
       import java.util.Map;
       import java.util.Map.Entry;
       import java.util.concurrent.Executors;
       import java.util.concurrent.ScheduledExecutorService;
       import java.util.concurrent.TimeUnit;
       import org.apache.log4j.Logger;
       public class TokenUtil {
             private static final String YAN = "testMRf1$789787aadfjkds//*-+'[]jfeu;384785*^*&%^%$%";
      private static Map<Integer, Token> tokenMap = new HashMap<Integer, Token>();
       	public static void main(String[] args) {
               System.out.println(generateToken( "s",1));
      	public static Token generateToken(String uniq,int id) {
                Token token = new Token(MD5(System.currentTimeMillis()+YAN+uniq+id), System.currentTimeMillis());
                synchronized (tokenMap) {
                    tokenMap.put(id, token);
                return token;
      	public final static String MD5(String s) {
              try {
                  byte[] btInput = s.getBytes();
                  MessageDigest mdInst = MessageDigest.getInstance("MD5");
                  return byte2hex(mdInst.digest());
              } catch (Exception e) {
                  return null;
          private static String byte2hex(byte[] b) {
              StringBuilder sbDes = new StringBuilder();
              String tmp = null;
              for (int i = 0; i < b.length; i++) {
                  tmp = (Integer.toHexString(b[i] & 0xFF));
                  if (tmp.length() == 1) {
              return sbDes.toString();

      After the token created, All you have to do is provide restful web service so that the frontend are able to get this token by using Javascript and storage the token in browser localstorage or sessionstorage. thanks.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.