This recipe talks about a security flaw that is extremely easy to mitigate, but unfortunately, there are many companies that still do not pay attention to this problem. That's about Cross-Site Request Forgery (CSRF) attacks, which allow anybody to inject a forged authorization code to compromise the Resource Owner's resources. This recipe shows the importance of state parameters when using the Authorization Code grant type (although it's also important when using the Implicit grant type).
To run this recipe, you will need Java 8, Maven, Spring Web, and Spring Security. If you want to run the examples to explore how to simulate an attack, you have to install Firefox and the NoRedirect
add-on. To ease the project creation step, use Spring Initializr at http://start.spring.io/.