diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 36b1cefd37..206ebae495 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -399,9 +399,9 @@ public class ServerHttpSecurity { return this; } - public CsrfSpec serverCsrfTokenRepository( - ServerCsrfTokenRepository serverCsrfTokenRepository) { - this.filter.setServerCsrfTokenRepository(serverCsrfTokenRepository); + public CsrfSpec csrfTokenRepository( + ServerCsrfTokenRepository csrfTokenRepository) { + this.filter.setCsrfTokenRepository(csrfTokenRepository); return this; } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java index 77c390dd25..ab8e748339 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java @@ -55,7 +55,7 @@ public class CsrfWebFilter implements WebFilter { private ServerWebExchangeMatcher requireCsrfProtectionMatcher = new DefaultRequireCsrfProtectionMatcher(); - private ServerCsrfTokenRepository serverCsrfTokenRepository = new WebSessionServerCsrfTokenRepository(); + private ServerCsrfTokenRepository csrfTokenRepository = new WebSessionServerCsrfTokenRepository(); private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN); @@ -65,10 +65,10 @@ public class CsrfWebFilter implements WebFilter { this.accessDeniedHandler = accessDeniedHandler; } - public void setServerCsrfTokenRepository( - ServerCsrfTokenRepository serverCsrfTokenRepository) { - Assert.notNull(serverCsrfTokenRepository, "serverCsrfTokenRepository cannot be null"); - this.serverCsrfTokenRepository = serverCsrfTokenRepository; + public void setCsrfTokenRepository( + ServerCsrfTokenRepository csrfTokenRepository) { + Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null"); + this.csrfTokenRepository = csrfTokenRepository; } public void setRequireCsrfProtectionMatcher( @@ -90,7 +90,7 @@ public class CsrfWebFilter implements WebFilter { } private Mono validateToken(ServerWebExchange exchange) { - return this.serverCsrfTokenRepository.loadToken(exchange) + return this.csrfTokenRepository.loadToken(exchange) .switchIfEmpty(Mono.error(new CsrfException("CSRF Token has been associated to this client"))) .filterWhen(expected -> containsValidCsrfToken(exchange, expected)) .switchIfEmpty(Mono.error(new CsrfException("Invalid CSRF Token"))) @@ -113,13 +113,13 @@ public class CsrfWebFilter implements WebFilter { } private Mono csrfToken(ServerWebExchange exchange) { - return this.serverCsrfTokenRepository.loadToken(exchange) + return this.csrfTokenRepository.loadToken(exchange) .switchIfEmpty(generateToken(exchange)); } private Mono generateToken(ServerWebExchange exchange) { - return this.serverCsrfTokenRepository.generateToken(exchange) - .flatMap(token -> this.serverCsrfTokenRepository.saveToken(exchange, token)); + return this.csrfTokenRepository.generateToken(exchange) + .flatMap(token -> this.csrfTokenRepository.saveToken(exchange, token)); } private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher { diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java index 1908c7143f..e033992774 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java @@ -86,7 +86,7 @@ public class CsrfWebFilterTests { @Test public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() { - this.csrfFilter.setServerCsrfTokenRepository(this.repository); + this.csrfFilter.setCsrfTokenRepository(this.repository); when(this.repository.loadToken(any())) .thenReturn(Mono.just(this.token)); when(this.repository.generateToken(any())) @@ -103,7 +103,7 @@ public class CsrfWebFilterTests { @Test public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamInvalidTokenThenCsrfException() { - this.csrfFilter.setServerCsrfTokenRepository(this.repository); + this.csrfFilter.setCsrfTokenRepository(this.repository); when(this.repository.loadToken(any())) .thenReturn(Mono.just(this.token)); when(this.repository.generateToken(any())) @@ -124,7 +124,7 @@ public class CsrfWebFilterTests { PublisherProbe chainResult = PublisherProbe.empty(); when(this.chain.filter(any())).thenReturn(chainResult.mono()); - this.csrfFilter.setServerCsrfTokenRepository(this.repository); + this.csrfFilter.setCsrfTokenRepository(this.repository); when(this.repository.loadToken(any())) .thenReturn(Mono.just(this.token)); when(this.repository.generateToken(any())) @@ -143,7 +143,7 @@ public class CsrfWebFilterTests { @Test public void filterWhenPostAndEstablishedCsrfTokenAndHeaderInvalidTokenThenCsrfException() { - this.csrfFilter.setServerCsrfTokenRepository(this.repository); + this.csrfFilter.setCsrfTokenRepository(this.repository); when(this.repository.loadToken(any())) .thenReturn(Mono.just(this.token)); when(this.repository.generateToken(any())) @@ -164,7 +164,7 @@ public class CsrfWebFilterTests { PublisherProbe chainResult = PublisherProbe.empty(); when(this.chain.filter(any())).thenReturn(chainResult.mono()); - this.csrfFilter.setServerCsrfTokenRepository(this.repository); + this.csrfFilter.setCsrfTokenRepository(this.repository); when(this.repository.loadToken(any())) .thenReturn(Mono.just(this.token)); when(this.repository.generateToken(any()))