CsrfTokenRequestHandler extends CsrfTokenRequestResolver
Closes gh-11896
This commit is contained in:
@@ -33,7 +33,7 @@ import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRequestProcessor;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepositoryRequestHandler;
|
||||
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.LazyCsrfTokenRepository;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
@@ -85,7 +85,7 @@ public class DeferHttpSessionJavaConfigTests {
|
||||
csrfRepository.setDeferLoadToken(true);
|
||||
HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
|
||||
requestCache.setMatchingRequestParameterName("continue");
|
||||
CsrfTokenRequestProcessor requestHandler = new CsrfTokenRequestProcessor();
|
||||
CsrfTokenRepositoryRequestHandler requestHandler = new CsrfTokenRepositoryRequestHandler();
|
||||
requestHandler.setCsrfRequestAttributeName("_csrf");
|
||||
// @formatter:off
|
||||
http
|
||||
|
||||
@@ -44,7 +44,7 @@ import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRequestProcessor;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepositoryRequestHandler;
|
||||
import org.springframework.security.web.csrf.DefaultCsrfToken;
|
||||
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
@@ -422,8 +422,7 @@ public class CsrfConfigurerTests {
|
||||
CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class);
|
||||
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
|
||||
given(csrfTokenRepository.generateToken(any(HttpServletRequest.class))).willReturn(csrfToken);
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR = new CsrfTokenRequestProcessor();
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR.setTokenRepository(csrfTokenRepository);
|
||||
CsrfTokenRequestProcessorConfig.HANDLER = new CsrfTokenRepositoryRequestHandler(csrfTokenRepository);
|
||||
this.spring.register(CsrfTokenRequestProcessorConfig.class, BasicController.class).autowire();
|
||||
this.mvc.perform(get("/login")).andExpect(status().isOk())
|
||||
.andExpect(content().string(containsString(csrfToken.getToken())));
|
||||
@@ -440,8 +439,7 @@ public class CsrfConfigurerTests {
|
||||
CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class);
|
||||
given(csrfTokenRepository.loadToken(any(HttpServletRequest.class))).willReturn(null, csrfToken);
|
||||
given(csrfTokenRepository.generateToken(any(HttpServletRequest.class))).willReturn(csrfToken);
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR = new CsrfTokenRequestProcessor();
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR.setTokenRepository(csrfTokenRepository);
|
||||
CsrfTokenRequestProcessorConfig.HANDLER = new CsrfTokenRepositoryRequestHandler(csrfTokenRepository);
|
||||
|
||||
this.spring.register(CsrfTokenRequestProcessorConfig.class, BasicController.class).autowire();
|
||||
// @formatter:off
|
||||
@@ -803,7 +801,7 @@ public class CsrfConfigurerTests {
|
||||
@EnableWebSecurity
|
||||
static class CsrfTokenRequestProcessorConfig {
|
||||
|
||||
static CsrfTokenRequestProcessor PROCESSOR;
|
||||
static CsrfTokenRepositoryRequestHandler HANDLER;
|
||||
|
||||
@Bean
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
@@ -813,10 +811,7 @@ public class CsrfConfigurerTests {
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.csrf((csrf) -> csrf
|
||||
.csrfTokenRequestHandler(PROCESSOR)
|
||||
.csrfTokenRequestResolver(PROCESSOR)
|
||||
);
|
||||
.csrf((csrf) -> csrf.csrfTokenRequestHandler(HANDLER));
|
||||
// @formatter:on
|
||||
|
||||
return http.build();
|
||||
|
||||
Reference in New Issue
Block a user