SEC-2352: HttpSessionCsrfTokenRepository lazy session creation

This commit is contained in:
kazuki43zoo
2013-10-06 00:12:50 +09:00
committed by Rob Winch
parent 5f10d84bf5
commit 611a97023d
2 changed files with 26 additions and 4 deletions

View File

@@ -67,6 +67,13 @@ public class HttpSessionCsrfTokenRepositoryTests {
@Test
public void loadTokenNull() {
assertThat(repo.loadToken(request)).isNull();
assertThat(request.getSession(false)).isNull();
}
@Test
public void loadTokenNullWhenSessionExists() {
request.getSession();
assertThat(repo.loadToken(request)).isNull();
}
@Test
@@ -105,6 +112,14 @@ public class HttpSessionCsrfTokenRepositoryTests {
.isFalse();
}
@Test
public void saveTokenNullTokenWhenSessionNotExists() {
repo.saveToken(null, request, response);
assertThat(request.getSession(false)).isNull();
}
@Test(expected = IllegalArgumentException.class)
public void setSessionAttributeNameEmpty() {
repo.setSessionAttributeName("");