Allow maximum age of csrf cookie to be configured

Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.

Prior to this commit, maximum age was set with a value of -1.

After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.

An IllegalArgumentException will be thrown when
this value is set to zero.

Closes gh-9195
This commit is contained in:
Serdar Kuzucu
2020-11-08 20:21:38 +03:00
committed by Rob Winch
parent 90b48554e4
commit 76e117a67a
2 changed files with 44 additions and 1 deletions

View File

@@ -190,6 +190,16 @@ public class CookieCsrfTokenRepositoryTests {
assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
}
@Test
public void saveTokenWithCookieMaxAge() {
int maxAge = 1200;
this.repository.setCookieMaxAge(maxAge);
CsrfToken token = this.repository.generateToken(this.request);
this.repository.saveToken(token, this.request, this.response);
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
assertThat(tokenCookie.getMaxAge()).isEqualTo(maxAge);
}
@Test
public void loadTokenNoCookiesNull() {
assertThat(this.repository.loadToken(this.request)).isNull();
@@ -251,4 +261,9 @@ public class CookieCsrfTokenRepositoryTests {
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null));
}
@Test
public void setCookieMaxAgeZeroIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0));
}
}