Add WebFlux CSRF Protection
Fixes gh-4734
This commit is contained in:
@@ -55,6 +55,7 @@ import java.nio.charset.StandardCharsets;
|
||||
import java.security.Principal;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
|
||||
import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
|
||||
import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
|
||||
|
||||
@@ -213,6 +214,7 @@ public class EnableWebFluxSecurityTests {
|
||||
data.add("username", "user");
|
||||
data.add("password", "password");
|
||||
client
|
||||
.mutateWith(csrf())
|
||||
.post()
|
||||
.uri("/login")
|
||||
.body(BodyInserters.fromFormData(data))
|
||||
|
||||
@@ -32,6 +32,7 @@ public class AuthorizeExchangeBuilderTests {
|
||||
@Test
|
||||
public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
|
||||
this.http
|
||||
.csrf().disable()
|
||||
.authorizeExchange()
|
||||
.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll()
|
||||
.anyExchange().permitAll();
|
||||
@@ -63,6 +64,7 @@ public class AuthorizeExchangeBuilderTests {
|
||||
@Test
|
||||
public void antMatchersWhenPatternsThenAnyMethod() {
|
||||
this.http
|
||||
.csrf().disable()
|
||||
.authorizeExchange()
|
||||
.pathMatchers("/a", "/b").denyAll()
|
||||
.anyExchange().permitAll();
|
||||
|
||||
Reference in New Issue
Block a user