diff --git a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java index b42281dda0..35c14c4f43 100644 --- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java +++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java @@ -21,7 +21,7 @@ import javax.servlet.Filter; import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.NoSuchBeanDefinitionException; -import org.springframework.security.web.FilterChainProxy; +import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextPersistenceFilter; import org.springframework.security.web.context.SecurityContextRepository; @@ -98,8 +98,7 @@ public abstract class WebTestUtils { } /** - * Sets the {@link CsrfTokenRepository} for the specified - * {@link HttpServletRequest}. + * Sets the {@link CsrfTokenRepository} for the specified {@link HttpServletRequest}. * * @param request the {@link HttpServletRequest} to obtain the * {@link CsrfTokenRepository} @@ -121,17 +120,17 @@ public abstract class WebTestUtils { if (webApplicationContext == null) { return null; } - FilterChainProxy springSecurityFilterChain = null; + Filter springSecurityFilterChain = null; try { - springSecurityFilterChain = webApplicationContext - .getBean(FilterChainProxy.class); + springSecurityFilterChain = webApplicationContext.getBean( + AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME, Filter.class); } catch (NoSuchBeanDefinitionException notFound) { return null; } List filters = (List) ReflectionTestUtils.invokeMethod( springSecurityFilterChain, "getFilters", request); - if(filters == null) { + if (filters == null) { return null; } for (Filter filter : filters) { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java new file mode 100644 index 0000000000..40d66c3243 --- /dev/null +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java @@ -0,0 +1,69 @@ +/* + * Copyright 2002-2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.test.web.servlet.request; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.test.web.support.WebTestUtils; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; +import org.springframework.security.web.csrf.CsrfTokenRepository; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.WebApplicationContext; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration +@WebAppConfiguration +public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests { + + @Autowired + private WebApplicationContext wac; + + // SEC-3836 + @Test + public void findCookieCsrfTokenRepository() throws Exception { + MockHttpServletRequest request = post("/").buildRequest(wac.getServletContext()); + CsrfTokenRepository csrfTokenRepository = WebTestUtils.getCsrfTokenRepository(request); + assertThat(csrfTokenRepository).isNotNull(); + assertThat(csrfTokenRepository).isEqualTo(Config.cookieCsrfTokenRepository); + } + + @EnableWebSecurity + static class Config extends WebSecurityConfigurerAdapter { + static CsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository(); + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().csrfTokenRepository(cookieCsrfTokenRepository); + } + + @Override + public void configure(WebSecurity web) throws Exception { + // Enable the DebugFilter + web.debug(true); + } + } +} \ No newline at end of file