CsrfWebFilter places Mono<CsrfToken>

Fixes: gh-4855
This commit is contained in:
Rob Winch
2017-11-20 14:16:49 -06:00
parent edccafca84
commit d55db837e1
11 changed files with 73 additions and 114 deletions

View File

@@ -33,6 +33,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import static org.assertj.core.api.Assertions.assertThat;
@@ -314,9 +315,9 @@ public class FormLoginTests {
public static class CustomLoginPageController {
@ResponseBody
@GetMapping("/login")
public String login(ServerWebExchange exchange) {
CsrfToken token = exchange.getAttribute(CsrfToken.class.getName());
return
public Mono<String> login(ServerWebExchange exchange) {
Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
return token.map(t ->
"<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ " <head>\n"
@@ -338,12 +339,12 @@ public class FormLoginTests {
+ " <label for=\"password\" class=\"sr-only\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ " <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken() + "\">\n"
+ " <input type=\"hidden\" name=\"" + t.getParameterName() + "\" value=\"" + t.getToken() + "\">\n"
+ " <button type=\"submit\">Sign in</button>\n"
+ " </form>\n"
+ " </div>\n"
+ " </body>\n"
+ "</html>";
+ "</html>");
}
}
}

View File

@@ -26,7 +26,6 @@ import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverB
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainProxy;
import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.savedrequest.NoOpServerRequestCache;
import org.springframework.stereotype.Controller;
import org.springframework.test.web.reactive.server.WebTestClient;
@@ -126,7 +125,6 @@ public class RequestCacheTests {
@ResponseBody
@GetMapping("/secured")
public String login(ServerWebExchange exchange) {
CsrfToken token = exchange.getAttribute(CsrfToken.class.getName());
return
"<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"