CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and moves usage from CsrfFilter into CsrfTokenRequestHandler. Closes gh-11892
This commit is contained in:
@@ -85,8 +85,8 @@ public class DeferHttpSessionJavaConfigTests {
|
||||
csrfRepository.setDeferLoadToken(true);
|
||||
HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
|
||||
requestCache.setMatchingRequestParameterName("continue");
|
||||
CsrfTokenRequestProcessor requestAttributeHandler = new CsrfTokenRequestProcessor();
|
||||
requestAttributeHandler.setCsrfRequestAttributeName("_csrf");
|
||||
CsrfTokenRequestProcessor requestHandler = new CsrfTokenRequestProcessor();
|
||||
requestHandler.setCsrfRequestAttributeName("_csrf");
|
||||
// @formatter:off
|
||||
http
|
||||
.requestCache((cache) -> cache
|
||||
@@ -102,7 +102,7 @@ public class DeferHttpSessionJavaConfigTests {
|
||||
.requireExplicitAuthenticationStrategy(true)
|
||||
)
|
||||
.csrf((csrf) -> csrf
|
||||
.csrfTokenRequestAttributeHandler(requestAttributeHandler)
|
||||
.csrfTokenRequestHandler(requestHandler)
|
||||
.csrfTokenRepository(csrfRepository)
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
@@ -422,8 +422,8 @@ public class CsrfConfigurerTests {
|
||||
CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class);
|
||||
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
|
||||
given(csrfTokenRepository.generateToken(any(HttpServletRequest.class))).willReturn(csrfToken);
|
||||
CsrfTokenRequestProcessorConfig.REPO = csrfTokenRepository;
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR = new CsrfTokenRequestProcessor();
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR.setTokenRepository(csrfTokenRepository);
|
||||
this.spring.register(CsrfTokenRequestProcessorConfig.class, BasicController.class).autowire();
|
||||
this.mvc.perform(get("/login")).andExpect(status().isOk())
|
||||
.andExpect(content().string(containsString(csrfToken.getToken())));
|
||||
@@ -438,10 +438,11 @@ public class CsrfConfigurerTests {
|
||||
public void loginWhenCsrfTokenRequestProcessorSetAndNormalCsrfTokenThenSuccess() throws Exception {
|
||||
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
|
||||
CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class);
|
||||
given(csrfTokenRepository.loadToken(any(HttpServletRequest.class))).willReturn(csrfToken);
|
||||
given(csrfTokenRepository.loadToken(any(HttpServletRequest.class))).willReturn(null, csrfToken);
|
||||
given(csrfTokenRepository.generateToken(any(HttpServletRequest.class))).willReturn(csrfToken);
|
||||
CsrfTokenRequestProcessorConfig.REPO = csrfTokenRepository;
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR = new CsrfTokenRequestProcessor();
|
||||
CsrfTokenRequestProcessorConfig.PROCESSOR.setTokenRepository(csrfTokenRepository);
|
||||
|
||||
this.spring.register(CsrfTokenRequestProcessorConfig.class, BasicController.class).autowire();
|
||||
// @formatter:off
|
||||
MockHttpServletRequestBuilder loginRequest = post("/login")
|
||||
@@ -451,7 +452,6 @@ public class CsrfConfigurerTests {
|
||||
// @formatter:on
|
||||
this.mvc.perform(loginRequest).andExpect(redirectedUrl("/"));
|
||||
verify(csrfTokenRepository, times(2)).loadToken(any(HttpServletRequest.class));
|
||||
verify(csrfTokenRepository).saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
verify(csrfTokenRepository).generateToken(any(HttpServletRequest.class));
|
||||
verify(csrfTokenRepository).saveToken(eq(csrfToken), any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class));
|
||||
@@ -803,8 +803,6 @@ public class CsrfConfigurerTests {
|
||||
@EnableWebSecurity
|
||||
static class CsrfTokenRequestProcessorConfig {
|
||||
|
||||
static CsrfTokenRepository REPO;
|
||||
|
||||
static CsrfTokenRequestProcessor PROCESSOR;
|
||||
|
||||
@Bean
|
||||
@@ -816,8 +814,7 @@ public class CsrfConfigurerTests {
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.csrf((csrf) -> csrf
|
||||
.csrfTokenRepository(REPO)
|
||||
.csrfTokenRequestAttributeHandler(PROCESSOR)
|
||||
.csrfTokenRequestHandler(PROCESSOR)
|
||||
.csrfTokenRequestResolver(PROCESSOR)
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
@@ -30,6 +30,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
@@ -41,6 +42,7 @@ import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.DeferredCsrfToken;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
@@ -544,8 +546,9 @@ public class CsrfConfigTests {
|
||||
@Override
|
||||
public void match(MvcResult result) {
|
||||
MockHttpServletRequest request = result.getRequest();
|
||||
CsrfToken token = WebTestUtils.getCsrfTokenRepository(request).loadToken(request);
|
||||
assertThat(token).isNotNull();
|
||||
MockHttpServletResponse response = result.getResponse();
|
||||
DeferredCsrfToken token = WebTestUtils.getCsrfTokenRequestHandler(request).handle(request, response);
|
||||
assertThat(token.isGenerated()).isFalse();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -561,7 +564,8 @@ public class CsrfConfigTests {
|
||||
@Override
|
||||
public void match(MvcResult result) throws Exception {
|
||||
MockHttpServletRequest request = result.getRequest();
|
||||
CsrfToken token = WebTestUtils.getCsrfTokenRepository(request).loadToken(request);
|
||||
MockHttpServletResponse response = result.getResponse();
|
||||
CsrfToken token = WebTestUtils.getCsrfTokenRequestHandler(request).handle(request, response).get();
|
||||
assertThat(token).isNotNull();
|
||||
assertThat(token.getToken()).isEqualTo(this.token.apply(result));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user