Default to XorCsrfTokenRequestAttributeHandler

As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.

Issue gh-11960
Closes gh-12235
This commit is contained in:
Steve Riesenberg
2022-11-18 22:33:02 -06:00
parent 3f5d8b39ce
commit fd547321e8
2 changed files with 5 additions and 4 deletions

View File

@@ -108,9 +108,10 @@ public class CsrfAuthenticationStrategyTests {
verify(this.csrfTokenRepository).loadDeferredToken(this.request, this.response);
// SEC-2404, SEC-2832
CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
assertThat(tokenInRequest.getToken()).isSameAs(this.generatedToken.getToken());
assertThat(tokenInRequest.getHeaderName()).isSameAs(this.generatedToken.getHeaderName());
assertThat(tokenInRequest.getParameterName()).isSameAs(this.generatedToken.getParameterName());
assertThat(tokenInRequest.getToken()).isNotEmpty();
assertThat(tokenInRequest.getToken()).isNotEqualTo(this.generatedToken.getToken());
assertThat(tokenInRequest.getHeaderName()).isEqualTo(this.generatedToken.getHeaderName());
assertThat(tokenInRequest.getParameterName()).isEqualTo(this.generatedToken.getParameterName());
assertThat(this.request.getAttribute(this.generatedToken.getParameterName())).isSameAs(tokenInRequest);
}