Examples with DefaultCsrfToken org.springframework.security.web.csrf.DefaultCsrfToken used on opensource projects

Search in sources :

Example 16 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfConfigurerTests method loginWhenCsrfEnabledThenDoesNotRedirectToPreviousPostRequest.

@Test
public void loginWhenCsrfEnabledThenDoesNotRedirectToPreviousPostRequest() throws Exception {
    CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class);
    DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
    given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
    given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
    this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
    MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn();
    this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()).session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
    verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()).loadToken(any(HttpServletRequest.class));
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) CsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 17 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfConfigurerTests method loginWhenCsrfEnabledThenRedirectsToPreviousGetRequest.

@Test
public void loginWhenCsrfEnabledThenRedirectsToPreviousGetRequest() throws Exception {
    CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class);
    DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
    given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
    given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
    this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
    MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn();
    this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()).session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/some-url"));
    verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()).loadToken(any(HttpServletRequest.class));
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) CsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 18 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfConfigurerTests method getWhenCustomCsrfTokenRepositoryThenRepositoryIsUsed.

@Test
public void getWhenCustomCsrfTokenRepositoryThenRepositoryIsUsed() throws Exception {
    CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
    given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
    this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
    this.mvc.perform(get("/")).andExpect(status().isOk());
    verify(CsrfTokenRepositoryConfig.REPO).loadToken(any(HttpServletRequest.class));
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) CsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Example 19 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class DefaultLoginPageConfigurerTests method loginPageWhenLoggedOutThenDefaultLoginPageWithLogoutMessage.

@Test
public void loginPageWhenLoggedOutThenDefaultLoginPageWithLogoutMessage() throws Exception {
    this.spring.register(DefaultLoginPageConfig.class).autowire();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
    String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
    // @formatter:off
    this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n" + "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n" + "    <title>Please sign in</title>\n" + "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n" + "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Username</label>\n" + "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n" + "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n" + "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + "      </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) Test(org.junit.jupiter.api.Test)

Example 20 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class DefaultLoginPageConfigurerTests method loginPageThenDefaultLoginPageIsRendered.

@Test
public void loginPageThenDefaultLoginPageIsRendered() throws Exception {
    this.spring.register(DefaultLoginPageConfig.class).autowire();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
    String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
    // @formatter:off
    this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n" + "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n" + "    <title>Please sign in</title>\n" + "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n" + "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Username</label>\n" + "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n" + "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n" + "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + "      </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)30 Test (org.junit.jupiter.api.Test)21 CsrfToken (org.springframework.security.web.csrf.CsrfToken)17 BeforeEach (org.junit.jupiter.api.BeforeEach)6 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4 MockHttpSession (org.springframework.mock.web.MockHttpSession)3 MvcResult (org.springframework.test.web.servlet.MvcResult)3 HashMap (java.util.HashMap)2 MockFilterChain (org.springframework.mock.web.MockFilterChain)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 Filter (jakarta.servlet.Filter)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 Date (java.util.Date)1 Test (org.junit.Test)1 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial