Examples with CsrfFilter - org.springframework.security.web.csrf.CsrfFilter

Example 1 with CsrfFilter

use of org.springframework.security.web.csrf.CsrfFilter in project spring-security by spring-projects.

the class WebTestUtilsTests method findFilterNoSpringSecurityFilterChainInContext.

@Test
public void findFilterNoSpringSecurityFilterChainInContext() {
    loadConfig(NoSecurityConfig.class);
    CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
    FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
    this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
    assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind);
}

Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.Test)

Example 2 with CsrfFilter

use of org.springframework.security.web.csrf.CsrfFilter in project spring-security by spring-projects.

the class CsrfConfigurer method configure.

@SuppressWarnings("unchecked")
@Override
public void configure(H http) throws Exception {
    CsrfFilter filter = new CsrfFilter(this.csrfTokenRepository);
    RequestMatcher requireCsrfProtectionMatcher = getRequireCsrfProtectionMatcher();
    if (requireCsrfProtectionMatcher != null) {
        filter.setRequireCsrfProtectionMatcher(requireCsrfProtectionMatcher);
    }
    AccessDeniedHandler accessDeniedHandler = createAccessDeniedHandler(http);
    if (accessDeniedHandler != null) {
        filter.setAccessDeniedHandler(accessDeniedHandler);
    }
    LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
    if (logoutConfigurer != null) {
        logoutConfigurer.addLogoutHandler(new CsrfLogoutHandler(this.csrfTokenRepository));
    }
    SessionManagementConfigurer<H> sessionConfigurer = http.getConfigurer(SessionManagementConfigurer.class);
    if (sessionConfigurer != null) {
        sessionConfigurer.addSessionAuthenticationStrategy(new CsrfAuthenticationStrategy(this.csrfTokenRepository));
    }
    filter = postProcess(filter);
    http.addFilter(filter);
}

Also used : AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) AccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) CsrfLogoutHandler(org.springframework.security.web.csrf.CsrfLogoutHandler) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) CsrfAuthenticationStrategy(org.springframework.security.web.csrf.CsrfAuthenticationStrategy)

Example 3 with CsrfFilter

use of org.springframework.security.web.csrf.CsrfFilter in project spring-security by spring-projects.

the class WebTestUtilsTests method findFilterExplicitWithSecurityFilterInContext.

@Test
public void findFilterExplicitWithSecurityFilterInContext() {
    loadConfig(SecurityConfigWithDefaults.class);
    CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
    FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
    this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
    assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind);
}

Aggregations

CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)3 Test (org.junit.Test)2 DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)2 FilterChainProxy (org.springframework.security.web.FilterChainProxy)2 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)2 AccessDeniedHandler (org.springframework.security.web.access.AccessDeniedHandler)1 DelegatingAccessDeniedHandler (org.springframework.security.web.access.DelegatingAccessDeniedHandler)1 CsrfAuthenticationStrategy (org.springframework.security.web.csrf.CsrfAuthenticationStrategy)1 CsrfLogoutHandler (org.springframework.security.web.csrf.CsrfLogoutHandler)1 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)1 InvalidSessionAccessDeniedHandler (org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)1 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)1 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)1 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)1 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)1