use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class CsrfMetaTagsTagTests method handleTokenRendersTagsDifferentToken.
@Test
public void handleTokenRendersTagsDifferentToken() {
CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
String value = this.tag.handleToken(token);
assertThat(value).as("The returned value should not be null.").isNotNull();
assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />" + "<meta name=\"_csrf_header\" content=\"csrfHeader\" />" + "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class CsrfRequestDataValueProcessor method getExtraHiddenFields.
@Override
public Map<String, String> getExtraHiddenFields(HttpServletRequest request) {
if (Boolean.TRUE.equals(request.getAttribute(this.DISABLE_CSRF_TOKEN_ATTR))) {
request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
return Collections.emptyMap();
}
CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (token == null) {
return Collections.emptyMap();
}
Map<String, String> hiddenFields = new HashMap<>(1);
hiddenFields.put(token.getParameterName(), token.getToken());
return hiddenFields;
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class CsrfRequestDataValueProcessorTests method createGetExtraHiddenFieldsHasCsrfToken.
@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
this.request.setAttribute(CsrfToken.class.getName(), token);
Map<String, String> expected = new HashMap<>();
expected.put(token.getParameterName(), token.getToken());
RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
}
Aggregations