Example 6 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project pigatron-web by pigatron-industries.
the class AdminSecurityControllerAdvice method getMetadata.
@ModelAttribute("metadata")
public Map<String, String> getMetadata(HttpServletRequest request) {
Map<String, String> metadata = new HashMap<>();
CsrfToken token = (CsrfToken) request.getAttribute("_csrf");
if (token != null) {
metadata.put("_csrf", token.getToken());
metadata.put("_csrf_header", token.getHeaderName());
}
return metadata;
}
Also used :
HashMap(java.util.HashMap)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
ModelAttribute(org.springframework.web.bind.annotation.ModelAttribute)
Example 7 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLoginTests method defaults.
@Test
public void defaults() {
MockHttpServletRequest request = formLogin().buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getParameter("username")).isEqualTo("user");
assertThat(request.getParameter("password")).isEqualTo("password");
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/login");
assertThat(request.getParameter("_csrf")).isNotNull();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.jupiter.api.Test)
Example 8 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLoginTests method customWithUriVars.
@Test
public void customWithUriVars() {
MockHttpServletRequest request = formLogin().loginProcessingUrl("/uri-login/{var1}/{var2}", "val1", "val2").user("username", "admin").password("password", "secret").buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getParameter("username")).isEqualTo("admin");
assertThat(request.getParameter("password")).isEqualTo("secret");
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/uri-login/val1/val2");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.jupiter.api.Test)
Example 9 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLoginTests method custom.
@Test
public void custom() {
MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret").buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getParameter("username")).isEqualTo("admin");
assertThat(request.getParameter("password")).isEqualTo("secret");
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/login");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.jupiter.api.Test)
Example 10 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLogoutTests method customWithUriVars.
@Test
public void customWithUriVars() {
MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2").buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/uri-logout/val1/val2");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.jupiter.api.Test)
Aggregations
CsrfToken (org.springframework.security.web.csrf.CsrfToken)48
Test (org.junit.jupiter.api.Test)28
DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)17
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)8
Authentication (org.springframework.security.core.Authentication)6
Cookie (javax.servlet.http.Cookie)5
HashMap (java.util.HashMap)3
ServletContext (javax.servlet.ServletContext)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
GrantedAuthority (org.springframework.security.core.GrantedAuthority)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)3
ActionResponse (com.synopsys.integration.alert.common.action.ActionResponse)2
FilterChain (javax.servlet.FilterChain)2
HttpHeaders (org.springframework.http.HttpHeaders)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
MockHttpSession (org.springframework.mock.web.MockHttpSession)2
