use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLogoutTests method defaults.
@Test
public void defaults() {
MockHttpServletRequest request = logout().buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/logout");
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestBuildersFormLogoutTests method custom.
@Test
public void custom() {
MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext);
CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
assertThat(request.getMethod()).isEqualTo("POST");
assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
assertThat(request.getRequestURI()).isEqualTo("/admin/logout");
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class WebSocketMessageBrokerConfigTests method requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor.
@Test
public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
this.spring.configLocations(xml("SyncConfig")).autowire();
WebApplicationContext context = this.spring.getContext();
MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
String csrfAttributeName = CsrfToken.class.getName();
String customAttributeName = this.getClass().getName();
MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token).sessionAttr(customAttributeName, "attributeValue")).andReturn();
CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
assertThat(handshakeValue).isEqualTo(sessionValue).withFailMessage("Explicitly listed session variables are not overridden");
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class CsrfInputTagTests method handleTokenReturnsHiddenInput.
@Test
public void handleTokenReturnsHiddenInput() {
CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
String value = this.tag.handleToken(token);
assertThat(value).as("The returned value should not be null.").isNotNull();
assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
}
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class CsrfMetaTagsTagTests method handleTokenRendersTags.
@Test
public void handleTokenRendersTags() {
CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
String value = this.tag.handleToken(token);
assertThat(value).as("The returned value should not be null.").isNotNull();
assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />" + "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />" + "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
}
Aggregations