Search in sources :

Example 11 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class SecurityMockMvcRequestBuildersFormLogoutTests method defaults.

@Test
public void defaults() {
    MockHttpServletRequest request = logout().buildRequest(this.servletContext);
    CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
    assertThat(request.getMethod()).isEqualTo("POST");
    assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
    assertThat(request.getRequestURI()).isEqualTo("/logout");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) CsrfToken(org.springframework.security.web.csrf.CsrfToken) Test(org.junit.jupiter.api.Test)

Example 12 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class SecurityMockMvcRequestBuildersFormLogoutTests method custom.

@Test
public void custom() {
    MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext);
    CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
    assertThat(request.getMethod()).isEqualTo("POST");
    assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
    assertThat(request.getRequestURI()).isEqualTo("/admin/logout");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) CsrfToken(org.springframework.security.web.csrf.CsrfToken) Test(org.junit.jupiter.api.Test)

Example 13 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class WebSocketMessageBrokerConfigTests method requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor.

@Test
public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
    this.spring.configLocations(xml("SyncConfig")).autowire();
    WebApplicationContext context = this.spring.getContext();
    MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
    String csrfAttributeName = CsrfToken.class.getName();
    String customAttributeName = this.getClass().getName();
    MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token).sessionAttr(customAttributeName, "attributeValue")).andReturn();
    CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
    String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
    String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
    assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
    assertThat(handshakeValue).isEqualTo(sessionValue).withFailMessage("Explicitly listed session variables are not overridden");
}
Also used : MvcResult(org.springframework.test.web.servlet.MvcResult) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) MockMvc(org.springframework.test.web.servlet.MockMvc) WebApplicationContext(org.springframework.web.context.WebApplicationContext) Test(org.junit.jupiter.api.Test)

Example 14 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class CsrfInputTagTests method handleTokenReturnsHiddenInput.

@Test
public void handleTokenReturnsHiddenInput() {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    String value = this.tag.handleToken(token);
    assertThat(value).as("The returned value should not be null.").isNotNull();
    assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Example 15 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class CsrfMetaTagsTagTests method handleTokenRendersTags.

@Test
public void handleTokenRendersTags() {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    String value = this.tag.handleToken(token);
    assertThat(value).as("The returned value should not be null.").isNotNull();
    assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />" + "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />" + "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Aggregations

CsrfToken (org.springframework.security.web.csrf.CsrfToken)48 Test (org.junit.jupiter.api.Test)28 DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)17 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)8 Authentication (org.springframework.security.core.Authentication)6 Cookie (javax.servlet.http.Cookie)5 HashMap (java.util.HashMap)3 ServletContext (javax.servlet.ServletContext)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)3 ActionResponse (com.synopsys.integration.alert.common.action.ActionResponse)2 FilterChain (javax.servlet.FilterChain)2 HttpHeaders (org.springframework.http.HttpHeaders)2 MockFilterChain (org.springframework.mock.web.MockFilterChain)2 MockHttpSession (org.springframework.mock.web.MockHttpSession)2