Example 31 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class WebMvcSecurityConfigurationTests method csrfToken.
@Test
public void csrfToken() throws Exception {
CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
this.mockMvc.perform(request).andExpect(assertResult(csrfToken));
}
Also used :
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.jupiter.api.Test)
Example 32 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class DefaultLoginPageConfigurerTests method loginPageWhenLoggedOutThenDefaultLoginPageWithLogoutMessage.
@Test
public void loginPageWhenLoggedOutThenDefaultLoginPageWithLogoutMessage() throws Exception {
this.spring.register(DefaultLoginPageConfig.class).autowire();
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
// @formatter:off
this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + " <head>\n" + " <meta charset=\"utf-8\">\n" + " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + " <meta name=\"description\" content=\"\">\n" + " <meta name=\"author\" content=\"\">\n" + " <title>Please sign in</title>\n" + " <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + " <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + " </head>\n" + " <body>\n" + " <div class=\"container\">\n" + " <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + " <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div> <p>\n" + " <label for=\"username\" class=\"sr-only\">Username</label>\n" + " <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + " </p>\n" + " <p>\n" + " <label for=\"password\" class=\"sr-only\">Password</label>\n" + " <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + " </p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + " <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + " </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
Test(org.junit.jupiter.api.Test)
Example 33 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class DefaultLoginPageConfigurerTests method loginPageThenDefaultLoginPageIsRendered.
@Test
public void loginPageThenDefaultLoginPageIsRendered() throws Exception {
this.spring.register(DefaultLoginPageConfig.class).autowire();
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
// @formatter:off
this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + " <head>\n" + " <meta charset=\"utf-8\">\n" + " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + " <meta name=\"description\" content=\"\">\n" + " <meta name=\"author\" content=\"\">\n" + " <title>Please sign in</title>\n" + " <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + " <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + " </head>\n" + " <body>\n" + " <div class=\"container\">\n" + " <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + " <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + " <p>\n" + " <label for=\"username\" class=\"sr-only\">Username</label>\n" + " <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + " </p>\n" + " <p>\n" + " <label for=\"password\" class=\"sr-only\">Password</label>\n" + " <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + " </p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + " <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + " </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
Test(org.junit.jupiter.api.Test)
Example 34 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class DefaultLoginPageConfigurerTests method loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox.
@Test
public void loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox() throws Exception {
this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
// @formatter:off
this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + " <head>\n" + " <meta charset=\"utf-8\">\n" + " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + " <meta name=\"description\" content=\"\">\n" + " <meta name=\"author\" content=\"\">\n" + " <title>Please sign in</title>\n" + " <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + " <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + " </head>\n" + " <body>\n" + " <div class=\"container\">\n" + " <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + " <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + " <p>\n" + " <label for=\"username\" class=\"sr-only\">Username</label>\n" + " <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + " </p>\n" + " <p>\n" + " <label for=\"password\" class=\"sr-only\">Password</label>\n" + " <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + " </p>\n" + "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + " <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + " </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
Test(org.junit.jupiter.api.Test)
Example 35 with CsrfToken
use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.
the class SampleWebSecurityConfigurerAdapterTests method setup.
@BeforeEach
public void setup() {
this.request = new MockHttpServletRequest("GET", "");
this.response = new MockHttpServletResponse();
this.chain = new MockFilterChain();
CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST");
new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response);
this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
CsrfToken (org.springframework.security.web.csrf.CsrfToken)48
Test (org.junit.jupiter.api.Test)28
DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)17
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)8
Authentication (org.springframework.security.core.Authentication)6
Cookie (javax.servlet.http.Cookie)5
HashMap (java.util.HashMap)3
ServletContext (javax.servlet.ServletContext)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
GrantedAuthority (org.springframework.security.core.GrantedAuthority)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)3
ActionResponse (com.synopsys.integration.alert.common.action.ActionResponse)2
FilterChain (javax.servlet.FilterChain)2
HttpHeaders (org.springframework.http.HttpHeaders)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
MockHttpSession (org.springframework.mock.web.MockHttpSession)2
