Examples with CsrfToken org.springframework.security.web.csrf.CsrfToken used on opensource projects

Example 41 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersDifferentValue.

@Test
public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "<input type=\"hidden\" />";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("<input type=\"hidden\" />");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}

Example 42 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersReturnedValue.

@Test
public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "fooBarBazQux";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("fooBarBazQux");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}

Example 43 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class CsrfMetaTagsTagTests method handleTokenRendersTagsDifferentToken.

@Test
public void handleTokenRendersTagsDifferentToken() {
    CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
    String value = this.tag.handleToken(token);
    assertThat(value).as("The returned value should not be null.").isNotNull();
    assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />" + "<meta name=\"_csrf_header\" content=\"csrfHeader\" />" + "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
}

Example 44 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class CsrfRequestDataValueProcessor method getExtraHiddenFields.

@Override
public Map<String, String> getExtraHiddenFields(HttpServletRequest request) {
    if (Boolean.TRUE.equals(request.getAttribute(this.DISABLE_CSRF_TOKEN_ATTR))) {
        request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
        return Collections.emptyMap();
    }
    CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
    if (token == null) {
        return Collections.emptyMap();
    }
    Map<String, String> hiddenFields = new HashMap<>(1);
    hiddenFields.put(token.getParameterName(), token.getToken());
    return hiddenFields;
}

Example 45 with CsrfToken

use of org.springframework.security.web.csrf.CsrfToken in project spring-security by spring-projects.

the class CsrfRequestDataValueProcessorTests method createGetExtraHiddenFieldsHasCsrfToken.

@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
    CsrfToken token = new DefaultCsrfToken("1", "a", "b");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    Map<String, String> expected = new HashMap<>();
    expected.put(token.getParameterName(), token.getToken());
    RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
    assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
}