Examples with DefaultCsrfToken org.springframework.security.web.csrf.DefaultCsrfToken used on opensource projects

Search in sources :

Example 11 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfChannelInterceptorTests method setup.

@BeforeEach
public void setup() {
    this.token = new DefaultCsrfToken("header", "param", "token");
    this.interceptor = new CsrfChannelInterceptor();
    this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
    this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
    this.messageHeaders.setSessionAttributes(new HashMap<>());
    this.messageHeaders.getSessionAttributes().put(CsrfToken.class.getName(), this.token);
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 12 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security-oauth by spring-projects.

the class WhitelabelApprovalEndpointTests method testApprovalPageWithCsrf.

@Test
public void testApprovalPageWithCsrf() throws Exception {
    request.setContextPath("/foo");
    request.setAttribute("_csrf", new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "FOO"));
    parameters.put("client_id", "client");
    HashMap<String, Object> model = new HashMap<String, Object>();
    model.put("authorizationRequest", createFromParameters(parameters));
    ModelAndView result = endpoint.getAccessConfirmation(model, request);
    result.getView().render(result.getModel(), request, response);
    String content = response.getContentAsString();
    assertTrue("Wrong content: " + content, content.contains("_csrf"));
    assertTrue("Wrong content: " + content, content.contains("/foo/oauth/authorize"));
    assertTrue("Wrong content: " + content, !content.contains("${"));
}
Also used : HashMap(java.util.HashMap) ModelAndView(org.springframework.web.servlet.ModelAndView) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.Test)

Example 13 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project tutorials by eugenp.

the class JWTCsrfTokenRepository method generateToken.

@Override
public CsrfToken generateToken(HttpServletRequest request) {
    String id = UUID.randomUUID().toString().replace("-", "");
    Date now = new Date();
    // 30 seconds
    Date exp = new Date(System.currentTimeMillis() + (1000 * 30));
    String token = Jwts.builder().setId(id).setIssuedAt(now).setNotBefore(now).setExpiration(exp).signWith(SignatureAlgorithm.HS256, secret).compact();
    return new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", token);
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Date(java.util.Date)

Example 14 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class DefaultFiltersTests method defaultFiltersPermitAll.

@Test
public void defaultFiltersPermitAll() throws IOException, ServletException {
    this.spring.register(DefaultFiltersConfigPermitAll.class, UserDetailsServiceConfig.class);
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
    request.setServletPath("/logout");
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
    new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response);
    request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
    this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response, new MockFilterChain());
    assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout");
}
Also used : SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter) Filter(jakarta.servlet.Filter) SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) HeaderWriterFilter(org.springframework.security.web.header.HeaderWriterFilter) WebAsyncManagerIntegrationFilter(org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 15 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class WebMvcSecurityConfigurationTests method csrfToken.

@Test
public void csrfToken() throws Exception {
    CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
    MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
    this.mockMvc.perform(request).andExpect(assertResult(csrfToken));
}
Also used : MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)30 Test (org.junit.jupiter.api.Test)21 CsrfToken (org.springframework.security.web.csrf.CsrfToken)17 BeforeEach (org.junit.jupiter.api.BeforeEach)6 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4 MockHttpSession (org.springframework.mock.web.MockHttpSession)3 MvcResult (org.springframework.test.web.servlet.MvcResult)3 HashMap (java.util.HashMap)2 MockFilterChain (org.springframework.mock.web.MockFilterChain)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 Filter (jakarta.servlet.Filter)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 Date (java.util.Date)1 Test (org.junit.Test)1 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial