Examples with DefaultCsrfToken org.springframework.security.web.csrf.DefaultCsrfToken used on opensource projects

Example 21 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class DefaultLoginPageConfigurerTests method loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox.

@Test
public void loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox() throws Exception {
    this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
    String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
    // @formatter:off
    this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n" + "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n" + "    <title>Please sign in</title>\n" + "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n" + "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Username</label>\n" + "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n" + "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n" + "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n" + "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + "      </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}

Example 22 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class SampleWebSecurityConfigurerAdapterTests method setup.

@BeforeEach
public void setup() {
    this.request = new MockHttpServletRequest("GET", "");
    this.response = new MockHttpServletResponse();
    this.chain = new MockFilterChain();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST");
    new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response);
    this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
}

Example 23 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfInputTagTests method handleTokenReturnsHiddenInputDifferentTokenValue.

@Test
public void handleTokenReturnsHiddenInputDifferentTokenValue() {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux");
    String value = this.tag.handleToken(token);
    assertThat(value).as("The returned value should not be null.").isNotNull();
    assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
}

Example 24 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersDifferentValue.

@Test
public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "<input type=\"hidden\" />";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("<input type=\"hidden\" />");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}

Example 25 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersReturnedValue.

@Test
public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "fooBarBazQux";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("fooBarBazQux");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}