Example 26 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfMetaTagsTagTests method handleTokenRendersTagsDifferentToken.
@Test
public void handleTokenRendersTagsDifferentToken() {
CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
String value = this.tag.handleToken(token);
assertThat(value).as("The returned value should not be null.").isNotNull();
assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />" + "<meta name=\"_csrf_header\" content=\"csrfHeader\" />" + "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 27 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfRequestDataValueProcessorTests method createGetExtraHiddenFieldsHasCsrfToken.
@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
this.request.setAttribute(CsrfToken.class.getName(), token);
Map<String, String> expected = new HashMap<>();
expected.put(token.getParameterName(), token.getToken());
RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
}
Also used :
HashMap(java.util.HashMap)
RequestDataValueProcessor(org.springframework.web.servlet.support.RequestDataValueProcessor)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 28 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfTokenArgumentResolverTests method setup.
@BeforeEach
public void setup() {
this.token = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "secret");
this.resolver = new CsrfTokenArgumentResolver();
this.request = new MockHttpServletRequest();
this.webRequest = new ServletWebRequest(this.request);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
ServletWebRequest(org.springframework.web.context.request.ServletWebRequest)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 29 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class DefaultCsrfTokenMixinTests method defaultCsrfTokenSerializedTest.
// @formatter:on
@Test
public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
String serializedJson = this.mapper.writeValueAsString(token);
JSONAssert.assertEquals(CSRF_JSON, serializedJson, true);
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 30 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project fastjson by alibaba.
the class DefaultSavedRequestTest method test_0.
public void test_0() throws Exception {
DefaultCsrfToken token = JSON.parseObject("{\"token\":\"xxx\",\"parameterName\":\"222\",\"headerName\":\"hhh\"}", DefaultCsrfToken.class);
assertEquals("hhh", token.getHeaderName());
assertEquals("222", token.getParameterName());
assertEquals("xxx", token.getToken());
assertEquals("{\"headerName\":\"hhh\",\"parameterName\":\"222\",\"token\":\"xxx\"}", JSON.toJSONString(token));
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Aggregations
DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)30
Test (org.junit.jupiter.api.Test)21
CsrfToken (org.springframework.security.web.csrf.CsrfToken)17
BeforeEach (org.junit.jupiter.api.BeforeEach)6
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5
CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
MockHttpSession (org.springframework.mock.web.MockHttpSession)3
MvcResult (org.springframework.test.web.servlet.MvcResult)3
HashMap (java.util.HashMap)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
Filter (jakarta.servlet.Filter)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
Date (java.util.Date)1
Test (org.junit.Test)1
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)1
