Example 31 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class AbstractCsrfTagTests method hasCsrfRendersReturnedValue.
@Test
public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
this.request.setAttribute(CsrfToken.class.getName(), token);
this.tag.handleReturn = "fooBarBazQux";
int returned = this.tag.doEndTag();
assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("fooBarBazQux");
assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 32 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfMetaTagsTagTests method handleTokenRendersTagsDifferentToken.
@Test
public void handleTokenRendersTagsDifferentToken() {
CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
String value = this.tag.handleToken(token);
assertThat(value).as("The returned value should not be null.").isNotNull();
assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />" + "<meta name=\"_csrf_header\" content=\"csrfHeader\" />" + "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 33 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfRequestDataValueProcessorTests method createGetExtraHiddenFieldsHasCsrfToken.
@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
this.request.setAttribute(CsrfToken.class.getName(), token);
Map<String, String> expected = new HashMap<>();
expected.put(token.getParameterName(), token.getToken());
RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
}
Also used :
HashMap(java.util.HashMap)
RequestDataValueProcessor(org.springframework.web.servlet.support.RequestDataValueProcessor)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Example 34 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class CsrfTokenArgumentResolverTests method setup.
@BeforeEach
public void setup() {
this.token = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "secret");
this.resolver = new CsrfTokenArgumentResolver();
this.request = new MockHttpServletRequest();
this.webRequest = new ServletWebRequest(this.request);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
ServletWebRequest(org.springframework.web.context.request.ServletWebRequest)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 35 with DefaultCsrfToken
use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.
the class DefaultCsrfTokenMixinTests method defaultCsrfTokenSerializedTest.
// @formatter:on
@Test
public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
String serializedJson = this.mapper.writeValueAsString(token);
JSONAssert.assertEquals(CSRF_JSON, serializedJson, true);
}
Also used :
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
Test(org.junit.jupiter.api.Test)
Aggregations
DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)42
Test (org.junit.jupiter.api.Test)21
CsrfToken (org.springframework.security.web.csrf.CsrfToken)21
BeforeEach (org.junit.jupiter.api.BeforeEach)6
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5
Cookie (javax.servlet.http.Cookie)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5
HashMap (java.util.HashMap)4
Test (org.junit.Test)4
UUID (java.util.UUID)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
MockHttpSession (org.springframework.mock.web.MockHttpSession)3
MvcResult (org.springframework.test.web.servlet.MvcResult)3
ModelAndView (org.springframework.web.servlet.ModelAndView)3
ParseException (java.text.ParseException)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
