Examples with HttpSessionCsrfTokenRepository org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository used on opensource projects

Search in sources :

Example 1 with HttpSessionCsrfTokenRepository

use of org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository in project spring-security by spring-projects.

the class WebTestUtilsTests method findFilterNoSpringSecurityFilterChainInContext.

@Test
public void findFilterNoSpringSecurityFilterChainInContext() {
    loadConfig(NoSecurityConfig.class);
    CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
    FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
    this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
    assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind);
}
Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.Test)

Example 2 with HttpSessionCsrfTokenRepository

use of org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository in project spring-security by spring-projects.

the class SessionManagementConfigurerServlet31Tests method changeSessionIdDefaultsInServlet31Plus.

@Test
public void changeSessionIdDefaultsInServlet31Plus() throws Exception {
    spy(ReflectionUtils.class);
    Method method = mock(Method.class);
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.getSession();
    request.setServletPath("/login");
    request.setMethod("POST");
    request.setParameter("username", "user");
    request.setParameter("password", "password");
    HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
    CsrfToken token = repository.generateToken(request);
    repository.saveToken(token, request, response);
    request.setParameter(token.getParameterName(), token.getToken());
    when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId")).thenReturn(method);
    loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class);
    springSecurityFilterChain.doFilter(request, response, chain);
    verifyStatic();
    ReflectionUtils.invokeMethod(same(method), any(HttpServletRequest.class));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Method(java.lang.reflect.Method) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) CsrfToken(org.springframework.security.web.csrf.CsrfToken) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 3 with HttpSessionCsrfTokenRepository

use of org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository in project spring-security by spring-projects.

the class WebTestUtilsTests method findFilterExplicitWithSecurityFilterInContext.

@Test
public void findFilterExplicitWithSecurityFilterInContext() {
    loadConfig(SecurityConfigWithDefaults.class);
    CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
    FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
    this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
    assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind);
}
Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.Test)

Example 4 with HttpSessionCsrfTokenRepository

use of org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository in project spring-security by spring-projects.

the class SecurityMockMvcRequestPostProcessorsCsrfTests method csrfWhenUsedThenDoesNotImpactOriginalRepository.

// gh-4016
@Test
public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception {
    // @formatter:off
    this.mockMvc.perform(post("/").with(csrf()));
    MockHttpServletRequest request = new MockHttpServletRequest();
    HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
    CsrfToken token = repo.generateToken(request);
    repo.saveToken(token, request, new MockHttpServletResponse());
    MockHttpServletRequestBuilder requestWithCsrf = post("/").param(token.getParameterName(), token.getToken()).session((MockHttpSession) request.getSession());
    this.mockMvc.perform(requestWithCsrf).andExpect(status().isOk());
// @formatter:on
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) CsrfToken(org.springframework.security.web.csrf.CsrfToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)4 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)4 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)2 FilterChainProxy (org.springframework.security.web.FilterChainProxy)2 CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)2 CsrfToken (org.springframework.security.web.csrf.CsrfToken)2 Method (java.lang.reflect.Method)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial