Document Defer load CsrfToken
Closes gh-12105
This commit is contained in:
Rob Winch
-5
@@ -34,8 +34,6 @@ import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
|
||||
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.LazyCsrfTokenRepository;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
|
||||
import static org.mockito.ArgumentMatchers.anyBoolean;
|
||||
@@ -81,8 +79,6 @@ public class DeferHttpSessionJavaConfigTests {
|
||||
|
||||
@Bean
|
||||
DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception {
|
||||
LazyCsrfTokenRepository csrfRepository = new LazyCsrfTokenRepository(new HttpSessionCsrfTokenRepository());
|
||||
csrfRepository.setDeferLoadToken(true);
|
||||
HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
|
||||
requestCache.setMatchingRequestParameterName("continue");
|
||||
CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
|
||||
@@ -103,7 +99,6 @@ public class DeferHttpSessionJavaConfigTests {
|
||||
)
|
||||
.csrf((csrf) -> csrf
|
||||
.csrfTokenRequestHandler(requestHandler)
|
||||
.csrfTokenRepository(csrfRepository)
|
||||
);
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
|
||||
+1
-6
@@ -30,18 +30,13 @@
|
||||
security-context-explicit-save="true"
|
||||
use-authorization-manager="true">
|
||||
<intercept-url pattern="/**" access="permitAll"/>
|
||||
<csrf request-handler-ref="requestHandler"
|
||||
token-repository-ref="csrfRepository"/>
|
||||
<csrf request-handler-ref="requestHandler"/>
|
||||
<request-cache ref="requestCache"/>
|
||||
<session-management authentication-strategy-explicit-invocation="true"/>
|
||||
</http>
|
||||
|
||||
<b:bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"
|
||||
p:matchingRequestParameterName="continue"/>
|
||||
<b:bean id="httpSessionCsrfRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository"/>
|
||||
<b:bean id="csrfRepository" class="org.springframework.security.web.csrf.LazyCsrfTokenRepository"
|
||||
c:delegate-ref="httpSessionCsrfRepository"
|
||||
p:deferLoadToken="true"/>
|
||||
<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler"
|
||||
p:csrfRequestAttributeName="_csrf"/>
|
||||
<b:import resource="CsrfConfigTests-shared-userservice.xml"/>
|
||||
|
||||
Reference in New Issue
Block a user