Examples of CsrfToken


Examples of com.ctlok.springframework.web.servlet.view.rythm.tag.CsrfToken

        tags.add(new FullUrl());
        tags.add(new Message(getApplicationContext()));
        tags.add(new Secured());
        tags.add(new DateFormat());
        tags.add(new CookieValue());
        tags.add(new CsrfToken(configurator.getCsrfTokenGenerator(),
                configurator.getCsrfTokenSessionName()));
       
        return tags;
       
    }
View Full Code Here

Examples of com.ctlok.springframework.web.servlet.view.rythm.tag.CsrfToken

        tags.add(new FullUrl());
        tags.add(new Message(getApplicationContext()));
        tags.add(new Secured());
        tags.add(new DateFormat());
        tags.add(new CookieValue());
        tags.add(new CsrfToken(configurator.getCsrfTokenGenerator(),
                configurator.getCsrfTokenSessionName()));
       
        return tags;
       
    }
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

abstract class AbstractCsrfTag extends TagSupport {

    @Override
    public int doEndTag() throws JspException {

        CsrfToken token = (CsrfToken)this.pageContext.getRequest().getAttribute(CsrfToken.class.getName());
        if (token != null) {
            try {
                this.pageContext.getOut().write(this.handleToken(token));
            } catch (IOException e) {
                throw new JspException(e);
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        return sb.toString();
    }

    private void renderHiddenInputs(StringBuilder sb, HttpServletRequest request) {
        CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());

        if(token != null) {
            sb.append("    <input name=\""+ token.getParameterName() +"\" type=\"hidden\" value=\""+ token.getToken() +"\" />\n");
        }
    }
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        assertThat(processor.processUrl(request, url)).isEqualTo(url);
    }

    @Test
    public void createGetExtraHiddenFieldsHasCsrfToken() {
        CsrfToken token = new DefaultCsrfToken("1", "a", "b");
        request.setAttribute(CsrfToken.class.getName(), token);
        Map<String,String> expected = new HashMap<String,String>();
        expected.put(token.getParameterName(),token.getToken());

        RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
        assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
    }
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        if(Boolean.TRUE.equals(request.getAttribute(DISABLE_CSRF_TOKEN_ATTR))) {
            request.removeAttribute(DISABLE_CSRF_TOKEN_ATTR);
            return Collections.emptyMap();
        }

        CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class
                .getName());
        if (token == null) {
            return Collections.emptyMap();
        }
        Map<String, String> hiddenFields = new HashMap<String, String>(1);
        hiddenFields.put(token.getParameterName(), token.getToken());
        return hiddenFields;
    }
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        request.setServletPath("/login");
        request.setMethod("POST");
        request.setParameter("username", "user");
        request.setParameter("password", "password");
        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
        CsrfToken token = repository.generateToken(request);
        repository.saveToken(token, request, response);
        request.setParameter(token.getParameterName(),token.getToken());
        when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId")).thenReturn(method);

        loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class);

        springSecurityFilterChain.doFilter(request,response,chain);
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        public MockHttpServletRequest postProcessRequest(
                MockHttpServletRequest request) {

            CsrfTokenRepository repository = WebTestUtils
                    .getCsrfTokenRepository(request);
            CsrfToken token = repository.generateToken(request);
            repository.saveToken(token, request, new MockHttpServletResponse());
            String tokenValue = useInvalidToken ? "invalid" + token.getToken() : token.getToken();
            if(asHeader) {
                request.addHeader(token.getHeaderName(), tokenValue);
            } else {
                request.setParameter(token.getParameterName(), tokenValue);
            }
            return request;
        }
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

        this.tag = new CsrfMetaTagsTag();
    }

    @Test
    public void handleTokenRendersTags() {
        CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");

        String value = this.tag.handleToken(token);

        assertNotNull("The returned value should not be null.", value);
        assertEquals("The output is not correct.",
View Full Code Here

Examples of org.springframework.security.web.csrf.CsrfToken

                value);
    }

    @Test
    public void handleTokenRendersTagsDifferentToken() {
        CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");

        String value = this.tag.handleToken(token);

        assertNotNull("The returned value should not be null.", value);
        assertEquals("The output is not correct.",
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.