Examples of org.springframework.security.web.csrf.CsrfToken

• org.springframework.security.web.csrf.CsrfToken
  Provides the information about an expected CSRF token. @see DefaultCsrfToken @author Rob Winch @since 3.2

        this.tag = new CsrfInputTag();
    }

    @Test
    public void handleTokenReturnsHiddenInput() {
        CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");

        String value = this.tag.handleToken(token);

        assertNotNull("The returned value should not be null.", value);
        assertEquals("The output is not correct.",

                value);
    }

    @Test
    public void handleTokenReturnsHiddenInputDifferentTokenValue() {
        CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux");

        String value = this.tag.handleToken(token);

        assertNotNull("The returned value should not be null.", value);
        assertEquals("The output is not correct.",

   * @return the token
   * @see org.springframework.security.web.csrf.CsrfTokenRepository#loadToken(javax.servlet.http.HttpServletRequest)
   */
  public CsrfToken loadToken(HttpServletRequest request) {
    String cookie = Utils.getStateParam(Config.AUTH_COOKIE, request);
    CsrfToken token = null;
    if (cookie != null) {
      String ident;
      String[] ctokens = Utils.base64dec(cookie).split(":");
      if (StringUtils.startsWithAny(ctokens[0], "http", "https") && ctokens[1].startsWith("//")) {
        ident = ctokens[0].concat(":").concat(ctokens[1]);

         * org.springframework.test.web.servlet.request.RequestPostProcessor
         * #postProcessRequest(org.springframework.mock.web.MockHttpServletRequest)
         */
        @Override
        public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
            CsrfToken token = repository.generateToken(request);
            repository.saveToken(token, request, new MockHttpServletResponse());
            request.setParameter(token.getParameterName(), token.getToken());
            return request;
        }

    @Test
    public void testShouldReturnCorrectLogicalViewName() {
        // given
        HttpServletRequest request = mock(HttpServletRequest.class);
        CsrfToken csrfToken = mock(CsrfToken.class);
        when(request.getAttribute(CsrfToken.class.getName())).thenReturn(csrfToken);
        when(csrfToken.getParameterName()).thenReturn("parameterName");
        when(csrfToken.getToken()).thenReturn("token");
        Model model = new ExtendedModelMap();

        // when
        String page = new LoginPageController().getPage(request, model);

        }
        model.addAttribute("passwordPattern", User.PASSWORD_PATTERN);
        model.addAttribute("environment", environment);
        model.addAttribute("email", email);
        model.addAttribute("oneTimeToken", oneTimeToken);
        CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
        if (csrfToken != null) {
            model.addAttribute("csrfParameterName", csrfToken.getParameterName());
            model.addAttribute("csrfToken", csrfToken.getToken());
        }
        return "updatePassword";
    }

    @RequestMapping(value = "/register", method = RequestMethod.GET)
    public String registerForm(HttpServletRequest request, Model model) {
        setupModel(model);
        model.addAttribute("user", new User());
        CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
        if (csrfToken != null) {
            model.addAttribute("csrfParameterName", csrfToken.getParameterName());
            model.addAttribute("csrfToken", csrfToken.getToken());
        }
        return "register";
    }

@Controller
public class LoginPageController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String getPage(HttpServletRequest request, Model model) {
        CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
        if (csrfToken != null) {
            model.addAttribute("csrfParameterName", csrfToken.getParameterName());
            model.addAttribute("csrfToken", csrfToken.getToken());
        }
        return "login";
    }

    @Test
    @DatabaseSetup("no-users.xml")
    @ExpectedDatabase(value="no-users.xml", assertionMode = DatabaseAssertionMode.NON_STRICT)
    public void registerUserAccount_NormalRegistrationAndEmptyForm_ShouldRenderRegistrationFormWithValidationErrors() throws Exception {
        CsrfToken csrfToken = new CsrfTokenBuilder()
                .headerName(IntegrationTestConstants.CSRF_TOKEN_HEADER_NAME)
                .requestParameterName(IntegrationTestConstants.CSRF_TOKEN_REQUEST_PARAM_NAME)
                .tokenValue(IntegrationTestConstants.CSRF_TOKEN_VALUE)
                .build();

    public void registerUserAccount_NormalRegistrationAndTooLongValues_ShouldRenderRegistrationFormWithValidationErrors() throws Exception {
        String email = TestUtil.createStringWithLength(101);
        String firstName = TestUtil.createStringWithLength(101);
        String lastName = TestUtil.createStringWithLength(101);

        CsrfToken csrfToken = new CsrfTokenBuilder()
                .headerName(IntegrationTestConstants.CSRF_TOKEN_HEADER_NAME)
                .requestParameterName(IntegrationTestConstants.CSRF_TOKEN_REQUEST_PARAM_NAME)
                .tokenValue(IntegrationTestConstants.CSRF_TOKEN_VALUE)
                .build();