首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Add cookieDomain to CookieCsrfTokenRepository

Fixes: gh-4315
Dongmin Shin 6 年之前
父节点
2b369cfe98
当前提交
0d2af416aa
共有 2 个文件被更改,包括 31 次插入0 次删除
合并视图 显示文件统计
  1. 17 0
      web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
  2. 14 0
      web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java

+ 17 - 0
web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
查看文件 

@@ -55,6 +55,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 
 
 	private String cookiePath;
 
 	private String cookiePath;
 
 
 
+	private String cookieDomain;
 
+
 
 	public CookieCsrfTokenRepository() {
 
 	public CookieCsrfTokenRepository() {
 
 		this.setHttpOnlyMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", boolean.class);
 
 		this.setHttpOnlyMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", boolean.class);
 
 		if (this.setHttpOnlyMethod != null) {
 
 		if (this.setHttpOnlyMethod != null) {
 
@@ -88,6 +90,9 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 		if (cookieHttpOnly && setHttpOnlyMethod != null) {
 
 		if (cookieHttpOnly && setHttpOnlyMethod != null) {
 
 			ReflectionUtils.invokeMethod(setHttpOnlyMethod, cookie, Boolean.TRUE);
 
 			ReflectionUtils.invokeMethod(setHttpOnlyMethod, cookie, Boolean.TRUE);
 
 		}
 
 		}
 
+		if (this.cookieDomain != null && !this.cookieDomain.isEmpty()) {
 
+			cookie.setDomain(this.cookieDomain);
 
+		}
 
 
 
 		response.addCookie(cookie);
 
 		response.addCookie(cookie);
 
 	}
 
 	}
 
@@ -194,4 +199,16 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	public String getCookiePath() {
 
 	public String getCookiePath() {
 
 		return this.cookiePath;
 
 		return this.cookiePath;
 
 	}
 
 	}
 
+
 
+	/**
 
+	 * Sets the domain of the cookie that the expected CSRF token is saved to and read from.
 
+	 *
 
+	 * @since 5.2
 
+	 * @param cookieDomain the domain of the cookie that the expected CSRF token is saved to
 
+	 * and read from
 
+	 */
 
+	public void setCookieDomain(String cookieDomain) {
 
+		this.cookieDomain = cookieDomain;
 
+	}
 
+
 
 }
 
 }

+ 14 - 0
web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
查看文件 

@@ -189,6 +189,20 @@ public class CookieCsrfTokenRepositoryTests {
 
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 
 	}
 
 	}
 
 
 
+	@Test
 
+	public void saveTokenWithCookieDomain() {
 
+		String domainName = "example.com";
 
+		this.repository.setCookieDomain(domainName);
 
+
 
+		CsrfToken token = this.repository.generateToken(this.request);
 
+		this.repository.saveToken(token, this.request, this.response);
 
+
 
+		Cookie tokenCookie = this.response
 
+				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
+
 
+		assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
 
+	}
 
+
 
 	@Test
 
 	@Test
 
 	public void loadTokenNoCookiesNull() {
 
 	public void loadTokenNoCookiesNull() {
 
 		assertThat(this.repository.loadToken(this.request)).isNull();
 
 		assertThat(this.repository.loadToken(this.request)).isNull();