Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Remove Explicit CSRF Config from DeferHttpSessionTests

Issue gh-11764
Rob Winch 2 yıl önce
ebeveyn
617353eaa8
işleme
12a0ccf6de
2 değiştirilmiş dosya ile 0 ekleme ve 13 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 0 6
      config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
  2. 0 7
      config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml

+ 0 - 6
config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
Dosyayı Görüntüle 

@@ -32,8 +32,6 @@ import org.springframework.security.config.test.SpringTestContext;
 
 import org.springframework.security.config.test.SpringTestContextExtension;
 
 import org.springframework.security.web.DefaultSecurityFilterChain;
 
 import org.springframework.security.web.FilterChainProxy;
 
-import org.springframework.security.web.csrf.CsrfTokenRepository;
 
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
 
 import static org.mockito.ArgumentMatchers.anyBoolean;
 
 import static org.mockito.Mockito.never;
 
@@ -78,7 +76,6 @@ public class DeferHttpSessionJavaConfigTests {
 
 
 		@Bean
 
 		DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception {
 
-			CsrfTokenRepository csrfRepository = new HttpSessionCsrfTokenRepository();
 
 			// @formatter:off
 
 			http
 
 				.authorizeHttpRequests((requests) -> requests
 
@@ -86,9 +83,6 @@ public class DeferHttpSessionJavaConfigTests {
 
 				)
 
 				.sessionManagement((sessions) -> sessions
 
 					.requireExplicitAuthenticationStrategy(true)
 
-				)
 
-				.csrf((csrf) -> csrf
 
-					.csrfTokenRepository(csrfRepository)
 
 				);
 
 			// @formatter:on
 
 			return http.build();

+ 0 - 7
config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
Dosyayı Görüntüle 

@@ -29,18 +29,11 @@
 
 	<http auto-config="true"
 
 			use-authorization-manager="true">
 
 		<intercept-url  pattern="/**" access="permitAll"/>
 
-		<csrf token-repository-ref="csrfRepository"/>
 
 		<request-cache ref="requestCache"/>
 
 		<session-management authentication-strategy-explicit-invocation="true"/>
 
 	</http>
 
 
 	<b:bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"
 
 		p:matchingRequestParameterName="continue"/>
 
-	<b:bean id="httpSessionCsrfRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository"/>
 
-	<b:bean id="csrfRepository" class="org.springframework.security.web.csrf.LazyCsrfTokenRepository"
 
-		c:delegate-ref="httpSessionCsrfRepository"
 
-	 	p:deferLoadToken="true"/>
 
-	<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRepositoryRequestHandler"
 
-		p:csrfRequestAttributeName="_csrf"/>
 
 	<b:import resource="CsrfConfigTests-shared-userservice.xml"/>
 
 </b:beans>