7 年前 · 70be0f3619
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -123,7 +123,7 @@ public class CsrfWebFilter implements WebFilter {
 
				 
			
 
				 	private Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
			
 
				 		return this.csrfTokenRepository.generateToken(exchange)
			
 
				-			.flatMap(token -> this.csrfTokenRepository.saveToken(exchange, token));
			
 
				+			.delayUntil(token -> this.csrfTokenRepository.saveToken(exchange, token));
			
 
				 	}
			
 
				 
			
 
				 	private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher {
			
--- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
@@ -46,7 +46,7 @@ public interface ServerCsrfTokenRepository {
 
				 	 * @param exchange the {@link ServerWebExchange} to use
			
 
				 	 * @param token the {@link CsrfToken} to save or null to delete
			
 
				 	 */
			
 
				-	Mono<CsrfToken> saveToken(ServerWebExchange exchange, CsrfToken token);
			
 
				+	Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token);
			
 
				 
			
 
				 	/**
			
 
				 	 * Loads the expected {@link CsrfToken} from the {@link ServerWebExchange}
			
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -52,15 +52,14 @@ public class WebSessionServerCsrfTokenRepository
 
				 	}
			
 
				 
			
 
				 	@Override
			
 
				-	public Mono<CsrfToken> saveToken(ServerWebExchange exchange, CsrfToken token) {
			
 
				+	public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
			
 
				 		return exchange.getSession()
			
 
				 			.doOnNext(session -> putToken(session.getAttributes(), token))
			
 
				-			.flatMap(session -> session.changeSessionId())
			
 
				-			.then(Mono.justOrEmpty(token));
			
 
				+			.flatMap(session -> session.changeSessionId());
			
 
				 	}
			
 
				 
			
 
				 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
			
 
				-		if(token == null) {
			
 
				+		if (token == null) {
			
 
				 			attributes.remove(this.sessionAttributeName);
			
 
				 		} else {
			
 
				 			attributes.put(this.sessionAttributeName, token);
			
--- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
@@ -78,7 +78,7 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 
				 	public void saveTokenWhenNullThenDeletes() {
			
 
				 		CsrfToken token = this.repository.generateToken(this.exchange).block();
			
 
				 
			
 
				-		Mono<CsrfToken> result = this.repository.saveToken(this.exchange, null);
			
 
				+		Mono<Void> result = this.repository.saveToken(this.exchange, null);
			
 
				 		StepVerifier.create(result)
			
 
				 			.verifyComplete();