2 жил өмнө · 819529f5ea
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -149,7 +149,6 @@ import org.springframework.security.web.server.context.WebSessionServerSecurityC
 
				 import org.springframework.security.web.server.csrf.CsrfServerLogoutHandler;
			
 
				 import org.springframework.security.web.server.csrf.CsrfWebFilter;
			
 
				 import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository;
			
 
				-import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler;
			
 
				 import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler;
			
 
				 import org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository;
			
 
				 import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
			
@@ -1865,22 +1864,6 @@ public class ServerHttpSecurity {
 
				 			return this;
			
 
				 		}
			
 
				 
			
 
				-		/**
			
 
				-		 * Specifies if {@link CsrfWebFilter} should try to resolve the actual CSRF token
			
 
				-		 * from the body of multipart data requests.
			
 
				-		 * @param enabled true if should read from multipart form body, else false.
			
 
				-		 * Default is false
			
 
				-		 * @return the {@link CsrfSpec} for additional configuration
			
 
				-		 * @deprecated Use
			
 
				-		 * {@link ServerCsrfTokenRequestAttributeHandler#setTokenFromMultipartDataEnabled(boolean)}
			
 
				-		 * instead
			
 
				-		 */
			
 
				-		@Deprecated
			
 
				-		public CsrfSpec tokenFromMultipartDataEnabled(boolean enabled) {
			
 
				-			this.filter.setTokenFromMultipartDataEnabled(enabled);
			
 
				-			return this;
			
 
				-		}
			
 
				-
			
 
				 		/**
			
 
				 		 * Specifies a {@link ServerCsrfTokenRequestHandler} that is used to make the
			
 
				 		 * {@code CsrfToken} available as an exchange attribute.
			
--- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt
@@ -17,7 +17,6 @@
 
				 package org.springframework.security.config.web.server
			
 
				 
			
 
				 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
			
 
				-import org.springframework.security.web.server.csrf.CsrfWebFilter
			
 
				 import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
			
 
				 import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
			
 
				 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
			
@@ -32,8 +31,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 
				  * @property csrfTokenRepository the [ServerCsrfTokenRepository] used to persist the CSRF token.
			
 
				  * @property requireCsrfProtectionMatcher the [ServerWebExchangeMatcher] used to determine when CSRF protection
			
 
				  * is enabled.
			
 
				- * @property tokenFromMultipartDataEnabled if true, the [CsrfWebFilter] should try to resolve the actual CSRF
			
 
				- * token from the body of multipart data requests.
			
 
				  * @property csrfTokenRequestHandler the  [ServerCsrfTokenRequestHandler] that is used to make the CSRF token
			
 
				  * available as an exchange attribute
			
 
				  */
			
@@ -42,8 +39,6 @@ class ServerCsrfDsl {
 
				     var accessDeniedHandler: ServerAccessDeniedHandler? = null
			
 
				     var csrfTokenRepository: ServerCsrfTokenRepository? = null
			
 
				     var requireCsrfProtectionMatcher: ServerWebExchangeMatcher? = null
			
 
				-    @Deprecated("Use 'csrfTokenRequestHandler' instead")
			
 
				-    var tokenFromMultipartDataEnabled: Boolean? = null
			
 
				     var csrfTokenRequestHandler: ServerCsrfTokenRequestHandler? = null
			
 
				 
			
 
				     private var disabled = false
			
@@ -60,7 +55,6 @@ class ServerCsrfDsl {
 
				             accessDeniedHandler?.also { csrf.accessDeniedHandler(accessDeniedHandler) }
			
 
				             csrfTokenRepository?.also { csrf.csrfTokenRepository(csrfTokenRepository) }
			
 
				             requireCsrfProtectionMatcher?.also { csrf.requireCsrfProtectionMatcher(requireCsrfProtectionMatcher) }
			
 
				-            tokenFromMultipartDataEnabled?.also { csrf.tokenFromMultipartDataEnabled(tokenFromMultipartDataEnabled!!) }
			
 
				             csrfTokenRequestHandler?.also { csrf.csrfTokenRequestHandler(csrfTokenRequestHandler) }
			
 
				             if (disabled) {
			
 
				                 csrf.disable()
			
--- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
@@ -311,7 +311,9 @@ class ServerCsrfDslTests {
 
				             return http {
			
 
				                 csrf {
			
 
				                     csrfTokenRepository = TOKEN_REPOSITORY
			
 
				-                    tokenFromMultipartDataEnabled = true
			
 
				+                    csrfTokenRequestHandler = XorServerCsrfTokenRequestAttributeHandler().apply {
			
 
				+                        setTokenFromMultipartDataEnabled(true)
			
 
				+                    }
			
 
				                 }
			
 
				             }
			
 
				         }