| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- [[test-mockmvc-csrf]]
- = Testing with CSRF Protection
- When testing any non-safe HTTP methods and using Spring Security's CSRF protection, you must be sure to include a valid CSRF Token in the request.
- To specify a valid CSRF token as a request parameter use the CSRF xref:servlet/test/mockmvc/request-post-processors.adoc[`RequestPostProcessor`] like so:
- [tabs]
- ======
- Java::
- +
- [source,java,role="primary"]
- ----
- mvc
- .perform(post("/").with(csrf()))
- ----
- Kotlin::
- +
- [source,kotlin,role="secondary"]
- ----
- mvc.post("/") {
- with(csrf())
- }
- ----
- ======
- If you like you can include CSRF token in the header instead:
- [tabs]
- ======
- Java::
- +
- [source,java,role="primary"]
- ----
- mvc
- .perform(post("/").with(csrf().asHeader()))
- ----
- Kotlin::
- +
- [source,kotlin,role="secondary"]
- ----
- mvc.post("/") {
- with(csrf().asHeader())
- }
- ----
- ======
- You can also test providing an invalid CSRF token using the following:
- [tabs]
- ======
- Java::
- +
- [source,java,role="primary"]
- ----
- mvc
- .perform(post("/").with(csrf().useInvalidToken()))
- ----
- Kotlin::
- +
- [source,kotlin,role="secondary"]
- ----
- mvc.post("/") {
- with(csrf().useInvalidToken())
- }
- ----
- ======
|
