Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/pages/servlet/test/mockmvc/csrf.adoc

70 lines
1.1 KiB
Plaintext
Raw Normal View History

Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[[test-mockmvc-csrf]]
= Testing with CSRF Protection
Merge Clean up Reference Documentation Closes gh-9668
2021-12-13 16:57:36 -06:00
When testing any non-safe HTTP methods and using Spring Security's CSRF protection, you must include a valid CSRF Token in the request.
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
To specify a valid CSRF token as a request parameter use the CSRF xref:servlet/test/mockmvc/request-post-processors.adoc[`RequestPostProcessor`] like so:
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
[tabs]
======
Java::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,java,role="primary"]
----
mvc
.perform(post("/").with(csrf()))
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
Kotlin::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,kotlin,role="secondary"]
----
mvc.post("/") {
with(csrf())
}
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
======
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
Merge Clean up Reference Documentation Closes gh-9668
2021-12-13 16:57:36 -06:00
If you like, you can include CSRF token in the header instead:
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
[tabs]
======
Java::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,java,role="primary"]
----
mvc
.perform(post("/").with(csrf().asHeader()))
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
Kotlin::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,kotlin,role="secondary"]
----
mvc.post("/") {
with(csrf().asHeader())
}
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
======
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
Merge Clean up Reference Documentation Closes gh-9668
2021-12-13 16:57:36 -06:00
You can also test providing an invalid CSRF token by using the following:
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
[tabs]
======
Java::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,java,role="primary"]
----
mvc
.perform(post("/").with(csrf().useInvalidToken()))
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
Kotlin::
+
Separate Testing Servlet Docs Issue gh-10367
2021-10-29 12:34:29 -06:00
[source,kotlin,role="secondary"]
----
mvc.post("/") {
with(csrf().useInvalidToken())
}
----
Convert to Asciidoctor Tabs Closes gh-13403
2023-06-18 21:30:41 -05:00
======
Reference in New Issue Copy Permalink