2021-10-29 10:09:04 -06:00
|
|
|
= Testing with CSRF
|
|
|
|
|
|
2021-12-13 16:57:36 -06:00
|
|
|
Spring Security also provides support for CSRF testing with `WebTestClient` -- for example:
|
2021-10-29 10:09:04 -06:00
|
|
|
|
2023-06-18 21:30:41 -05:00
|
|
|
[tabs]
|
|
|
|
|
======
|
|
|
|
|
Java::
|
|
|
|
|
+
|
2021-10-29 10:09:04 -06:00
|
|
|
[source,java,role="primary"]
|
|
|
|
|
----
|
2023-04-11 09:56:19 -03:00
|
|
|
import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
|
|
|
|
|
|
2021-10-29 10:09:04 -06:00
|
|
|
this.rest
|
|
|
|
|
// provide a valid CSRF token
|
|
|
|
|
.mutateWith(csrf())
|
|
|
|
|
.post()
|
|
|
|
|
.uri("/login")
|
|
|
|
|
...
|
|
|
|
|
----
|
|
|
|
|
|
2023-06-18 21:30:41 -05:00
|
|
|
Kotlin::
|
|
|
|
|
+
|
2021-10-29 10:09:04 -06:00
|
|
|
[source,kotlin,role="secondary"]
|
|
|
|
|
----
|
2023-04-11 09:56:19 -03:00
|
|
|
import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf
|
|
|
|
|
|
2021-10-29 10:09:04 -06:00
|
|
|
this.rest
|
|
|
|
|
// provide a valid CSRF token
|
|
|
|
|
.mutateWith(csrf())
|
|
|
|
|
.post()
|
|
|
|
|
.uri("/login")
|
|
|
|
|
...
|
|
|
|
|
----
|
2023-06-18 21:30:41 -05:00
|
|
|
======
|
