Remove Explicit CSRF Config from DeferHttpSessionTests

Issue gh-11764
This commit is contained in:
Rob Winch 2022-09-22 16:15:02 -05:00
parent 617353eaa8
commit 12a0ccf6de
2 changed files with 0 additions and 13 deletions

View File

@ -32,8 +32,6 @@ import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.Mockito.never; import static org.mockito.Mockito.never;
@ -78,7 +76,6 @@ public class DeferHttpSessionJavaConfigTests {
@Bean @Bean
DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception { DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception {
CsrfTokenRepository csrfRepository = new HttpSessionCsrfTokenRepository();
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((requests) -> requests .authorizeHttpRequests((requests) -> requests
@ -86,9 +83,6 @@ public class DeferHttpSessionJavaConfigTests {
) )
.sessionManagement((sessions) -> sessions .sessionManagement((sessions) -> sessions
.requireExplicitAuthenticationStrategy(true) .requireExplicitAuthenticationStrategy(true)
)
.csrf((csrf) -> csrf
.csrfTokenRepository(csrfRepository)
); );
// @formatter:on // @formatter:on
return http.build(); return http.build();

View File

@ -29,18 +29,11 @@
<http auto-config="true" <http auto-config="true"
use-authorization-manager="true"> use-authorization-manager="true">
<intercept-url pattern="/**" access="permitAll"/> <intercept-url pattern="/**" access="permitAll"/>
<csrf token-repository-ref="csrfRepository"/>
<request-cache ref="requestCache"/> <request-cache ref="requestCache"/>
<session-management authentication-strategy-explicit-invocation="true"/> <session-management authentication-strategy-explicit-invocation="true"/>
</http> </http>
<b:bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache" <b:bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"
p:matchingRequestParameterName="continue"/> p:matchingRequestParameterName="continue"/>
<b:bean id="httpSessionCsrfRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository"/>
<b:bean id="csrfRepository" class="org.springframework.security.web.csrf.LazyCsrfTokenRepository"
c:delegate-ref="httpSessionCsrfRepository"
p:deferLoadToken="true"/>
<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRepositoryRequestHandler"
p:csrfRequestAttributeName="_csrf"/>
<b:import resource="CsrfConfigTests-shared-userservice.xml"/> <b:import resource="CsrfConfigTests-shared-userservice.xml"/>
</b:beans> </b:beans>