diff --git a/docs/manual/src/asciidoc/index.adoc b/docs/manual/src/asciidoc/index.adoc index 4ac8667d4b..af719e7893 100644 --- a/docs/manual/src/asciidoc/index.adoc +++ b/docs/manual/src/asciidoc/index.adoc @@ -3139,7 +3139,7 @@ The last step is to ensure that you include the CSRF token in all PATCH, POST, P ---- -An easier approach is to use <> from the Spring Security JSP tag library. +An easier approach is to use <> from the Spring Security JSP tag library. [NOTE] ==== @@ -5037,17 +5037,17 @@ The permissions are passed to the `PermissionFactory` defined in the application This tag also supports the `var` attribute, in the same way as the `authorize` tag. -=== The csrfField Tag +=== The csrfInput Tag If CSRF protection is enabled, this tag inserts a hidden form field with the correct name and value for the CSRF protection token. If CSRF protection is not enabled, this tag outputs nothing. -Normally Spring Security automatically inserts a CSRF form field for any `` tags you use, but if for some reason you cannot use ``, `csrfField` is a handy replacement. +Normally Spring Security automatically inserts a CSRF form field for any `` tags you use, but if for some reason you cannot use ``, `csrfInput` is a handy replacement. You should place this tag within an HTML `
` block, where you would normally place other input fields. Do NOT place this tag within a Spring `` block—Spring Security handles Spring forms automatically. [source,xml] ----
- + Name:
... diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java index e2830b83fa..3207da069e 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java @@ -25,10 +25,10 @@ import java.io.IOException; /** * An abstract tag for handling CSRF operations. * - * @since 3.2.1 + * @since 3.2.2 * @author Nick Williams */ -public abstract class AbstractCsrfTag extends TagSupport { +abstract class AbstractCsrfTag extends TagSupport { @Override public int doEndTag() throws JspException { diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/FormFieldTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java similarity index 91% rename from taglibs/src/main/java/org/springframework/security/taglibs/csrf/FormFieldTag.java rename to taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java index 9bda7ff9da..ece93703df 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/FormFieldTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java @@ -22,14 +22,14 @@ import org.springframework.security.web.csrf.CsrfToken; * A JSP tag that prints out a hidden form field for the CSRF token. See the JSP Tab Library documentation for more * information. * - * @since 3.2.1 + * @since 3.2.2 * @author Nick Williams */ -public class FormFieldTag extends AbstractCsrfTag { +public class CsrfInputTag extends AbstractCsrfTag { @Override public String handleToken(CsrfToken token) { return "\n"; + "\" />"; } } diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/MetaTagsTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java similarity index 78% rename from taglibs/src/main/java/org/springframework/security/taglibs/csrf/MetaTagsTag.java rename to taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java index a8a54e546e..6ee553f52e 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/MetaTagsTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java @@ -22,15 +22,15 @@ import org.springframework.security.web.csrf.CsrfToken; * A JSP tag that prints out a meta tags holding the CSRF form field name and token value for use in JavaScrip code. * See the JSP Tab Library documentation for more information. * - * @since 3.2.1 + * @since 3.2.2 * @author Nick Williams */ -public class MetaTagsTag extends AbstractCsrfTag { +public class CsrfMetaTagsTag extends AbstractCsrfTag { @Override public String handleToken(CsrfToken token) { - return "\n" + - " \n" + - " \n"; + return "" + + "" + + ""; } } diff --git a/taglibs/src/main/resources/META-INF/security.tld b/taglibs/src/main/resources/META-INF/security.tld index 970d9a7e95..8edd47ed0b 100644 --- a/taglibs/src/main/resources/META-INF/security.tld +++ b/taglibs/src/main/resources/META-INF/security.tld @@ -200,8 +200,8 @@ where you would normally place other s. Do NOT place this tag within a Spring block—Spring Security handles Spring forms automatically. ]]> - csrfField - org.springframework.security.taglibs.csrf.FormFieldTag + csrfInput + org.springframework.security.taglibs.csrf.CsrfInputTag empty @@ -218,7 +218,7 @@ tag outputs nothing. ]]> csrfMetaTags - org.springframework.security.taglibs.csrf.MetaTagsTag + org.springframework.security.taglibs.csrf.CsrfMetaTagsTag empty diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java index df12614a45..06a51bd5ec 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java @@ -36,9 +36,9 @@ public class AbstractCsrfTagTests { } @Test - public void testDoEndTag01() throws JspException, UnsupportedEncodingException { + public void noCsrfDoesNotRender() throws JspException, UnsupportedEncodingException { - this.tag.handleReturn = "fooBarBazQux"; + this.tag.handleReturn = "shouldNotBeRendered"; int returned = this.tag.doEndTag(); @@ -47,7 +47,7 @@ public class AbstractCsrfTagTests { } @Test - public void testDoEndTag02() throws JspException, UnsupportedEncodingException { + public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); @@ -62,7 +62,7 @@ public class AbstractCsrfTagTests { } @Test - public void testDoEndTag03() throws JspException, UnsupportedEncodingException { + public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/FormFieldTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java similarity index 80% rename from taglibs/src/test/java/org/springframework/security/taglibs/csrf/FormFieldTagTests.java rename to taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java index a382db22b4..24efd68c51 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/FormFieldTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java @@ -10,36 +10,36 @@ import static org.junit.Assert.*; /** * @author Nick Williams */ -public class FormFieldTagTests { +public class CsrfInputTagTests { - public FormFieldTag tag; + public CsrfInputTag tag; @Before public void setUp() { - this.tag = new FormFieldTag(); + this.tag = new CsrfInputTag(); } @Test - public void testHandleToken01() { + public void handleTokenReturnsHiddenInput() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); String value = this.tag.handleToken(token); assertNotNull("The returned value should not be null.", value); assertEquals("The output is not correct.", - "\n", + "", value); } @Test - public void testHandleToken() { + public void handleTokenReturnsHiddenInputDifferentTokenValue() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux"); String value = this.tag.handleToken(token); assertNotNull("The returned value should not be null.", value); assertEquals("The output is not correct.", - "\n", + "", value); } } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/MetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java similarity index 65% rename from taglibs/src/test/java/org/springframework/security/taglibs/csrf/MetaTagsTagTests.java rename to taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java index eefbbb14a9..798b960af1 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/MetaTagsTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java @@ -10,40 +10,40 @@ import static org.junit.Assert.*; /** * @author Nick Williams */ -public class MetaTagsTagTests { +public class CsrfMetaTagsTagTests { - public MetaTagsTag tag; + public CsrfMetaTagsTag tag; @Before public void setUp() { - this.tag = new MetaTagsTag(); + this.tag = new CsrfMetaTagsTag(); } @Test - public void testHandleToken01() { + public void handleTokenRendersTags() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); String value = this.tag.handleToken(token); assertNotNull("The returned value should not be null.", value); assertEquals("The output is not correct.", - "\n" + - " \n" + - " \n", + "" + + "" + + "", value); } @Test - public void testHandleToken02() { + public void handleTokenRendersTagsDifferentToken() { CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux"); String value = this.tag.handleToken(token); assertNotNull("The returned value should not be null.", value); assertEquals("The output is not correct.", - "\n" + - " \n" + - " \n", + "" + + "" + + "", value); } }