Remove CsrfSpec.tokenFromMultipartDataEnabled
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled Closes gh-12020
This commit is contained in:
Steve Riesenberg
parent
db7732dd4a
commit
819529f5ea
|
|
@ -149,7 +149,6 @@ import org.springframework.security.web.server.context.WebSessionServerSecurityC
|
||||||
import org.springframework.security.web.server.csrf.CsrfServerLogoutHandler;
|
import org.springframework.security.web.server.csrf.CsrfServerLogoutHandler;
|
||||||
import org.springframework.security.web.server.csrf.CsrfWebFilter;
|
import org.springframework.security.web.server.csrf.CsrfWebFilter;
|
||||||
import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository;
|
import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository;
|
||||||
import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler;
|
|
||||||
import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler;
|
import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler;
|
||||||
import org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository;
|
import org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository;
|
||||||
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
|
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
|
||||||
|
|
@ -1865,22 +1864,6 @@ public class ServerHttpSecurity {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Specifies if {@link CsrfWebFilter} should try to resolve the actual CSRF token
|
|
||||||
* from the body of multipart data requests.
|
|
||||||
* @param enabled true if should read from multipart form body, else false.
|
|
||||||
* Default is false
|
|
||||||
* @return the {@link CsrfSpec} for additional configuration
|
|
||||||
* @deprecated Use
|
|
||||||
* {@link ServerCsrfTokenRequestAttributeHandler#setTokenFromMultipartDataEnabled(boolean)}
|
|
||||||
* instead
|
|
||||||
*/
|
|
||||||
@Deprecated
|
|
||||||
public CsrfSpec tokenFromMultipartDataEnabled(boolean enabled) {
|
|
||||||
this.filter.setTokenFromMultipartDataEnabled(enabled);
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Specifies a {@link ServerCsrfTokenRequestHandler} that is used to make the
|
* Specifies a {@link ServerCsrfTokenRequestHandler} that is used to make the
|
||||||
* {@code CsrfToken} available as an exchange attribute.
|
* {@code CsrfToken} available as an exchange attribute.
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
package org.springframework.security.config.web.server
|
package org.springframework.security.config.web.server
|
||||||
|
|
||||||
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
|
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
|
||||||
import org.springframework.security.web.server.csrf.CsrfWebFilter
|
|
||||||
import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
|
import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
|
||||||
import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
|
import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
|
||||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
|
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
|
||||||
|
|
@ -32,8 +31,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
|
||||||
* @property csrfTokenRepository the [ServerCsrfTokenRepository] used to persist the CSRF token.
|
* @property csrfTokenRepository the [ServerCsrfTokenRepository] used to persist the CSRF token.
|
||||||
* @property requireCsrfProtectionMatcher the [ServerWebExchangeMatcher] used to determine when CSRF protection
|
* @property requireCsrfProtectionMatcher the [ServerWebExchangeMatcher] used to determine when CSRF protection
|
||||||
* is enabled.
|
* is enabled.
|
||||||
* @property tokenFromMultipartDataEnabled if true, the [CsrfWebFilter] should try to resolve the actual CSRF
|
|
||||||
* token from the body of multipart data requests.
|
|
||||||
* @property csrfTokenRequestHandler the [ServerCsrfTokenRequestHandler] that is used to make the CSRF token
|
* @property csrfTokenRequestHandler the [ServerCsrfTokenRequestHandler] that is used to make the CSRF token
|
||||||
* available as an exchange attribute
|
* available as an exchange attribute
|
||||||
*/
|
*/
|
||||||
|
|
@ -42,8 +39,6 @@ class ServerCsrfDsl {
|
||||||
var accessDeniedHandler: ServerAccessDeniedHandler? = null
|
var accessDeniedHandler: ServerAccessDeniedHandler? = null
|
||||||
var csrfTokenRepository: ServerCsrfTokenRepository? = null
|
var csrfTokenRepository: ServerCsrfTokenRepository? = null
|
||||||
var requireCsrfProtectionMatcher: ServerWebExchangeMatcher? = null
|
var requireCsrfProtectionMatcher: ServerWebExchangeMatcher? = null
|
||||||
@Deprecated("Use 'csrfTokenRequestHandler' instead")
|
|
||||||
var tokenFromMultipartDataEnabled: Boolean? = null
|
|
||||||
var csrfTokenRequestHandler: ServerCsrfTokenRequestHandler? = null
|
var csrfTokenRequestHandler: ServerCsrfTokenRequestHandler? = null
|
||||||
|
|
||||||
private var disabled = false
|
private var disabled = false
|
||||||
|
|
@ -60,7 +55,6 @@ class ServerCsrfDsl {
|
||||||
accessDeniedHandler?.also { csrf.accessDeniedHandler(accessDeniedHandler) }
|
accessDeniedHandler?.also { csrf.accessDeniedHandler(accessDeniedHandler) }
|
||||||
csrfTokenRepository?.also { csrf.csrfTokenRepository(csrfTokenRepository) }
|
csrfTokenRepository?.also { csrf.csrfTokenRepository(csrfTokenRepository) }
|
||||||
requireCsrfProtectionMatcher?.also { csrf.requireCsrfProtectionMatcher(requireCsrfProtectionMatcher) }
|
requireCsrfProtectionMatcher?.also { csrf.requireCsrfProtectionMatcher(requireCsrfProtectionMatcher) }
|
||||||
tokenFromMultipartDataEnabled?.also { csrf.tokenFromMultipartDataEnabled(tokenFromMultipartDataEnabled!!) }
|
|
||||||
csrfTokenRequestHandler?.also { csrf.csrfTokenRequestHandler(csrfTokenRequestHandler) }
|
csrfTokenRequestHandler?.also { csrf.csrfTokenRequestHandler(csrfTokenRequestHandler) }
|
||||||
if (disabled) {
|
if (disabled) {
|
||||||
csrf.disable()
|
csrf.disable()
|
||||||
|
|
|
||||||
|
|
@ -311,7 +311,9 @@ class ServerCsrfDslTests {
|
||||||
return http {
|
return http {
|
||||||
csrf {
|
csrf {
|
||||||
csrfTokenRepository = TOKEN_REPOSITORY
|
csrfTokenRepository = TOKEN_REPOSITORY
|
||||||
tokenFromMultipartDataEnabled = true
|
csrfTokenRequestHandler = XorServerCsrfTokenRequestAttributeHandler().apply {
|
||||||
|
setTokenFromMultipartDataEnabled(true)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue