From adec62cdf2fd13741b9071ae5ee053adb53e6579 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Fri, 3 Nov 2017 22:54:34 -0500
Subject: [PATCH] EnableWebFluxSecurity creates CsrfRequestDataValueProcessor

Fixes gh-4762
---
 .../web/reactive/WebFluxSecurityConfiguration.java   |  7 +++++++
 .../web/reactive/EnableWebFluxSecurityTests.java     | 12 ++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 3d16b55fdf..e353582ee6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -22,9 +22,11 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainProxy;
 import org.springframework.util.ObjectUtils;
+import org.springframework.web.reactive.result.view.AbstractView;
 
 import java.util.Arrays;
 import java.util.List;
@@ -53,6 +55,11 @@ class WebFluxSecurityConfiguration {
 		return new WebFilterChainProxy(getSecurityWebFilterChains());
 	}
 
+	@Bean(name = AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME)
+	public CsrfRequestDataValueProcessor requestDataValueProcessor() {
+		return new CsrfRequestDataValueProcessor();
+	}
+
 	private List<SecurityWebFilterChain> getSecurityWebFilterChains() {
 		List<SecurityWebFilterChain> result = this.securityWebFilterChains;
 		if(ObjectUtils.isEmpty(result)) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 85eb16a3fa..db8ed3ebb9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.config.annotation.web.reactive;
 import org.junit.Rule;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportResource;
@@ -40,6 +41,7 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
+import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainProxy;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
@@ -49,6 +51,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.reactive.function.BodyInserters;
+import org.springframework.web.reactive.result.view.AbstractView;
 import reactor.core.publisher.Mono;
 
 import java.nio.charset.StandardCharsets;
@@ -151,6 +154,15 @@ public class EnableWebFluxSecurityTests {
 			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
+	@Test
+	public void requestDataValueProcessor() {
+		this.spring.register(Config.class).autowire();
+
+		ConfigurableApplicationContext context = this.spring.getContext();
+		CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME, CsrfRequestDataValueProcessor.class);
+		assertThat(rdvp).isNotNull();
+	}
+
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class Config {