Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 12:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check

Browse Source
This commit is contained in:
Rob Winch 2014-11-20 14:40:51 -06:00
parent c36cc88ac4
commit db66843e0b
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
View File

@ -97,7 +97,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>> extends Abst
* @return the {@link CsrfConfigurer} for further customizations
*/
public CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher) {
Assert.notNull(csrfTokenRepository, "requireCsrfProtectionMatcher cannot be null");
Assert.notNull(requireCsrfProtectionMatcher, "requireCsrfProtectionMatcher cannot be null");
this.requireCsrfProtectionMatcher = requireCsrfProtectionMatcher;
return this;
}

7
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
View File

@ -464,6 +464,13 @@ class CsrfConfigurerTests extends BaseSpringSpec {
}
}
def 'SEC-2749: requireCsrfProtectionMatcher null'() {
when:
new CsrfConfigurer<>().requireCsrfProtectionMatcher(null)
then:
thrown(IllegalArgumentException)
}
def clearCsrfToken() {
request.removeAllParameters()
}