From f794272bac625710371efbc1a7d7f7aecb55450c Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gopivotal.com>
Date: Tue, 24 Feb 2015 17:29:07 -0600
Subject: [PATCH] SEC-2832: Add Tests

---
 .../web/csrf/CsrfAuthenticationStrategyTests.java        | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index 866374142f..7bf105ad8a 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -73,8 +73,15 @@ public class CsrfAuthenticationStrategyTests {
         strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), request, response);
 
         verify(csrfTokenRepository).saveToken(null, request, response);
-        // SEC-2404
         verify(csrfTokenRepository).saveToken(eq(generatedToken), eq(request), eq(response));
+        // SEC-2404, SEC-2832
+        CsrfToken tokenInRequest = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
+        assertThat(tokenInRequest.getToken()).isSameAs(generatedToken.getToken());
+        assertThat(tokenInRequest.getHeaderName()).isSameAs(generatedToken.getHeaderName());
+        assertThat(tokenInRequest.getParameterName()).isSameAs(generatedToken.getParameterName());
+        assertThat(request.getAttribute(generatedToken.getParameterName())).isSameAs(tokenInRequest);
+    }
+
     }
 
     @Test