mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-25 11:48:42 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			70 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			70 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| [[test-mockmvc-csrf]]
 | |
| = Testing with CSRF Protection
 | |
| 
 | |
| When testing any non-safe HTTP methods and using Spring Security's CSRF protection, you must be sure to include a valid CSRF Token in the request.
 | |
| To specify a valid CSRF token as a request parameter use the CSRF xref:servlet/test/mockmvc/request-post-processors.adoc[`RequestPostProcessor`] like so:
 | |
| 
 | |
| [tabs]
 | |
| ======
 | |
| Java::
 | |
| +
 | |
| [source,java,role="primary"]
 | |
| ----
 | |
| mvc
 | |
| 	.perform(post("/").with(csrf()))
 | |
| ----
 | |
| 
 | |
| Kotlin::
 | |
| +
 | |
| [source,kotlin,role="secondary"]
 | |
| ----
 | |
| mvc.post("/") {
 | |
|     with(csrf())
 | |
| }
 | |
| ----
 | |
| ======
 | |
| 
 | |
| If you like you can include CSRF token in the header instead:
 | |
| 
 | |
| [tabs]
 | |
| ======
 | |
| Java::
 | |
| +
 | |
| [source,java,role="primary"]
 | |
| ----
 | |
| mvc
 | |
| 	.perform(post("/").with(csrf().asHeader()))
 | |
| ----
 | |
| 
 | |
| Kotlin::
 | |
| +
 | |
| [source,kotlin,role="secondary"]
 | |
| ----
 | |
| mvc.post("/") {
 | |
|     with(csrf().asHeader())
 | |
| }
 | |
| ----
 | |
| ======
 | |
| 
 | |
| You can also test providing an invalid CSRF token using the following:
 | |
| 
 | |
| [tabs]
 | |
| ======
 | |
| Java::
 | |
| +
 | |
| [source,java,role="primary"]
 | |
| ----
 | |
| mvc
 | |
| 	.perform(post("/").with(csrf().useInvalidToken()))
 | |
| ----
 | |
| 
 | |
| Kotlin::
 | |
| +
 | |
| [source,kotlin,role="secondary"]
 | |
| ----
 | |
| mvc.post("/") {
 | |
|     with(csrf().useInvalidToken())
 | |
| }
 | |
| ----
 | |
| ======
 |