root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Optimized login form - delegated CSRF token creation to thymeleaf 

Also added additional test to verify behaviour.

Fixes gh-1039
This commit is contained in:
Javier Gayoso 2014-06-05 16:11:03 +02:00 committed by Dave Syer
parent aa30fdba18
commit b7d94d1364
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-boot-samples/spring-boot-sample-web-method-security/src/main/resources/templates/login.html
View File

@ -20,14 +20,13 @@
<p th:if="${param.logout}" class="alert">You have been logged out</p>
<p th:if="${param.error}" class="alert alert-error">There was an error, please try again</p>
<h2>Login with Username and Password</h2>
<form name="form" action="/login" method="POST">
<form name="form" th:action="@{/login}" action="/login" method="POST">
<fieldset>
<input type="text" name="username" value="" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
</fieldset>
<input type="submit" id="login" value="Login"
class="btn btn-primary" /> <input type="hidden"
th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
class="btn btn-primary" />
</form>
</div>
</div>

5
spring-boot-samples/spring-boot-sample-web-secure/src/main/resources/templates/login.html
View File

@ -20,14 +20,13 @@
<p th:if="${param.logout}" class="alert">You have been logged out</p>
<p th:if="${param.error}" class="alert alert-error">There was an error, please try again</p>
<h2>Login with Username and Password</h2>
<form name="form" action="/login" method="POST">
<form name="form" th:action="@{/login}" action="/login" method="POST">
<fieldset>
<input type="text" name="username" value="" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
</fieldset>
<input type="submit" id="login" value="Login"
class="btn btn-primary" /> <input type="hidden"
th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
class="btn btn-primary" />
</form>
</div>
</div>

12
spring-boot-samples/spring-boot-sample-web-secure/src/test/java/sample/ui/secure/SampleSecureApplicationTests.java
View File

@ -69,6 +69,18 @@ public class SampleSecureApplicationTests {
entity.getHeaders().getLocation().toString().endsWith(port + "/login"));
}
@Test
public void testLoginPage() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
ResponseEntity<String> entity = new TestRestTemplate().exchange(
"http://localhost:" + this.port + "/login", HttpMethod.GET, new HttpEntity<Void>(
headers), String.class);
assertEquals(HttpStatus.OK, entity.getStatusCode());
assertTrue("Wrong content:\n" + entity.getBody(),
entity.getBody().contains("_csrf"));
}
@Test
public void testLogin() throws Exception {
HttpHeaders headers = getHeaders();