2021-10-30 00:09:04 +08:00
|
|
|
= Testing with CSRF
|
|
|
|
|
|
2021-12-14 06:57:36 +08:00
|
|
|
Spring Security also provides support for CSRF testing with `WebTestClient` -- for example:
|
2021-10-30 00:09:04 +08:00
|
|
|
|
2023-06-19 10:30:41 +08:00
|
|
|
[tabs]
|
|
|
|
|
======
|
|
|
|
|
Java::
|
|
|
|
|
+
|
2021-10-30 00:09:04 +08:00
|
|
|
[source,java,role="primary"]
|
|
|
|
|
----
|
2023-04-11 20:56:19 +08:00
|
|
|
import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
|
|
|
|
|
|
2021-10-30 00:09:04 +08:00
|
|
|
this.rest
|
|
|
|
|
// provide a valid CSRF token
|
|
|
|
|
.mutateWith(csrf())
|
|
|
|
|
.post()
|
|
|
|
|
.uri("/login")
|
|
|
|
|
...
|
|
|
|
|
----
|
|
|
|
|
|
2023-06-19 10:30:41 +08:00
|
|
|
Kotlin::
|
|
|
|
|
+
|
2021-10-30 00:09:04 +08:00
|
|
|
[source,kotlin,role="secondary"]
|
|
|
|
|
----
|
2023-04-11 20:56:19 +08:00
|
|
|
import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf
|
|
|
|
|
|
2021-10-30 00:09:04 +08:00
|
|
|
this.rest
|
|
|
|
|
// provide a valid CSRF token
|
|
|
|
|
.mutateWith(csrf())
|
|
|
|
|
.post()
|
|
|
|
|
.uri("/login")
|
|
|
|
|
...
|
|
|
|
|
----
|
2023-06-19 10:30:41 +08:00
|
|
|
======
|
