diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java index b09ee4ec31..574e3a13c3 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java @@ -46,7 +46,7 @@ public interface ServerCsrfTokenRepository { * @param exchange the {@link ServerWebExchange} to use * @param token the {@link CsrfToken} to save or null to delete */ - Mono saveToken(ServerWebExchange exchange, CsrfToken token); + Mono saveToken(ServerWebExchange exchange, CsrfToken token); /** * Loads the expected {@link CsrfToken} from the {@link ServerWebExchange} diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java index da4281f858..021359272a 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java @@ -50,28 +50,29 @@ public class WebSessionServerCsrfTokenRepository @Override public Mono generateToken(ServerWebExchange exchange) { return Mono.defer(() -> Mono.just(createCsrfToken())) - .flatMap(token -> save(exchange, token)); + .flatMap(token -> saveToken(exchange, token)); } @Override - public Mono saveToken(ServerWebExchange exchange, CsrfToken token) { - return save(exchange, token) - .then(); - } - - private Mono save(ServerWebExchange exchange, CsrfToken token) { + public Mono saveToken(ServerWebExchange exchange, CsrfToken token) { return exchange.getSession() .map(WebSession::getAttributes) .flatMap( attrs -> save(attrs, token)); } private Mono save(Map attributes, CsrfToken token) { + return Mono.defer(() -> { + putToken(attributes, token); + return Mono.justOrEmpty(token); + }); + } + + private void putToken(Map attributes, CsrfToken token) { if(token == null) { attributes.remove(this.sessionAttributeName); } else { attributes.put(this.sessionAttributeName, token); } - return Mono.justOrEmpty(token); } @Override diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java index c9ed4ae708..4480f11f75 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java @@ -70,9 +70,10 @@ public class WebSessionServerCsrfTokenRepositoryTests { CsrfToken token = new DefaultCsrfToken("h","p", "t"); String attrName = "ATTR"; this.repository.setSessionAttributeName(attrName); - Mono result = this.repository.saveToken(this.exchange, token); + Mono result = this.repository.saveToken(this.exchange, token); StepVerifier.create(result) + .consumeNextWith(n -> assertThat(n).isEqualTo(token)) .verifyComplete(); WebSession session = this.exchange.getSession().block(); @@ -86,7 +87,7 @@ public class WebSessionServerCsrfTokenRepositoryTests { CsrfToken token = new DefaultCsrfToken("h","p", "t"); this.repository.saveToken(this.exchange, token).block(); - Mono result = this.repository.saveToken(this.exchange, null); + Mono result = this.repository.saveToken(this.exchange, null); StepVerifier.create(result) .verifyComplete();