DeferredCsrfToken Implements Supplier

Closes gh-16870 Signed-off-by: Daeho Kwon <trewq231@naver.com>
2025-04-09 00:38:49 +09:00 · 2025-04-09 00:38:49 +09:00 · 9908d96644
parent 43ef4262da
commit 9908d96644
6 changed files with 13 additions and 10 deletions
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -87,7 +87,7 @@ public class SessionManagementConfigurerServlet31Tests {
 		HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
 		CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler();
 		DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, this.response);
-		handler.handle(request, this.response, deferredCsrfToken::get);
+		handler.handle(request, this.response, deferredCsrfToken);
 		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 		request.setParameter(token.getParameterName(), token.getToken());
 		request.getSession().setAttribute("attribute1", "value1");
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@ -524,7 +524,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			TestCsrfTokenRepository.enable(request);
 			MockHttpServletResponse response = new MockHttpServletResponse();
 			DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, response);
-			handler.handle(request, response, deferredCsrfToken::get);
+			handler.handle(request, response, deferredCsrfToken);
 			CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 			String tokenValue = this.useInvalidToken ? INVALID_TOKEN_VALUE : token.getToken();
 			if (this.asHeader) {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@ -164,7 +164,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 		HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
 		CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler();
 		DeferredCsrfToken deferredCsrfToken = repo.loadDeferredToken(request, response);
-		handler.handle(request, response, deferredCsrfToken::get);
+		handler.handle(request, response, deferredCsrfToken);
 		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 		MockHttpServletRequestBuilder requestWithCsrf = post("/")
 			.param(token.getParameterName(), token.getToken())
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -69,7 +69,7 @@ public final class CsrfAuthenticationStrategy implements SessionAuthenticationSt
 		if (containsToken) {
 			this.tokenRepository.saveToken(null, request, response);
 			DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response);
-			this.requestHandler.handle(request, response, deferredCsrfToken::get);
+			this.requestHandler.handle(request, response, deferredCsrfToken);
 			this.logger.debug("Replaced CSRF Token");
 		}
 	}
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -108,7 +108,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
 			throws ServletException, IOException {
 		DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response);
 		request.setAttribute(DeferredCsrfToken.class.getName(), deferredCsrfToken);
-		this.requestHandler.handle(request, response, deferredCsrfToken::get);
+		this.requestHandler.handle(request, response, deferredCsrfToken);
 		if (!this.requireCsrfProtectionMatcher.matches(request)) {
 			if (this.logger.isTraceEnabled()) {
 				this.logger.trace("Did not protect against CSRF since request did not match "
--- a/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,14 +16,17 @@
 package org.springframework.security.web.csrf;
 import java.util.function.Supplier;
 /**
 * An interface that allows delayed access to a {@link CsrfToken} that may be generated.
 *
 * @author Rob Winch
 * @author Steve Riesenberg
 * @author Daeho Kwon
 * @since 5.8
 */
-public interface DeferredCsrfToken {
+public interface DeferredCsrfToken extends Supplier<CsrfToken> {
 	/**
 	 * Gets the {@link CsrfToken}