mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Fix security test with changes in SPR-16836
This commit replaces the use of a GET method by a DELETE method for testing that the HiddenHttpMethodFilter is ordered before the security filter. With SPR-16836 changes, only PUT DELETE and PATCH are now allowed.
This commit is contained in:
parent
9d9acc92e3
commit
1b81f6f4c0
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -180,9 +180,9 @@ public class SpringBootWebSecurityConfigurationTests {
|
||||
.postForEntity("http://localhost:" + port + "/", form, Object.class);
|
||||
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
|
||||
|
||||
// override method with GET
|
||||
// override method with DELETE
|
||||
form = new LinkedMultiValueMap<String, String>();
|
||||
form.add("_method", "GET");
|
||||
form.add("_method", "DELETE");
|
||||
|
||||
result = rest.postForEntity("http://localhost:" + port + "/", form, Object.class);
|
||||
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
|
||||
@ -337,7 +337,8 @@ public class SpringBootWebSecurityConfigurationTests {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().antMatchers(HttpMethod.POST, "/**").denyAll();
|
||||
http.authorizeRequests().mvcMatchers(HttpMethod.POST, "/**").denyAll().and()
|
||||
.csrf().disable();
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user