Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-07-15 01:07:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix security test with changes in SPR-16836

Browse Source 
This commit replaces the use of a GET method by a DELETE method for
testing that the HiddenHttpMethodFilter is ordered before the security
filter. With SPR-16836 changes, only PUT DELETE and PATCH are now
allowed.
This commit is contained in:
Brian Clozel 2018-06-12 16:39:42 +02:00
parent 9d9acc92e3
commit 1b81f6f4c0
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2012-2017 the original author or authors.
* Copyright 2012-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -180,9 +180,9 @@ public class SpringBootWebSecurityConfigurationTests {
.postForEntity("http://localhost:" + port + "/", form, Object.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
// override method with GET
// override method with DELETE
form = new LinkedMultiValueMap<String, String>();
form.add("_method", "GET");
form.add("_method", "DELETE");
result = rest.postForEntity("http://localhost:" + port + "/", form, Object.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
@ -337,7 +337,8 @@ public class SpringBootWebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.POST, "/**").denyAll();
http.authorizeRequests().mvcMatchers(HttpMethod.POST, "/**").denyAll().and()
.csrf().disable();
}
}