Constructor and Description |
---|
CsrfConfig()
Create a default
|
CsrfConfig(String csrfTokenPath) |
CsrfConfig(URI csrfTokenPath) |
CsrfConfig(URL csrfTokenPath) |
Modifier and Type | Method and Description |
---|---|
CsrfConfig |
and()
Syntactic sugar
|
CsrfConfig |
autoDetectCsrfInputFieldName()
Enable Cross-site request forgery (csrf) support by automatically trying to find the name and value of the csrf input field.
|
static CsrfConfig |
csrfConfig() |
CsrfConfig |
csrfInputFieldName(String inputFieldName)
Enable Cross-site request forgery (csrf) support by including the csrf value of the input field with the specified name.
|
CsrfConfig |
csrfTokenPath(String csrfTokenPath) |
CsrfConfig |
csrfTokenPath(URI csrfTokenPath) |
CsrfConfig |
csrfTokenPath(URL csrfTokenPath) |
String |
getCsrfInputFieldName() |
String |
getCsrfTokenPath() |
LogConfig |
getLogConfig() |
LogDetail |
getLogDetail() |
boolean |
hasCsrfInputFieldName() |
boolean |
isAutoDetectCsrfInputFieldName() |
boolean |
isCsrfEnabled() |
boolean |
isLoggingEnabled() |
boolean |
isUserConfigured() |
CsrfConfig |
loggingEnabled()
Enables logging with log level
LogDetail.ALL of the request made to csrfTokenPath(String) . |
CsrfConfig |
loggingEnabled(LogConfig logConfig)
Enables logging with log level
LogDetail.ALL of the request made to csrfTokenPath(String)
using the specified LogConfig . |
CsrfConfig |
loggingEnabled(LogDetail logDetail)
Enables logging with the supplied logDetail of the request made to
csrfTokenPath(String) . |
CsrfConfig |
loggingEnabled(LogDetail logDetail,
LogConfig logConfig)
Enables logging with the supplied log detail of the request made to
csrfTokenPath(String) using the
specified LogConfig . |
CsrfConfig |
sendCsrfTokenAsFormParam() |
CsrfConfig |
sendCsrfTokenAsHeader() |
boolean |
shouldSendCsrfTokenAsFormParam() |
CsrfConfig |
with()
Syntactic sugar.
|
public CsrfConfig()
public CsrfConfig(String csrfTokenPath)
public CsrfConfig(URI csrfTokenPath)
public CsrfConfig(URL csrfTokenPath)
public boolean isUserConfigured()
isUserConfigured
in interface Config
true
if this config instance has been explicitly configured by the user, false
if it has the default values.public boolean isCsrfEnabled()
public static CsrfConfig csrfConfig()
public CsrfConfig autoDetectCsrfInputFieldName()
csrfTokenPath
to "/login"
and the login page looks like this:
<html> <head> <title>Login</title> </head> <body> <form action="j_spring_security_check_with_csrf" method="POST"> <table> <tr> <td>User: </td> <td><input type="text" name="j_username"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="j_password"></td> </tr> <tr> <td colspan="2"><input name="submit" type="submit"/></td> </tr> </table> <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/> </form> </body> </html>The csrf field name is called
_csrf
and REST Assured will autodetect its name since the field name is the only hidden
field on this page.
If auto-detection fails you can consider using csrfInputFieldName(String)
.
Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to
be able to include in the csrf value which will slow down the tests.csrfInputFieldName(String)
public CsrfConfig csrfInputFieldName(String inputFieldName)
csrfTokenPath
to "/login"
and the login page looks like this:
<html> <head> <title>Login</title> </head> <body> <form action="j_spring_security_check_with_csrf" method="POST"> <table> <tr> <td>User: </td> <td><input type="text" name="j_username"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="j_password"></td> </tr> <tr> <td colspan="2"><input name="submit" type="submit"/></td> </tr> </table> <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/> </form> </body> </html>The csrf field name is called
_csrf
.
Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to
be able to include in the csrf value which will slow down the tests.inputFieldName
- The name of the input field containing the CSRF valueautoDetectCsrfInputFieldName()
public CsrfConfig loggingEnabled()
LogDetail.ALL
of the request made to csrfTokenPath(String)
.
Both the request and the response are logged.public CsrfConfig loggingEnabled(LogDetail logDetail)
csrfTokenPath(String)
.
Both the request and the response are logged.public CsrfConfig loggingEnabled(LogConfig logConfig)
LogDetail.ALL
of the request made to csrfTokenPath(String)
using the specified LogConfig
. Both the request and the response are logged.public CsrfConfig loggingEnabled(LogDetail logDetail, LogConfig logConfig)
csrfTokenPath(String)
using the
specified LogConfig
. Both the request and the response are logged.public CsrfConfig with()
public CsrfConfig and()
public CsrfConfig csrfTokenPath(String csrfTokenPath)
public CsrfConfig csrfTokenPath(URI csrfTokenPath)
public CsrfConfig csrfTokenPath(URL csrfTokenPath)
public CsrfConfig sendCsrfTokenAsHeader()
public CsrfConfig sendCsrfTokenAsFormParam()
public String getCsrfTokenPath()
public String getCsrfInputFieldName()
null
if undefinedpublic boolean hasCsrfInputFieldName()
true
if csrf input field name is defined or false
otherwise.public LogConfig getLogConfig()
public boolean isLoggingEnabled()
true
if logging is enabled or false
otherwise.public LogDetail getLogDetail()
null
if undefinedpublic boolean isAutoDetectCsrfInputFieldName()
true
if auto detection of csrf field name is enabled, false
otherwise.public boolean shouldSendCsrfTokenAsFormParam()
true
if the csrf token should be sent as a form param or false
if it's sent as a header.Copyright © 2010–2022. All rights reserved.