Modifier and Type | Class and Description |
---|---|
static class |
CsrfConfig.CsrfPrioritization
Defines how REST Assured should prioritize form vs header csrf tokens if both are present in the response page.
|
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_CSRF_HEADER_NAME |
static String |
DEFAULT_CSRF_INPUT_FIELD_NAME |
static String |
DEFAULT_CSRF_META_TAG_NAME |
Constructor and Description |
---|
CsrfConfig()
Create a default
|
CsrfConfig(String csrfTokenPath) |
CsrfConfig(URI csrfTokenPath) |
CsrfConfig(URL csrfTokenPath) |
Modifier and Type | Method and Description |
---|---|
CsrfConfig |
and()
Syntactic sugar
|
static CsrfConfig |
csrfConfig() |
CsrfConfig |
csrfHeaderName(String csrfHeaderName)
Specify the name of the header that REST Assured will send the CSRF token if REST Assured detects that it should send the token in a header.
|
CsrfConfig |
csrfInputFieldName(String inputFieldName)
Enable Cross-site request forgery (csrf) support by including the csrf value of the input field with the specified name.
|
CsrfConfig |
csrfMetaTagName(String csrfMetaTagName)
Enable Cross-site request forgery (csrf) support by including the csrf token specified in a meta tag as a header.
|
CsrfConfig |
csrfPrioritization(CsrfConfig.CsrfPrioritization csrfPrioritization)
Defines how REST Assured should prioritize form vs header csrf tokens if both are present in the response page.
|
CsrfConfig |
csrfTokenPath(String csrfTokenPath) |
CsrfConfig |
csrfTokenPath(URI csrfTokenPath) |
CsrfConfig |
csrfTokenPath(URL csrfTokenPath) |
String |
getCsrfHeaderName() |
String |
getCsrfInputFieldName() |
String |
getCsrfMetaTagName() |
CsrfConfig.CsrfPrioritization |
getCsrfPrioritization()
Get the configured
CsrfConfig.CsrfPrioritization strategy |
String |
getCsrfTokenPath() |
LogConfig |
getLogConfig() |
LogDetail |
getLogDetail() |
boolean |
isCsrfEnabled() |
boolean |
isCsrfPrioritization(CsrfConfig.CsrfPrioritization csrfPrioritization)
Check if the
CsrfConfig.CsrfPrioritization is equal to the supplied csrfPrioritization . |
boolean |
isLoggingEnabled() |
boolean |
isUserConfigured() |
CsrfConfig |
loggingEnabled()
Enables logging with log level
LogDetail.ALL of the request made to csrfTokenPath(String) . |
CsrfConfig |
loggingEnabled(LogConfig logConfig)
Enables logging with log level
LogDetail.ALL of the request made to csrfTokenPath(String)
using the specified LogConfig . |
CsrfConfig |
loggingEnabled(LogDetail logDetail)
Enables logging with the supplied logDetail of the request made to
csrfTokenPath(String) . |
CsrfConfig |
loggingEnabled(LogDetail logDetail,
LogConfig logConfig)
Enables logging with the supplied log detail of the request made to
csrfTokenPath(String) using the
specified LogConfig . |
CsrfConfig |
with()
Syntactic sugar.
|
public static final String DEFAULT_CSRF_HEADER_NAME
public static final String DEFAULT_CSRF_INPUT_FIELD_NAME
public static final String DEFAULT_CSRF_META_TAG_NAME
public CsrfConfig()
public CsrfConfig(String csrfTokenPath)
public CsrfConfig(URI csrfTokenPath)
public CsrfConfig(URL csrfTokenPath)
public boolean isUserConfigured()
isUserConfigured
in interface Config
true
if this config instance has been explicitly configured by the user, false
if it has the default values.public boolean isCsrfEnabled()
public static CsrfConfig csrfConfig()
public CsrfConfig csrfMetaTagName(String csrfMetaTagName)
csrfTokenPath
to "/login"
and the login page looks like this:
<html> <head> <title>Login</title> <meta name="_csrf_header" content="ab8722b1-1f23-4dcf-bf63-fb8b94be4107"/> </head> <body> .. </body> </html>The csrf meta tag name is called
_csrf_header
(which is the default meta tag name used by REST Assured). If the server returns a different name
you can specify it with this method. REST Assured will then send the CSRF token as a header with name csrfHeaderName
(default "X-CSRF-TOKEN").
Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to
be able to include in the csrf value which will slow down the tests.csrfMetaTagName
- The name of the meta tag containing the CSRF tokencsrfHeaderName
public CsrfConfig csrfInputFieldName(String inputFieldName)
csrfTokenPath
to "/login"
and the login page looks like this:
<html> <head> <title>Login</title> </head> <body> <form action="j_spring_security_check_with_csrf" method="POST"> <table> <tr> <td>User: </td> <td><input type="text" name="j_username"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="j_password"></td> </tr> <tr> <td colspan="2"><input name="submit" type="submit"/></td> </tr> </table> <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/> </form> </body> </html>The csrf field name is called
_csrf
(which is the default input field name used by REST Assured).
Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to
be able to include in the csrf value which will slow down the tests.inputFieldName
- The name of the input field containing the CSRF tokenpublic CsrfConfig loggingEnabled()
LogDetail.ALL
of the request made to csrfTokenPath(String)
.
Both the request and the response are logged.public CsrfConfig loggingEnabled(LogDetail logDetail)
csrfTokenPath(String)
.
Both the request and the response are logged.public CsrfConfig loggingEnabled(LogConfig logConfig)
LogDetail.ALL
of the request made to csrfTokenPath(String)
using the specified LogConfig
. Both the request and the response are logged.public CsrfConfig loggingEnabled(LogDetail logDetail, LogConfig logConfig)
csrfTokenPath(String)
using the
specified LogConfig
. Both the request and the response are logged.public CsrfConfig csrfHeaderName(String csrfHeaderName)
<meta>
tag (in the <head>
) with the name specified by csrfMetaTagName
(default is "_csrf_header").
If this meta tag exist, REST Assured will send the CSRF token in the header.csrfHeaderName
- The name of the header that'll convey the CSRF token to the server, default is "X-CSRF-TOKEN".csrfMetaTagName(String)
public CsrfConfig with()
public CsrfConfig and()
public CsrfConfig.CsrfPrioritization getCsrfPrioritization()
CsrfConfig.CsrfPrioritization
strategypublic boolean isCsrfPrioritization(CsrfConfig.CsrfPrioritization csrfPrioritization)
CsrfConfig.CsrfPrioritization
is equal to the supplied csrfPrioritization
.true
if match, false
otherwise.public CsrfConfig csrfPrioritization(CsrfConfig.CsrfPrioritization csrfPrioritization)
CsrfConfig.CsrfPrioritization.HEADER
.csrfPrioritization
- The csrf prioritizationpublic CsrfConfig csrfTokenPath(String csrfTokenPath)
public CsrfConfig csrfTokenPath(URI csrfTokenPath)
public CsrfConfig csrfTokenPath(URL csrfTokenPath)
public String getCsrfTokenPath()
public String getCsrfMetaTagName()
public String getCsrfHeaderName()
public String getCsrfInputFieldName()
null
if undefinedpublic LogConfig getLogConfig()
public boolean isLoggingEnabled()
true
if logging is enabled or false
otherwise.public LogDetail getLogDetail()
null
if undefinedCopyright © 2010–2023. All rights reserved.