Remove Explicit CSRF Config from DeferHttpSessionTests

rwinch · rwinch · commit 12a0ccf6de9c · 2022-09-30T21:49:04.000-05:00
Issue gh-11764
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
@@ -32,8 +32,6 @@
 import org.springframework.security.config.test.SpringTestContextExtension;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.csrf.CsrfTokenRepository;
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.Mockito.never;
@@ -78,17 +76,13 @@ Service service() {
 
 		@Bean
 		DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception {
-			CsrfTokenRepository csrfRepository = new HttpSessionCsrfTokenRepository();
 			// @formatter:off
 			http
 				.authorizeHttpRequests((requests) -> requests
 					.anyRequest().permitAll()
 				)
 				.sessionManagement((sessions) -> sessions
 					.requireExplicitAuthenticationStrategy(true)
-				)
-				.csrf((csrf) -> csrf
-					.csrfTokenRepository(csrfRepository)
 				);
 			// @formatter:on
 			return http.build();
diff --git a/config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml b/config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
@@ -29,18 +29,11 @@
 	<http auto-config="true"
 			use-authorization-manager="true">
 		<intercept-url  pattern="/**" access="permitAll"/>
-		<csrf token-repository-ref="csrfRepository"/>
 		<request-cache ref="requestCache"/>
 		<session-management authentication-strategy-explicit-invocation="true"/>
 	</http>
 
 	<b:bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"
 		p:matchingRequestParameterName="continue"/>
-	<b:bean id="httpSessionCsrfRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository"/>
-	<b:bean id="csrfRepository" class="org.springframework.security.web.csrf.LazyCsrfTokenRepository"
-		c:delegate-ref="httpSessionCsrfRepository"
-	 	p:deferLoadToken="true"/>
-	<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRepositoryRequestHandler"
-		p:csrfRequestAttributeName="_csrf"/>
 	<b:import resource="CsrfConfigTests-shared-userservice.xml"/>
 </b:beans>
