From 6eca76631e16964cd730b539081e8e543e6afe0c Mon Sep 17 00:00:00 2001 From: milaneuh Date: Tue, 14 Nov 2023 15:36:53 +0100 Subject: [PATCH 1/2] Remove deprecated methods from CookieServerCsrfTokenRepository --- .../web/csrf/CookieCsrfTokenRepository.java | 36 ------------------- .../csrf/CookieCsrfTokenRepositoryTests.java | 14 ++++---- 2 files changed, 7 insertions(+), 43 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java index 546ccd94d0b..da7f0f09399 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java @@ -169,14 +169,6 @@ public void setCookieName(String cookieName) { this.cookieName = cookieName; } - /** - * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead. - */ - @Deprecated(since = "6.1") - public void setCookieHttpOnly(boolean cookieHttpOnly) { - this.cookieHttpOnly = cookieHttpOnly; - } - private String getRequestContext(HttpServletRequest request) { String contextPath = request.getContextPath(); return (contextPath.length() > 0) ? contextPath : "/"; @@ -230,32 +222,4 @@ public String getCookiePath() { return this.cookiePath; } - /** - * @since 5.2 - * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead. - */ - @Deprecated(since = "6.1") - public void setCookieDomain(String cookieDomain) { - this.cookieDomain = cookieDomain; - } - - /** - * @since 5.4 - * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead. - */ - @Deprecated(since = "6.1") - public void setSecure(Boolean secure) { - this.secure = secure; - } - - /** - * @since 5.5 - * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead. - */ - @Deprecated(since = "6.1") - public void setCookieMaxAge(int cookieMaxAge) { - Assert.isTrue(cookieMaxAge != 0, "cookieMaxAge cannot be zero"); - this.cookieMaxAge = cookieMaxAge; - } - } diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java index bc2088e53c2..1f88a2042a8 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java @@ -112,7 +112,7 @@ void saveTokenSecure() { @Test void saveTokenSecureFlagTrue() { this.request.setSecure(false); - this.repository.setSecure(Boolean.TRUE); + this.repository.setCookieCustomizer((cookie)-> cookie.secure(Boolean.TRUE)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -132,7 +132,7 @@ void saveTokenSecureFlagTrueUsingCustomizer() { @Test void saveTokenSecureFlagFalse() { this.request.setSecure(true); - this.repository.setSecure(Boolean.FALSE); + this.repository.setCookieCustomizer((cookie)-> cookie.secure(Boolean.FALSE)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -163,7 +163,7 @@ void saveTokenNull() { @Test void saveTokenHttpOnlyTrue() { - this.repository.setCookieHttpOnly(true); + this.repository.setCookieCustomizer((cookie) -> cookie.httpOnly(true)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -181,7 +181,7 @@ void saveTokenHttpOnlyTrueUsingCustomizer() { @Test void saveTokenHttpOnlyFalse() { - this.repository.setCookieHttpOnly(false); + this.repository.setCookieCustomizer((cookie) -> cookie.httpOnly(false)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -239,7 +239,7 @@ void saveTokenNullCustomPath() { @Test void saveTokenWithCookieDomain() { String domainName = "example.com"; - this.repository.setCookieDomain(domainName); + this.repository.setCookieCustomizer((cookie) -> cookie.domain(domainName)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -259,7 +259,7 @@ void saveTokenWithCookieDomainUsingCustomizer() { @Test void saveTokenWithCookieMaxAge() { int maxAge = 1200; - this.repository.setCookieMaxAge(maxAge); + this.repository.setCookieCustomizer((cookie) -> cookie.maxAge(maxAge)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -506,7 +506,7 @@ void setHeaderNameNullIllegalArgumentException() { @Test void setCookieMaxAgeZeroIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0)); + assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieCustomizer((cookie) -> cookie.maxAge(0))); } } From 4cca6129a0a568601aa459ff365ba30bcee8e8c2 Mon Sep 17 00:00:00 2001 From: Rob Winch <362503+rwinch@users.noreply.github.com> Date: Wed, 7 May 2025 10:19:05 -0500 Subject: [PATCH 2/2] Fix Checkstyle Errors --- .../web/csrf/CookieCsrfTokenRepositoryTests.java | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java index 1f88a2042a8..2c870332f1a 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java @@ -112,7 +112,7 @@ void saveTokenSecure() { @Test void saveTokenSecureFlagTrue() { this.request.setSecure(false); - this.repository.setCookieCustomizer((cookie)-> cookie.secure(Boolean.TRUE)); + this.repository.setCookieCustomizer((cookie) -> cookie.secure(Boolean.TRUE)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -132,7 +132,7 @@ void saveTokenSecureFlagTrueUsingCustomizer() { @Test void saveTokenSecureFlagFalse() { this.request.setSecure(true); - this.repository.setCookieCustomizer((cookie)-> cookie.secure(Boolean.FALSE)); + this.repository.setCookieCustomizer((cookie) -> cookie.secure(Boolean.FALSE)); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); @@ -504,9 +504,4 @@ void setHeaderNameNullIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null)); } - @Test - void setCookieMaxAgeZeroIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieCustomizer((cookie) -> cookie.maxAge(0))); - } - }