(window.webpackJsonp=window.webpackJsonp||[]).push([[655],{1086:function(t,s,a){"use strict";a.r(s);var e=a(56),r=Object(e.a)({},(function(){var t=this,s=t.$createElement,a=t._self._c||s;return a("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[a("h1",{attrs:{id:"用csrf保护进行测试"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#用csrf保护进行测试"}},[t._v("#")]),t._v(" 用CSRF保护进行测试")]),t._v(" "),a("p",[t._v("在测试任何非安全的HTTP方法并使用 Spring Security的CSRF保护时，必须确保在请求中包含有效的CSRF令牌。要将有效的CSRF令牌指定为请求参数，可以使用CSRF["),a("code",[t._v("RequestPostProcessor")]),t._v("]（request-post-processors.html），如下所示：")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc\n\t.perform(post("/").with(csrf()))\n')])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc.post("/") {\n    with(csrf())\n}\n')])])]),a("p",[t._v("如果你愿意，可以在标题中包含CSRF令牌：")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc\n\t.perform(post("/").with(csrf().asHeader()))\n')])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc.post("/") {\n    with(csrf().asHeader())\n}\n')])])]),a("p",[t._v("你还可以使用以下方法测试是否提供了无效的CSRF令牌：")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc\n\t.perform(post("/").with(csrf().useInvalidToken()))\n')])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('mvc.post("/") {\n    with(csrf().useInvalidToken())\n}\n')])])]),a("p",[a("RouterLink",{attrs:{to:"/spring-security/authentication.html"}},[t._v("嘲笑用户")]),a("RouterLink",{attrs:{to:"/spring-security/form-login.html"}},[t._v("模拟表单登录")])],1)])}),[],!1,null,null,null);s.default=r.exports}}]);