Fix security test with changes in SPR-16836

This commit replaces the use of a GET method by a DELETE method for testing that the HiddenHttpMethodFilter is ordered before the security filter. With SPR-16836 changes, only PUT DELETE and PATCH are now allowed.
7 years ago · 1b81f6f4c0
parent 9d9acc92e3
commit 1b81f6f4c0
1 changed files with 5 additions and 4 deletions
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2017 the original author or authors.
+ * Copyright 2012-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -180,9 +180,9 @@ public class SpringBootWebSecurityConfigurationTests {
 				.postForEntity("http://localhost:" + port + "/", form, Object.class);
 		assertThat(result.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);

-		// override method with GET
+		// override method with DELETE
 		form = new LinkedMultiValueMap<String, String>();
-		form.add("_method", "GET");
+		form.add("_method", "DELETE");

 		result = rest.postForEntity("http://localhost:" + port + "/", form, Object.class);
 		assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
@ -337,7 +337,8 @@ public class SpringBootWebSecurityConfigurationTests {

 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http.authorizeRequests().antMatchers(HttpMethod.POST, "/**").denyAll();
+			http.authorizeRequests().mvcMatchers(HttpMethod.POST, "/**").denyAll().and()
+					.csrf().disable();
 		}

 	}