diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java index b17ce7635a8..dddcf2739bf 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java @@ -87,7 +87,7 @@ public void changeSessionIdThenPreserveParameters() throws Exception { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler(); DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, this.response); - handler.handle(request, this.response, deferredCsrfToken::get); + handler.handle(request, this.response, deferredCsrfToken); CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); request.setParameter(token.getParameterName(), token.getToken()); request.getSession().setAttribute("attribute1", "value1"); diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java index d17e7dda1f2..29fe282fa2b 100644 --- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java +++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java @@ -524,7 +524,7 @@ public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) TestCsrfTokenRepository.enable(request); MockHttpServletResponse response = new MockHttpServletResponse(); DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, response); - handler.handle(request, response, deferredCsrfToken::get); + handler.handle(request, response, deferredCsrfToken); CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); String tokenValue = this.useInvalidToken ? INVALID_TOKEN_VALUE : token.getToken(); if (this.asHeader) { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java index b5d0742a93e..98e6f92057d 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java @@ -164,7 +164,7 @@ public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception { HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository(); CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler(); DeferredCsrfToken deferredCsrfToken = repo.loadDeferredToken(request, response); - handler.handle(request, response, deferredCsrfToken::get); + handler.handle(request, response, deferredCsrfToken); CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); MockHttpServletRequestBuilder requestWithCsrf = post("/") .param(token.getParameterName(), token.getToken()) diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java index 5407d19bbb7..2822ad6686e 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java @@ -69,7 +69,7 @@ public void onAuthentication(Authentication authentication, HttpServletRequest r if (containsToken) { this.tokenRepository.saveToken(null, request, response); DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response); - this.requestHandler.handle(request, response, deferredCsrfToken::get); + this.requestHandler.handle(request, response, deferredCsrfToken); this.logger.debug("Replaced CSRF Token"); } } diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java index e6034b6bfb5..866ee72dd84 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java @@ -108,7 +108,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse throws ServletException, IOException { DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response); request.setAttribute(DeferredCsrfToken.class.getName(), deferredCsrfToken); - this.requestHandler.handle(request, response, deferredCsrfToken::get); + this.requestHandler.handle(request, response, deferredCsrfToken); if (!this.requireCsrfProtectionMatcher.matches(request)) { if (this.logger.isTraceEnabled()) { this.logger.trace("Did not protect against CSRF since request did not match " diff --git a/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java index a27a31f7c10..249f32d25d0 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java +++ b/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java @@ -16,6 +16,8 @@ package org.springframework.security.web.csrf; +import java.util.function.Supplier; + /** * An interface that allows delayed access to a {@link CsrfToken} that may be generated. * @@ -23,7 +25,7 @@ * @author Steve Riesenberg * @since 5.8 */ -public interface DeferredCsrfToken { +public interface DeferredCsrfToken extends Supplier { /** * Gets the {@link CsrfToken}