-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Commit d143196
committed
refactor(csrf): Extract XOR CSRF token logic into reusable encoder
Moved XOR-based CSRF token encoding/decoding logic into a new public class `XorCsrfTokenEncoder`
that implements the `CsrfTokenEncoder` interface. This improves testability, readability, and
separation of concerns.
- Created `CsrfTokenEncoder` interface to define encoding/decoding contract
- Implemented `XorCsrfTokenEncoder` with secure random masking logic
- Updated `XorCsrfTokenRequestAttributeHandler` to delegate to the encoder
- Added support for injecting custom `SecureRandom` instance
- Preserved existing behavior and encoding mechanism
This refactor enables easier unit testing and future extensibility.1 parent f3761af commit d143196
File tree
4 files changed
+257
-65
lines changed- web/src
- main/java/org/springframework/security/web/csrf
- test/java/org/springframework/security/web/csrf
4 files changed
+257
-65
lines changedLines changed: 44 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | + | ||
2 | + | ||
3 | + | ||
4 | + | ||
5 | + | ||
6 | + | ||
7 | + | ||
8 | + | ||
9 | + | ||
10 | + | ||
11 | + | ||
12 | + | ||
13 | + | ||
14 | + | ||
15 | + | ||
16 | + | ||
17 | + | ||
18 | + | ||
19 | + | ||
20 | + | ||
21 | + | ||
22 | + | ||
23 | + | ||
24 | + | ||
25 | + | ||
26 | + | ||
27 | + | ||
28 | + | ||
29 | + | ||
30 | + | ||
31 | + | ||
32 | + | ||
33 | + | ||
34 | + | ||
35 | + | ||
36 | + | ||
37 | + | ||
38 | + | ||
39 | + | ||
40 | + | ||
41 | + | ||
42 | + | ||
43 | + | ||
44 | + | ||
Lines changed: 112 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | + | ||
2 | + | ||
3 | + | ||
4 | + | ||
5 | + | ||
6 | + | ||
7 | + | ||
8 | + | ||
9 | + | ||
10 | + | ||
11 | + | ||
12 | + | ||
13 | + | ||
14 | + | ||
15 | + | ||
16 | + | ||
17 | + | ||
18 | + | ||
19 | + | ||
20 | + | ||
21 | + | ||
22 | + | ||
23 | + | ||
24 | + | ||
25 | + | ||
26 | + | ||
27 | + | ||
28 | + | ||
29 | + | ||
30 | + | ||
31 | + | ||
32 | + | ||
33 | + | ||
34 | + | ||
35 | + | ||
36 | + | ||
37 | + | ||
38 | + | ||
39 | + | ||
40 | + | ||
41 | + | ||
42 | + | ||
43 | + | ||
44 | + | ||
45 | + | ||
46 | + | ||
47 | + | ||
48 | + | ||
49 | + | ||
50 | + | ||
51 | + | ||
52 | + | ||
53 | + | ||
54 | + | ||
55 | + | ||
56 | + | ||
57 | + | ||
58 | + | ||
59 | + | ||
60 | + | ||
61 | + | ||
62 | + | ||
63 | + | ||
64 | + | ||
65 | + | ||
66 | + | ||
67 | + | ||
68 | + | ||
69 | + | ||
70 | + | ||
71 | + | ||
72 | + | ||
73 | + | ||
74 | + | ||
75 | + | ||
76 | + | ||
77 | + | ||
78 | + | ||
79 | + | ||
80 | + | ||
81 | + | ||
82 | + | ||
83 | + | ||
84 | + | ||
85 | + | ||
86 | + | ||
87 | + | ||
88 | + | ||
89 | + | ||
90 | + | ||
91 | + | ||
92 | + | ||
93 | + | ||
94 | + | ||
95 | + | ||
96 | + | ||
97 | + | ||
98 | + | ||
99 | + | ||
100 | + | ||
101 | + | ||
102 | + | ||
103 | + | ||
104 | + | ||
105 | + | ||
106 | + | ||
107 | + | ||
108 | + | ||
109 | + | ||
110 | + | ||
111 | + | ||
112 | + | ||
Lines changed: 8 additions & 65 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | - | ||
20 | - | ||
21 | - | ||
22 | - | ||
23 | 19 | | |
24 | 20 | | |
25 | 21 | | |
26 | 22 | | |
27 | 23 | | |
28 | - | ||
29 | - | ||
30 | - | ||
31 | 24 | | |
32 | 25 | | |
26 | + | ||
27 | + | ||
28 | + | ||
33 | 29 | | |
34 | 30 | | |
35 | 31 | | |
36 | 32 | | |
37 | 33 | | |
38 | 34 | | |
39 | 35 | | |
36 | + | ||
40 | 37 | | |
41 | 38 | | |
42 | 39 | | |
43 | 40 | | |
44 | 41 | | |
45 | 42 | | |
46 | - | ||
43 | + | ||
47 | 44 | | |
48 | 45 | | |
49 | 46 | | |
| |||
52 | 49 | | |
53 | 50 | | |
54 | 51 | | |
55 | - | ||
52 | + | ||
56 | 53 | | |
57 | 54 | | |
58 | 55 | | |
| |||
69 | 66 | | |
70 | 67 | | |
71 | 68 | | |
72 | - | ||
69 | + | ||
73 | 70 | | |
74 | 71 | | |
75 | 72 | | |
| |||
80 | 77 | | |
81 | 78 | | |
82 | 79 | | |
83 | - | ||
84 | - | ||
85 | - | ||
86 | - | ||
87 | - | ||
88 | - | ||
89 | - | ||
90 | - | ||
91 | - | ||
92 | - | ||
93 | - | ||
94 | - | ||
95 | - | ||
96 | - | ||
97 | - | ||
98 | - | ||
99 | - | ||
100 | - | ||
101 | - | ||
102 | - | ||
103 | - | ||
104 | - | ||
105 | - | ||
106 | - | ||
107 | - | ||
108 | - | ||
109 | - | ||
110 | - | ||
111 | - | ||
112 | - | ||
113 | - | ||
114 | - | ||
115 | - | ||
116 | - | ||
117 | - | ||
118 | - | ||
119 | - | ||
120 | - | ||
121 | - | ||
122 | - | ||
123 | - | ||
124 | - | ||
125 | - | ||
126 | - | ||
127 | - | ||
128 | - | ||
129 | - | ||
130 | - | ||
131 | - | ||
132 | - | ||
133 | - | ||
134 | - | ||
135 | - | ||
136 | - | ||
137 | - | ||
80 | + | ||
138 | 81 | | |
139 | 82 | | |
140 | 83 | | |
| |||
Lines changed: 93 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | + | ||
2 | + | ||
3 | + | ||
4 | + | ||
5 | + | ||
6 | + | ||
7 | + | ||
8 | + | ||
9 | + | ||
10 | + | ||
11 | + | ||
12 | + | ||
13 | + | ||
14 | + | ||
15 | + | ||
16 | + | ||
17 | + | ||
18 | + | ||
19 | + | ||
20 | + | ||
21 | + | ||
22 | + | ||
23 | + | ||
24 | + | ||
25 | + | ||
26 | + | ||
27 | + | ||
28 | + | ||
29 | + | ||
30 | + | ||
31 | + | ||
32 | + | ||
33 | + | ||
34 | + | ||
35 | + | ||
36 | + | ||
37 | + | ||
38 | + | ||
39 | + | ||
40 | + | ||
41 | + | ||
42 | + | ||
43 | + | ||
44 | + | ||
45 | + | ||
46 | + | ||
47 | + | ||
48 | + | ||
49 | + | ||
50 | + | ||
51 | + | ||
52 | + | ||
53 | + | ||
54 | + | ||
55 | + | ||
56 | + | ||
57 | + | ||
58 | + | ||
59 | + | ||
60 | + | ||
61 | + | ||
62 | + | ||
63 | + | ||
64 | + | ||
65 | + | ||
66 | + | ||
67 | + | ||
68 | + | ||
69 | + | ||
70 | + | ||
71 | + | ||
72 | + | ||
73 | + | ||
74 | + | ||
75 | + | ||
76 | + | ||
77 | + | ||
78 | + | ||
79 | + | ||
80 | + | ||
81 | + | ||
82 | + | ||
83 | + | ||
84 | + | ||
85 | + | ||
86 | + | ||
87 | + | ||
88 | + | ||
89 | + | ||
90 | + | ||
91 | + | ||
92 | + | ||
93 | + | ||
0 commit comments