Conversation
- Causes as-yet not understood FileNotFoundExceptions on "class path resource [org/springframework/data/web/config/EnableSpringDataWebSupport.class]" - Required minor update to SecurityRequestPostProcessors to reflect breaking API changes in Spring Security's CSRF support.
@philwebb, @dsyer the commit above was a quick attempt to upgrade sagan to Boot M6. Running integration tests Any ideas? I really just had a moment to try this, so haven’t dug in at all. You can try this for yourself by checking out the
|
Maybe you accidentally pinned the version of Spring Data to an old version (instead of using the version provided by Spring Boot, either through a starter or a direct dependency)? |
- Causes as-yet not understood FileNotFoundExceptions on "class path resource [org/springframework/data/web/config/EnableSpringDataWebSupport.class]" - Required minor update to SecurityRequestPostProcessors to reflect breaking API changes in Spring Security's CSRF support.
- Causes as-yet not understood FileNotFoundExceptions on "class path resource [org/springframework/data/web/config/EnableSpringDataWebSupport.class]" - Required minor update to SecurityRequestPostProcessors to reflect breaking API changes in Spring Security's CSRF support.
@cbeams The problem causing the tests to break is the change to CSRF. Trying to isolate. |
@cbeams @gregturn The token also needs to be saved (i.e. stored in session). For example: repository.saveToken(csrfToken, request, response) This change was to ensure that we could delay creating an HTTP Session until we actually needed one. More details can be found at https://jira.springsource.org/browse/SEC-2276 |
Understood.. Do we still need request.setParameter(token.getParameterName(), token.getToken()); then? |
Yes both steps are necessary. The saveToken is simply to ensure that the expected token is setup correctly. The setParameter is so that the provided token matches the expected token. |
got it, thx! |
Hey all, just a heads up that with the latest commit it looks like we’ve upgraded to M6 successfully. I’ll rebase this and merge shortly. Thanks! |
Made in preparation for upgrade to Spring Boot 0.5.0.M6, which itself depends on Spring Security 3.2.0.RC2, this upgrade required a minor update to SecurityRequestPostProcessors to reflect a breaking API change in Spring Security's CSRF support.
In preparation for upgrade to Spring Boot 0.5.0.M6, which depends on the now-released HttpClient 4.3 GA.
Synchronize Thymeleaf dependencies with their respective versions in Spring Boot 0.5.0.M6 in preparation for upgrade to the latter.
Now enabled by default in Spring boot 0.5.0.M6, this commit explicitly disables Hibernate schema generation in order to allow Flyway to continue handling schema creation and updates without conflict.
No description provided.