Format

Issue gh-12086

web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java

@@ -15,6 +15,7 @@
  */
 
 package org.springframework.security.web.csrf;
+
 import java.util.UUID;
 import java.util.function.Consumer;
 
@@ -65,11 +66,12 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	private int cookieMaxAge = -1;
 
-	private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {};
+	private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {
+	};
 
 	/**
-	 * Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked
-	 * for each cookie being built, just before the call to {@code build()}.
+	 * Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked for
+	 * each cookie being built, just before the call to {@code build()}.
 	 * @param cookieCustomizer consumer for a cookie builder
 	 * @since 6.1
 	 */
@@ -88,10 +90,9 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 		String tokenValue = (token != null) ? token.getToken() : "";
 
 		ResponseCookie.ResponseCookieBuilder cookieBuilder = ResponseCookie.from(this.cookieName, tokenValue)
-				.secure(this.secure != null ? this.secure : request.isSecure())
+				.secure((this.secure != null) ? this.secure : request.isSecure())
 				.path(StringUtils.hasLength(this.cookiePath) ? this.cookiePath : this.getRequestContext(request))
-				.maxAge(token != null ? this.cookieMaxAge : 0)
-				.httpOnly(this.cookieHttpOnly)
+				.maxAge((token != null) ? this.cookieMaxAge : 0).httpOnly(this.cookieHttpOnly)
 				.domain(this.cookieDomain);
 
 		this.cookieCustomizer.accept(cookieBuilder);
@@ -203,8 +204,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 * @since 5.2
+	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 */
 	@Deprecated(since = "6.1")
 	public void setCookieDomain(String cookieDomain) {
@@ -212,8 +213,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 * @since 5.4
+	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 */
 	@Deprecated(since = "6.1")
 	public void setSecure(Boolean secure) {
@@ -221,12 +222,13 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 * @since 5.5
+	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 */
 	@Deprecated(since = "6.1")
 	public void setCookieMaxAge(int cookieMaxAge) {
 		Assert.isTrue(cookieMaxAge != 0, "cookieMaxAge cannot be zero");
 		this.cookieMaxAge = cookieMaxAge;
 	}
+
 }

web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java

@@ -62,11 +62,12 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 
 	private int cookieMaxAge = -1;
 
-	private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {};
+	private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {
+	};
 
 	/**
-	 * Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked
-	 * for each cookie being built, just before the call to {@code build()}.
+	 * Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked for
+	 * each cookie being built, just before the call to {@code build()}.
 	 * @param cookieCustomizer consumer for a cookie builder
 	 * @since 6.1
 	 */
@@ -175,8 +176,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 	}
 
 	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 * @since 5.5
+	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 */
 	@Deprecated(since = "6.1")
 	public void setSecure(boolean secure) {
@@ -184,8 +185,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 	}
 
 	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 * @since 5.8
+	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
 	 */
 	@Deprecated(since = "6.1")
 	public void setCookieMaxAge(int cookieMaxAge) {

web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java

@@ -42,7 +42,7 @@ class CookieCsrfTokenRepositoryTests {
 	MockHttpServletRequest request;
 
 	@BeforeEach
-	public void setup() {
+	void setup() {
 		this.repository = new CookieCsrfTokenRepository();
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
@@ -106,7 +106,7 @@ class CookieCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenSecureFlagTrueUsingCustomizer() {
 		this.request.setSecure(false);
-		this.repository.setCookieCustomizer(customizer -> customizer.secure(Boolean.TRUE));
+		this.repository.setCookieCustomizer((customizer) -> customizer.secure(Boolean.TRUE));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -126,7 +126,7 @@ class CookieCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenSecureFlagFalseUsingCustomizer() {
 		this.request.setSecure(true);
-		this.repository.setCookieCustomizer(customizer -> customizer.secure(Boolean.FALSE));
+		this.repository.setCookieCustomizer((customizer) -> customizer.secure(Boolean.FALSE));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -156,7 +156,7 @@ class CookieCsrfTokenRepositoryTests {
 
 	@Test
 	void saveTokenHttpOnlyTrueUsingCustomizer() {
-		this.repository.setCookieCustomizer(customizer -> customizer.httpOnly(true));
+		this.repository.setCookieCustomizer((customizer) -> customizer.httpOnly(true));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -174,7 +174,7 @@ class CookieCsrfTokenRepositoryTests {
 
 	@Test
 	void saveTokenHttpOnlyFalseUsingCustomizer() {
-		this.repository.setCookieCustomizer(customizer -> customizer.httpOnly(false));
+		this.repository.setCookieCustomizer((customizer) -> customizer.httpOnly(false));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -233,7 +233,7 @@ class CookieCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenWithCookieDomainUsingCustomizer() {
 		String domainName = "example.com";
-		this.repository.setCookieCustomizer(customizer -> customizer.domain(domainName));
+		this.repository.setCookieCustomizer((customizer) -> customizer.domain(domainName));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -253,7 +253,7 @@ class CookieCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenWithCookieMaxAgeUsingCustomizer() {
 		int maxAge = 1200;
-		this.repository.setCookieCustomizer(customizer -> customizer.maxAge(maxAge));
+		this.repository.setCookieCustomizer((customizer) -> customizer.maxAge(maxAge));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -263,31 +263,31 @@ class CookieCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenWithSameSiteNull() {
 		String sameSitePolicy = null;
-		this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
+		this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-		assertThat(((MockCookie)tokenCookie).getSameSite()).isNull();
+		assertThat(((MockCookie) tokenCookie).getSameSite()).isNull();
 	}
 
 	@Test
 	void saveTokenWithSameSiteStrict() {
 		String sameSitePolicy = "Strict";
-		this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
+		this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-		assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
+		assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
 	}
 
 	@Test
 	void saveTokenWithSameSiteLax() {
 		String sameSitePolicy = "Lax";
-		this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
+		this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-		assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
+		assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
 	}
 
 	@Test
@@ -394,7 +394,7 @@ class CookieCsrfTokenRepositoryTests {
 		String domainName = "example.com";
 		String customPath = "/custompath";
 		String sameSitePolicy = "Strict";
-		this.repository.setCookieCustomizer(customizer -> {
+		this.repository.setCookieCustomizer((customizer) -> {
 			customizer.domain(domainName);
 			customizer.secure(false);
 			customizer.path(customPath);
@@ -408,7 +408,7 @@ class CookieCsrfTokenRepositoryTests {
 		assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
 		assertThat(tokenCookie.getPath()).isEqualTo(customPath);
 		assertThat(tokenCookie.isHttpOnly()).isEqualTo(Boolean.TRUE);
-		assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
+		assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
 	}
 
 	@Test
@@ -430,4 +430,5 @@ class CookieCsrfTokenRepositoryTests {
 	void setCookieMaxAgeZeroIllegalArgumentException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0));
 	}
+
 }

web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java

@@ -66,7 +66,7 @@ class CookieServerCsrfTokenRepositoryTests {
 	private String expectedSameSitePolicy = null;
 
 	@BeforeEach
-	public void setUp() {
+	void setUp() {
 		this.csrfTokenRepository = new CookieServerCsrfTokenRepository();
 		this.request = MockServerHttpRequest.get("/someUri");
 	}
@@ -156,7 +156,7 @@ class CookieServerCsrfTokenRepositoryTests {
 
 		CsrfToken token = createToken();
 
-		this.csrfTokenRepository.setCookieCustomizer(customizer -> {
+		this.csrfTokenRepository.setCookieCustomizer((customizer) -> {
 			customizer.domain(expectedDomain);
 			customizer.maxAge(expectedMaxAge);
 			customizer.path(expectedPath);
@@ -209,7 +209,7 @@ class CookieServerCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenWhenSecureFlagTrueThenSecureUsingCustomizer() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
-		this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(true));
+		this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(true));
 		this.csrfTokenRepository.saveToken(exchange, createToken()).block();
 		ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
 		assertThat(cookie).isNotNull();
@@ -229,7 +229,7 @@ class CookieServerCsrfTokenRepositoryTests {
 	@Test
 	void saveTokenWhenSecureFlagFalseThenNotSecureUsingCustomizer() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
-		this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(false));
+		this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(false));
 		this.csrfTokenRepository.saveToken(exchange, createToken()).block();
 		ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
 		assertThat(cookie).isNotNull();
@@ -251,7 +251,7 @@ class CookieServerCsrfTokenRepositoryTests {
 	void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecureUsingCustomizer() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
 		this.request.sslInfo(new MockSslInfo());
-		this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(false));
+		this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(false));
 		this.csrfTokenRepository.saveToken(exchange, createToken()).block();
 		ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
 		assertThat(cookie).isNotNull();
@@ -325,8 +325,8 @@ class CookieServerCsrfTokenRepositoryTests {
 		this.expectedMaxAge = Duration.ofSeconds(expectedCookieMaxAge);
 	}
 
-	private void setExpectedSameSitePolicy(String sameSitePolicy){
-		this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
+	private void setExpectedSameSitePolicy(String sameSitePolicy) {
+		this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
 		this.expectedSameSitePolicy = sameSitePolicy;
 	}