For the latest stable version, please use Spring Security 6.3.4!

Testing with CSRF

Spring Security also provides support for CSRF testing with WebTestClient — for example:

  • Java

  • Kotlin

import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;

this.rest
	// provide a valid CSRF token
	.mutateWith(csrf())
	.post()
	.uri("/login")
	...
import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf

this.rest
    // provide a valid CSRF token
    .mutateWith(csrf())
    .post()
    .uri("/login")
    ...