This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.4!

Testing with CSRF

Spring Security also provides support for CSRF testing with WebTestClient — for example:

  • Java

  • Kotlin

import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;

this.rest
	// provide a valid CSRF token
	.mutateWith(csrf())
	.post()
	.uri("/login")
	...
import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf

this.rest
    // provide a valid CSRF token
    .mutateWith(csrf())
    .post()
    .uri("/login")
    ...