Add reactive handle method to ServerCsrfTokenRequestHandler

Adds a default reactive handle method returning Mono<Void> and
deprecates the legacy void handle method in preparation for Spring
Security 8.

Signed-off-by: Andrey Litvitski <[email protected]>

Author: therepanic

web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java

@@ -60,6 +60,7 @@
  * @author Rob Winch
  * @author Parikshit Dutta
  * @author Steve Riesenberg
+ * @author Andrey Litvitski
  * @since 5.0
  */
 public class CsrfWebFilter implements WebFilter {
@@ -147,8 +148,7 @@ private Mono<Boolean> containsValidCsrfToken(ServerWebExchange exchange, CsrfTok
 	private Mono<Void> continueFilterChain(ServerWebExchange exchange, WebFilterChain chain) {
 		return Mono.defer(() -> {
 			Mono<CsrfToken> csrfToken = csrfToken(exchange);
-			this.requestHandler.handle(exchange, csrfToken);
-			return chain.filter(exchange);
+			return this.requestHandler.handleAsync(exchange, csrfToken).then(chain.filter(exchange));
 		});
 	}
 

web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestHandler.java

@@ -29,6 +29,7 @@
  * made available to the application through exchange attributes.
  *
  * @author Steve Riesenberg
+ * @author Andrey Litvitski
  * @since 5.8
  * @see ServerCsrfTokenRequestAttributeHandler
  */
@@ -40,9 +41,23 @@ public interface ServerCsrfTokenRequestHandler extends ServerCsrfTokenRequestRes
 	 * @param exchange the {@code ServerWebExchange} with the request being handled
 	 * @param csrfToken the {@code Mono<CsrfToken>} created by the
 	 * {@link ServerCsrfTokenRepository}
+	 * @deprecated since 7.0 in favor of {@link #handleAsync(ServerWebExchange, Mono)}
 	 */
+	@Deprecated(since = "7.0", forRemoval = true)
 	void handle(ServerWebExchange exchange, Mono<CsrfToken> csrfToken);
 
+	/**
+	 * Handles a request using a {@link CsrfToken}.
+	 * @param exchange the {@code ServerWebExchange} with the request being handled
+	 * @param csrfToken the {@code Mono<CsrfToken>} created by the
+	 * {@link ServerCsrfTokenRepository}
+	 * @return a {@code Mono} that completes when handling is finished
+	 */
+	default Mono<Void> handleAsync(ServerWebExchange exchange, Mono<CsrfToken> csrfToken) {
+		handle(exchange, csrfToken);
+		return Mono.empty();
+	}
+
 	@Override
 	default Mono<String> resolveCsrfTokenValue(ServerWebExchange exchange, CsrfToken csrfToken) {
 		Assert.notNull(exchange, "exchange cannot be null");

web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java

@@ -164,6 +164,7 @@ public void filterWhenPostAndEstablishedCsrfTokenAndHeaderValidTokenThenContinue
 	@Test
 	public void filterWhenRequestHandlerSetThenUsed() {
 		ServerCsrfTokenRequestHandler requestHandler = mock(ServerCsrfTokenRequestHandler.class);
+		given(requestHandler.handleAsync(any(ServerWebExchange.class), any())).willReturn(Mono.empty());
 		given(requestHandler.resolveCsrfTokenValue(any(ServerWebExchange.class), any(CsrfToken.class)))
 			.willReturn(Mono.just(this.token.getToken()));
 		this.csrfFilter.setRequestHandler(requestHandler);
@@ -179,7 +180,7 @@ public void filterWhenRequestHandlerSetThenUsed() {
 		StepVerifier.create(result).verifyComplete();
 		chainResult.assertWasSubscribed();
 
-		verify(requestHandler).handle(eq(this.post), any());
+		verify(requestHandler).handleAsync(eq(this.post), any());
 		verify(requestHandler).resolveCsrfTokenValue(this.post, this.token);
 	}