AbstractCsrfTokenUI.java

/*
 * Copyright 2000-2016 Vaadin Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.vaadin.tests.widgetset.server.csrf.ui;

import com.vaadin.annotations.Widgetset;
import com.vaadin.server.VaadinRequest;
import com.vaadin.tests.components.AbstractReindeerTestUI;
import com.vaadin.tests.widgetset.TestingWidgetSet;
import com.vaadin.tests.widgetset.server.csrf.CsrfButton;
import com.vaadin.ui.Button;
import com.vaadin.ui.Label;

/**
 * Abstract UI to test the CSRF token issue as reported in (#14111)
 *
 * @since
 * @author Vaadin Ltd
 */
@SuppressWarnings("serial")
@Widgetset(TestingWidgetSet.NAME)
public abstract class AbstractCsrfTokenUI extends AbstractReindeerTestUI {

    public static final String PRESS_ID = "PressMe";

    @Override
    protected void setup(VaadinRequest request) {

        addComponent(new Label("The button's text is the client token:"));
        addComponent(new CsrfButton());
        addComponent(new Label("This one is from the server"));
        addComponent(new Label(getSession().getCsrfToken()));
        Button pressMe = new Button("Click me to send a request");
        pressMe.setId(PRESS_ID);
        addComponent(pressMe);
    }

    @Override
    protected String getTestDescription() {
        return "Remove csrfToken from the request if security protection is disabled.";
    }

    @Override
    protected Integer getTicketNumber() {
        return 14111;
    }

}