spring-projects · kwondh5217 · Apr 8, 2025
diff --git a/...security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/...security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -87,7 +87,7 @@ public void changeSessionIdThenPreserveParameters() throws Exception {
 		HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
 		CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler();
 		DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, this.response);
-		handler.handle(request, this.response, deferredCsrfToken::get);
+		handler.handle(request, this.response, deferredCsrfToken);
 		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 		request.setParameter(token.getParameterName(), token.getToken());
 		request.getSession().setAttribute("attribute1", "value1");

diff --git a/...ringframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/...ringframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -524,7 +524,7 @@ public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request)
 			TestCsrfTokenRepository.enable(request);
 			MockHttpServletResponse response = new MockHttpServletResponse();
 			DeferredCsrfToken deferredCsrfToken = repository.loadDeferredToken(request, response);
-			handler.handle(request, response, deferredCsrfToken::get);
+			handler.handle(request, response, deferredCsrfToken);
 			CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 			String tokenValue = this.useInvalidToken ? INVALID_TOKEN_VALUE : token.getToken();
 			if (this.asHeader) {

diff --git a/...work/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/...work/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -164,7 +164,7 @@ public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception {
 		HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
 		CsrfTokenRequestHandler handler = new XorCsrfTokenRequestAttributeHandler();
 		DeferredCsrfToken deferredCsrfToken = repo.loadDeferredToken(request, response);
-		handler.handle(request, response, deferredCsrfToken::get);
+		handler.handle(request, response, deferredCsrfToken);
 		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 		MockHttpServletRequestBuilder requestWithCsrf = post("/")
 			.param(token.getParameterName(), token.getToken())

diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -69,7 +69,7 @@ public void onAuthentication(Authentication authentication, HttpServletRequest r
 		if (containsToken) {
 			this.tokenRepository.saveToken(null, request, response);
 			DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response);
-			this.requestHandler.handle(request, response, deferredCsrfToken::get);
+			this.requestHandler.handle(request, response, deferredCsrfToken);
 			this.logger.debug("Replaced CSRF Token");
 		}
 	}

diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -108,7 +108,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 			throws ServletException, IOException {
 		DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, response);
 		request.setAttribute(DeferredCsrfToken.class.getName(), deferredCsrfToken);
-		this.requestHandler.handle(request, response, deferredCsrfToken::get);
+		this.requestHandler.handle(request, response, deferredCsrfToken);
 		if (!this.requireCsrfProtectionMatcher.matches(request)) {
 			if (this.logger.isTraceEnabled()) {
 				this.logger.trace("Did not protect against CSRF since request did not match "

diff --git a/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DeferredCsrfToken.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,17 @@
 
 package org.springframework.security.web.csrf;
 
+import java.util.function.Supplier;
+
 /**
  * An interface that allows delayed access to a {@link CsrfToken} that may be generated.
  *
  * @author Rob Winch
  * @author Steve Riesenberg
+ * @author Daeho Kwon
  * @since 5.8
  */
-public interface DeferredCsrfToken {
+public interface DeferredCsrfToken extends Supplier<CsrfToken> {
 
 	/**
 	 * Gets the {@link CsrfToken}