diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java index 07812e2891..a73dce757a 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2017 the original author or authors. + * Copyright 2012-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -180,9 +180,9 @@ public class SpringBootWebSecurityConfigurationTests { .postForEntity("http://localhost:" + port + "/", form, Object.class); assertThat(result.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); - // override method with GET + // override method with DELETE form = new LinkedMultiValueMap(); - form.add("_method", "GET"); + form.add("_method", "DELETE"); result = rest.postForEntity("http://localhost:" + port + "/", form, Object.class); assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); @@ -337,7 +337,8 @@ public class SpringBootWebSecurityConfigurationTests { @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().antMatchers(HttpMethod.POST, "/**").denyAll(); + http.authorizeRequests().mvcMatchers(HttpMethod.POST, "/**").denyAll().and() + .csrf().disable(); } }