From 65981444f11eb8d42c644c42ecf7225d4425a18e Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Wed, 18 Dec 2019 14:31:52 -0600
Subject: [PATCH] Use Version Ranges

Fixes gh-7788
---
 .../configurers/NamespaceRememberMeTests.java |  12 +-
 .../configurers/UrlAuthorizationsTests.java   |   2 +-
 gradle/dependency-management.gradle           | 150 ++++++++++--------
 ...ctivePasswordTokenResponseClientTests.java |   2 +-
 ...eRefreshTokenTokenResponseClientTests.java |   2 +-
 ...paqueTokenAuthenticationProviderTests.java |   2 +-
 ...kenReactiveAuthenticationManagerTests.java |   2 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |   4 +-
 ...sReactiveOpaqueTokenIntrospectorTests.java |   4 +-
 9 files changed, 100 insertions(+), 80 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index d42cf46110..b1e03fe1d7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -98,7 +98,7 @@ public class NamespaceRememberMeTests {
 				.andReturn();
 
 		rememberMe = result.getResponse().getCookie("remember-me");
-		assertThat(rememberMe).isNotNull().extracting("maxAge").containsExactly(0);
+		assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0);
 
 		this.mvc.perform(post("/authentication-class").with(csrf())
 				.cookie(rememberMe))
@@ -292,7 +292,7 @@ public class NamespaceRememberMeTests {
 				.with(rememberMeLogin()))
 				.andReturn().getResponse().getCookie("remember-me");
 
-		assertThat(expiredRememberMe).extracting("maxAge").containsExactly(314);
+		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
 	}
 
 	@Configuration
@@ -320,8 +320,8 @@ public class NamespaceRememberMeTests {
 				.with(rememberMeLogin()))
 				.andReturn().getResponse().getCookie("remember-me");
 
-		assertThat(expiredRememberMe).extracting("maxAge")
-				.containsExactly(AbstractRememberMeServices.TWO_WEEKS_S);
+		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge)
+				.isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
 	}
 
 	@Test
@@ -331,7 +331,7 @@ public class NamespaceRememberMeTests {
 				.with(rememberMeLogin()))
 				.andReturn().getResponse().getCookie("remember-me");
 
-		assertThat(secureCookie).extracting("secure").containsExactly(true);
+		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
 	@Configuration
@@ -357,7 +357,7 @@ public class NamespaceRememberMeTests {
 				.secure(true))
 				.andReturn().getResponse().getCookie("remember-me");
 
-		assertThat(secureCookie).extracting("secure").containsExactly(true);
+		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index 3ea747a6a5..4d5b6523d8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -139,7 +139,7 @@ public class UrlAuthorizationsTests {
 		FilterSecurityInterceptor interceptor = getFilter(FilterSecurityInterceptor.class);
 		assertThat(interceptor).isNotNull();
 		assertThat(interceptor).extracting("accessDecisionManager")
-				.first().isInstanceOf(AffirmativeBased.class);
+				.isInstanceOf(AffirmativeBased.class);
 	}
 
 	private <T extends Filter> T getFilter(Class<T> filterType) {
diff --git a/gradle/dependency-management.gradle b/gradle/dependency-management.gradle
index 10f9001697..2d76fd3a2d 100644
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@@ -1,15 +1,16 @@
 if (!project.hasProperty("reactorVersion")) {
-	ext.reactorVersion = "Dysprosium-SR1"
+	ext.reactorVersion = "Dysprosium-SR+"
 }
 
 if (!project.hasProperty("springVersion")) {
-	ext.springVersion = "5.2.1.RELEASE"
+	ext.springVersion = "latest.release"
 }
 
 if (!project.hasProperty("springDataVersion")) {
-	ext.springDataVersion = "Moore-SR1"
+	ext.springDataVersion = "Moore-SR+"
 }
-ext.rsocketVersion = "1.0.0-RC5"
+ext.rsocketVersion = "1.+"
+ext.openSamlVersion = "3.+"
 
 // https://github.com/gradle/gradle/issues/7576#issuecomment-434637595
 configurations {
@@ -29,92 +30,111 @@ dependencies {
 	management platform("io.projectreactor:reactor-bom:$reactorVersion")
 	management platform("org.springframework.data:spring-data-releasetrain:$springDataVersion")
 	constraints {
-		management "ch.qos.logback:logback-classic:1.2.3"
-		management "com.fasterxml.jackson.core:jackson-databind:2.10.0"
+		management "ch.qos.logback:logback-classic:1.+"
+		management "com.fasterxml.jackson.core:jackson-databind:2.+"
 		management "com.google.appengine:appengine-api-1.0-sdk:$gaeVersion"
 		management "com.google.appengine:appengine-api-labs:$gaeVersion"
 		management "com.google.appengine:appengine-api-stubs:$gaeVersion"
 		management "com.google.appengine:appengine-testing:$gaeVersion"
 		management "com.google.appengine:appengine:$gaeVersion"
 		management "com.google.inject:guice:3.0"
-		management "com.nimbusds:nimbus-jose-jwt:7.8.1"
-		management "com.nimbusds:oauth2-oidc-sdk:6.14"
-		management "com.squareup.okhttp3:mockwebserver:3.14.2"
-		management "com.squareup.okhttp3:okhttp:3.14.1"
-		management "com.sun.xml.bind:jaxb-core:2.3.0.1"
-		management "com.sun.xml.bind:jaxb-impl:2.3.2"
-		management "com.unboundid:unboundid-ldapsdk:4.0.12"
-		management "commons-codec:commons-codec:1.13"
-		management "commons-collections:commons-collections:3.2.2"
-		management "commons-httpclient:commons-httpclient:3.1"
-		management "commons-logging:commons-logging:1.2"
-		management "io.projectreactor.tools:blockhound:1.0.1.RELEASE"
+		management "com.nimbusds:nimbus-jose-jwt:latest.release"
+		management "com.nimbusds:oauth2-oidc-sdk:latest.release"
+		management "com.squareup.okhttp3:mockwebserver:3.+"
+		management "com.squareup.okhttp3:okhttp:3.+"
+		management "com.sun.xml.bind:jaxb-core:2.+"
+		management "com.sun.xml.bind:jaxb-impl:2.+"
+		management "com.unboundid:unboundid-ldapsdk:4.+"
+		management "commons-codec:commons-codec:1.+"
+		management "commons-collections:commons-collections:3.+"
+		management "commons-httpclient:commons-httpclient:3.+"
+		management "commons-logging:commons-logging:1.+"
+		management "io.projectreactor.tools:blockhound:1.+"
 		management "io.rsocket:rsocket-core:${rsocketVersion}"
 		management "io.rsocket:rsocket-transport-netty:${rsocketVersion}"
-		management "javax.annotation:jsr250-api:1.0"
-		management "javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.2"
-		management "javax.servlet.jsp:javax.servlet.jsp-api:2.3.3"
-		management "javax.servlet:javax.servlet-api:4.0.1"
-		management "javax.validation:validation-api:2.0.1.Final"
-		management "javax.xml.bind:jaxb-api:2.4.0-b180830.0359"
+		management "javax.annotation:jsr250-api:1.+"
+		management "javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.+"
+		management "javax.servlet.jsp:javax.servlet.jsp-api:2.+"
+		management "javax.servlet:javax.servlet-api:4.+"
+		management "javax.validation:validation-api:2.+"
+		management "javax.xml.bind:jaxb-api:2.+"
 		management "junit:junit:4.12"
-		management "ldapsdk:ldapsdk:4.1"
-		management "net.sf.ehcache:ehcache:2.10.6"
-		management "net.sourceforge.htmlunit:htmlunit:2.36.0"
-		management "net.sourceforge.nekohtml:nekohtml:1.9.22"
-		management "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:2.4.1"
-		management "opensymphony:sitemesh:+"
+		management "ldapsdk:ldapsdk:4.+"
+		management "net.sf.ehcache:ehcache:2.+"
+		management "net.sourceforge.htmlunit:htmlunit:2.+"
+		management "net.sourceforge.nekohtml:nekohtml:1.+"
+		management "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:2.+"
+		management "opensymphony:sitemesh:2.+"
 		management "org.apache.directory.server:apacheds-core-entry:1.5.5"
 		management "org.apache.directory.server:apacheds-core:1.5.5"
 		management "org.apache.directory.server:apacheds-protocol-ldap:1.5.5"
 		management "org.apache.directory.server:apacheds-protocol-shared:1.5.5"
 		management "org.apache.directory.server:apacheds-server-jndi:1.5.5"
 		management "org.apache.directory.shared:shared-ldap:0.9.15"
-		management "org.apache.httpcomponents:httpclient:4.5.10"
-		management "org.apache.taglibs:taglibs-standard-jstlel:1.2.5"
+		management "org.apache.httpcomponents:httpclient:4.+"
+		management "org.apache.taglibs:taglibs-standard-jstlel:1.+"
 		management "org.aspectj:aspectjrt:$aspectjVersion"
 		management "org.aspectj:aspectjtools:$aspectjVersion"
 		management "org.aspectj:aspectjweaver:$aspectjVersion"
-		management "org.assertj:assertj-core:3.12.2"
-		management "org.bouncycastle:bcpkix-jdk15on:1.64"
-		management "org.bouncycastle:bcprov-jdk15on:1.64"
+		management "org.assertj:assertj-core:3.+"
+		management "org.bouncycastle:bcpkix-jdk15on:1.+"
+		management "org.bouncycastle:bcprov-jdk15on:1.+"
 		management "org.codehaus.groovy:groovy-all:2.4.17"
 		management "org.codehaus.groovy:groovy:2.4.17"
 		management "org.eclipse.jetty:jetty-server:9.4.19.v20190610"
 		management "org.eclipse.jetty:jetty-servlet:9.4.19.v20190610"
-		management "org.eclipse.persistence:javax.persistence:2.2.1"
+		management "org.eclipse.persistence:javax.persistence:2.+"
 		management "org.gebish:geb-spock:0.10.0"
-		management "org.hibernate:hibernate-entitymanager:5.4.8.Final"
-		management "org.hibernate:hibernate-validator:6.1.0.Final"
-		management "org.hsqldb:hsqldb:2.5.0"
-		management "org.jasig.cas.client:cas-client-core:3.5.1"
-		management "org.jasig.cas:cas-server-webapp:4.2.7"
-		management "org.javassist:javassist:3.22.0-CR2"
-		management "org.mockito:mockito-core:3.0.0"
-		management "org.openid4java:openid4java-nodeps:0.9.6"
-		management "org.opensaml:opensaml-core:3.4.3"
-		management "org.opensaml:opensaml-saml-api:3.4.3"
-		management "org.opensaml:opensaml-saml-impl:3.4.3"
-		management "org.powermock:powermock-api-mockito2:2.0.4"
-		management "org.powermock:powermock-api-support:2.0.4"
-		management "org.powermock:powermock-core:2.0.4"
-		management "org.powermock:powermock-module-junit4-common:2.0.4"
-		management "org.powermock:powermock-module-junit4:2.0.4"
-		management "org.powermock:powermock-reflect:2.0.4"
-		management "org.python:jython:2.5.0"
-		management "org.seleniumhq.selenium:htmlunit-driver:2.36.0"
-		management "org.seleniumhq.selenium:selenium-java:3.141.59"
-		management "org.seleniumhq.selenium:selenium-support:3.141.59"
-		management "org.skyscreamer:jsonassert:1.5.0"
-		management "org.slf4j:jcl-over-slf4j:1.7.28"
-		management "org.slf4j:log4j-over-slf4j:1.7.28"
-		management "org.slf4j:slf4j-api:1.7.28"
-		management "org.sonatype.sisu.inject:cglib:2.2.1-v20090111"
+		management "org.hibernate:hibernate-entitymanager:5.+"
+		management "org.hibernate:hibernate-validator:6.+"
+		management "org.hsqldb:hsqldb:2.+"
+		management "org.jasig.cas.client:cas-client-core:3.+"
+		management "org.jasig.cas:cas-server-webapp:4.0.+"
+		management "org.mockito:mockito-core:3.+"
+		management "org.openid4java:openid4java-nodeps:0.+"
+		management "org.opensaml:opensaml-core:$openSamlVersion"
+		management "org.opensaml:opensaml-saml-api:$openSamlVersion"
+		management "org.opensaml:opensaml-saml-impl:$openSamlVersion"
+		management "org.powermock:powermock-api-mockito2:2.+"
+		management "org.powermock:powermock-api-support:2.+"
+		management "org.powermock:powermock-core:2.+"
+		management "org.powermock:powermock-module-junit4-common:2.+"
+		management "org.powermock:powermock-module-junit4:2.+"
+		management "org.powermock:powermock-reflect:2.+"
+		management "org.python:jython:2.5.+"
+		management "org.seleniumhq.selenium:htmlunit-driver:2.+"
+		management "org.seleniumhq.selenium:selenium-java:3.+"
+		management "org.seleniumhq.selenium:selenium-support:3.+"
+		management "org.skyscreamer:jsonassert:1.+"
+		management "org.slf4j:jcl-over-slf4j:1.+"
+		management "org.slf4j:log4j-over-slf4j:1.+"
+		management "org.slf4j:slf4j-api:1.+"
 		management "org.spockframework:spock-core:1.0-groovy-2.4"
 		management "org.spockframework:spock-spring:1.0-groovy-2.4"
-		management "org.springframework.ldap:spring-ldap-core:2.3.2.RELEASE"
-		management "org.synchronoss.cloud:nio-multipart-parser:1.1.0"
-		management "org.thymeleaf:thymeleaf-spring5:3.0.11.RELEASE"
+		management "org.springframework.ldap:spring-ldap-core:latest.release"
+		management "org.synchronoss.cloud:nio-multipart-parser:1.+"
+		management "org.thymeleaf:thymeleaf-spring5:3.+"
+	}
+}
+
+configurations {
+	all {
+		resolutionStrategy {
+			componentSelection {
+				all { ComponentSelection selection ->
+					def candidate = selection.getCandidate()
+					def version = candidate.getVersion().toLowerCase()
+
+					if (version.contains("alpha") || version.contains("beta")) {
+						selection.reject("Rejecting $selection with version $version as alpha/beta")
+					}
+
+					if (candidate.getModule().equals("jsr250-api") && version.equals("1.0-20050927.133100")) {
+						selection.reject("Rejecting $selection with version $version as invalid version")
+					}
+				}
+			}
+		}
 	}
 }
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index 00730543c7..93a17f4673 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -150,7 +150,7 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response")
-				.hasMessageContaining("Token type must be \"Bearer\"");
+				.hasCauseInstanceOf(Throwable.class);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 8449546b9a..0be683ae6c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -155,7 +155,7 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response")
-				.hasMessageContaining("Token type must be \"Bearer\"");
+				.hasCauseInstanceOf(Throwable.class);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index a2fd4fb11f..1eb83167c1 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -111,7 +111,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.extracting("error.description")
-				.containsExactly("An error occurred while attempting to introspect the token: Invalid token");
+				.isEqualTo("An error occurred while attempting to introspect the token: Invalid token");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index 6ab8c90fb8..e8c64d9277 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -117,7 +117,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.extracting("error.description")
-				.containsExactly("An error occurred while attempting to introspect the token: Invalid token");
+				.isEqualTo("An error occurred while attempting to introspect the token: Invalid token");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 966d8eae62..620303f79a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -168,7 +168,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		assertThatCode(() -> introspectionClient.introspect("token"))
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("Provided token [token] isn't active");
+				.isEqualTo("Provided token [token] isn't active");
 	}
 
 	@Test
@@ -205,7 +205,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		assertThatCode(() -> introspectionClient.introspect("token"))
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("server was unresponsive");
+				.isEqualTo("server was unresponsive");
 	}
 
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 0b58f45e6b..8c3ec19444 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -142,7 +142,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("Provided token [token] isn't active");
+				.isEqualTo("Provided token [token] isn't active");
 	}
 
 	@Test
@@ -175,7 +175,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("server was unresponsive");
+				.isEqualTo("server was unresponsive");
 	}
 
 	@Test