Merge branch '6.0.x' into 6.1.x

Closes gh-13883
2026-05-22 21:33:16 +00:00 · 2023-09-29 11:46:48 -03:00
parent 376db0317c 92c82191c9
commit 8adfc9b463
1173 changed files with 10937 additions and 8789 deletions
@@ -75,7 +75,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		ctxSrc.setPassword("password");
 		ctxSrc.afterPropertiesSet();
 		assertThat(ctxSrc.getAuthenticatedEnvForTest("manager", "password"))
-				.containsKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
+			.containsKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
 	}

 	@Test
@@ -86,7 +86,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		ctxSrc.setPassword("password");
 		ctxSrc.afterPropertiesSet();
 		assertThat(ctxSrc.getAuthenticatedEnvForTest("user", "password"))
-				.doesNotContainKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
+			.doesNotContainKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
 	}

 	// SEC-1145. Confirms that there is no issue here with pooling.
@@ -96,8 +96,9 @@ public class DefaultSpringSecurityContextSourceTests {
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
 		// Now get it gain, with wrong password. Should fail.
-		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.contextSource
-				.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword").close());
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
+				() -> this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword")
+					.close());
 	}

 	@Test
@@ -166,7 +167,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		// this url should be rejected because the root DN goes into a separate parameter
 		serverUrls.add("ldap://bar:389/dc=foobar,dc=org");
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org"));
+			.isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org"));
 	}

 	static class EnvExposingDefaultSpringSecurityContextSource extends DefaultSpringSecurityContextSource {
@@ -91,9 +91,9 @@ public class SpringSecurityLdapTemplateITests {
 	@Test
 	public void namingExceptionIsTranslatedCorrectly() {
 		assertThatExceptionOfType(UncategorizedLdapException.class)
-				.isThrownBy(() -> this.template.executeReadOnly((ContextExecutor) (dirContext) -> {
-					throw new NamingException();
-				}));
+			.isThrownBy(() -> this.template.executeReadOnly((ContextExecutor) (dirContext) -> {
+				throw new NamingException();
+			}));
 	}

 	@Test
@@ -73,14 +73,14 @@ public class BindAuthenticatorTests {
 		DirContextOperations user = this.authenticator.authenticate(this.bob);
 		assertThat(user.getStringAttribute("uid")).isEqualTo("bob");
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
 	}

 	@Test
 	public void testAuthenticationWithInvalidUserNameFails() {
 		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("nonexistentsuser", "password")));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("nonexistentsuser", "password")));
 	}

 	@Test
@@ -95,17 +95,17 @@ public class BindAuthenticatorTests {
 		// SEC-1444
 		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", this.contextSource));
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("slash/guy", "slashguyspassword"));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("slash/guy", "slashguyspassword"));
 		// SEC-1661
-		this.authenticator.setUserSearch(
-				new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource));
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
+			.setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource));
+		this.authenticator
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
 		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource));
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
 	}

 	/*
@@ -133,7 +133,7 @@ public class BindAuthenticatorTests {
 	public void testAuthenticationWithWrongPasswordFails() {
 		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpassword")));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpassword")));
 	}

 	@Test
@@ -78,11 +78,11 @@ public class PasswordComparisonAuthenticatorTests {
 	public void testFailedSearchGivesUserNotFoundException() throws Exception {
 		this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
 		assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available")
-				.isEmpty();
+			.isEmpty();
 		this.authenticator.setUserSearch(new MockUserSearch(null));
 		this.authenticator.afterPropertiesSet();
 		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Joe", "pass")));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Joe", "pass")));
 	}

 	@Test
@@ -90,7 +90,7 @@ public class PasswordComparisonAuthenticatorTests {
 		// Don't retrieve the password
 		this.authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpass")));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpass")));
 	}

 	@Test
@@ -146,14 +146,14 @@ public class PasswordComparisonAuthenticatorTests {
 		this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
 		this.authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
 		assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available")
-				.isEmpty();
+			.isEmpty();

 		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people"));
 		ctx.setAttributeValue("userPassword", "bobspassword");

 		this.authenticator.setUserSearch(new MockUserSearch(ctx));
 		this.authenticator
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("shouldntbeused", "bobspassword"));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("shouldntbeused", "bobspassword"));
 	}

 }
@@ -86,7 +86,7 @@ public class FilterBasedLdapUserSearchTests {
 	public void searchFailsOnMultipleMatches() {
 		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", this.contextSource);
 		assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class)
-				.isThrownBy(() -> locator.searchForUser("Ignored"));
+			.isThrownBy(() -> locator.searchForUser("Ignored"));
 	}

 	@Test
@@ -115,7 +115,7 @@ public class ApacheDSContainerTests {
 		server.setPort(ports.get(0));
 		server.setLdapOverSslEnabled(true);
 		assertThatIllegalArgumentException().isThrownBy(server::afterPropertiesSet)
-				.withMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
+			.withMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
 	}

 	@Test
@@ -137,7 +137,8 @@ public class ApacheDSContainerTests {
 		server.setKeyStoreFile(temporaryKeyStoreFile);
 		server.setCertificatePassord("incorrect-password");
 		assertThatExceptionOfType(RuntimeException.class).isThrownBy(server::afterPropertiesSet)
-				.withMessage("Server startup failed").withRootCauseInstanceOf(UnrecoverableKeyException.class);
+			.withMessage("Server startup failed")
+			.withRootCauseInstanceOf(UnrecoverableKeyException.class);
 	}

 	/**
@@ -71,9 +71,9 @@ public class ApacheDSEmbeddedLdifTests {
 	@Test // SEC-2387
 	public void customAttributeTypesShouldBeProperlyCreatedWhenLoadedFromLdif() {
 		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "uid", "objectWithCustomAttribute1"))
-				.isTrue();
+			.isTrue();
 		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "customAttribute", "I am custom"))
-				.isTrue();
+			.isTrue();
 	}

 }
@@ -52,7 +52,7 @@ public class UnboundIdContainerLdifTests {
 		this.appCtx = new AnnotationConfigApplicationContext(CustomLdifConfig.class);

 		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
-				.getBean(ContextSource.class);
+			.getBean(ContextSource.class);

 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
 		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
@@ -63,7 +63,7 @@ public class UnboundIdContainerLdifTests {
 		this.appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class);

 		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
-				.getBean(ContextSource.class);
+			.getBean(ContextSource.class);

 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
 		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
@@ -72,17 +72,17 @@ public class UnboundIdContainerLdifTests {
 	@Test
 	public void unboundIdContainerWhenMalformedLdifThenException() {
 		assertThatExceptionOfType(Exception.class)
-				.isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class))
-				.withCauseInstanceOf(IllegalStateException.class)
-				.withMessageContaining("Unable to load LDIF classpath:test-server-malformed.txt");
+			.isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class))
+			.withCauseInstanceOf(IllegalStateException.class)
+			.withMessageContaining("Unable to load LDIF classpath:test-server-malformed.txt");
 	}

 	@Test
 	public void unboundIdContainerWhenMissingLdifThenException() {
 		assertThatExceptionOfType(Exception.class)
-				.isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class))
-				.withCauseInstanceOf(IllegalStateException.class)
-				.withMessageContaining("Unable to load LDIF classpath:does-not-exist.ldif");
+			.isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class))
+			.withCauseInstanceOf(IllegalStateException.class)
+			.withMessageContaining("Unable to load LDIF classpath:does-not-exist.ldif");
 	}

 	@Test
@@ -77,7 +77,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		this.populator.setDefaultRole("ROLE_USER");

 		Collection<GrantedAuthority> authorities = this.populator
-				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
+			.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue();
 	}
@@ -112,7 +112,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));

 		Set<String> authorities = AuthorityUtils
-				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
+			.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));

 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -127,7 +127,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));

 		Set<String> authorities = AuthorityUtils
-				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
+			.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));

 		assertThat(authorities).as("Should have 2 roles").hasSize(2);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -144,7 +144,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));

 		Set<String> authorities = AuthorityUtils
-				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
+			.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));

 		assertThat(authorities).as("Should have 3 roles").hasSize(3);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -162,7 +162,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		};

 		Collection<GrantedAuthority> authorities = this.populator
-				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
+			.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_EXTRA")).isTrue();
 	}
@@ -177,7 +177,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 				new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));

 		Set<String> authorities = AuthorityUtils
-				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "notused"));
+			.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "notused"));

 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -63,7 +63,7 @@ public class LdapUserDetailsManagerModifyPasswordTests {
 	@WithMockUser(username = "bob", password = "bobspassword", authorities = "ROLE_USER")
 	public void changePasswordWhenOldPasswordIsIncorrectThenThrowsException() {
 		assertThatExceptionOfType(BadCredentialsException.class)
-				.isThrownBy(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"));
+			.isThrownBy(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"));
 	}

 	@Test
@@ -76,7 +76,7 @@ public class LdapUserDetailsManagerModifyPasswordTests {

 		assertThat(template.compare("uid=bob,ou=people", "userPassword",
 				"bobsshinynewandformidablylongandnearlyimpossibletorememberthoughdemonstrablyhardtocrackduetoitshighlevelofentropypasswordofjustice"))
-						.isTrue();
+			.isTrue();
 	}

 	@Configuration
@@ -197,13 +197,14 @@ public class LdapUserDetailsManagerTests {

 		this.mgr.createUser(p.createUserDetails());

-		SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken
-				.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
+		SecurityContextHolder.getContext()
+			.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("johnyossarian", "yossarianspassword",
+					TEST_AUTHORITIES));

 		this.mgr.changePassword("yossarianspassword", "yossariansnewpassword");

 		assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
-				.isTrue();
+			.isTrue();
 	}

 	@Test
@@ -220,13 +221,13 @@ public class LdapUserDetailsManagerTests {

 		SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
 		given(strategy.getContext()).willReturn(new SecurityContextImpl(UsernamePasswordAuthenticationToken
-				.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES)));
+			.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES)));
 		this.mgr.setSecurityContextHolderStrategy(strategy);

 		this.mgr.changePassword("yossarianspassword", "yossariansnewpassword");

 		assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
-				.isTrue();
+			.isTrue();
 		verify(strategy).getContext();
 	}

@@ -240,10 +241,11 @@ public class LdapUserDetailsManagerTests {
 		p.setPassword("yossarianspassword");
 		p.setAuthorities(TEST_AUTHORITIES);
 		this.mgr.createUser(p.createUserDetails());
-		SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken
-				.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
+		SecurityContextHolder.getContext()
+			.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("johnyossarian", "yossarianspassword",
+					TEST_AUTHORITIES));
 		assertThatExceptionOfType(BadCredentialsException.class)
-				.isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword"));
+			.isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword"));
 	}

 }
@@ -132,7 +132,7 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		assertThat(ldapAuthorities[0].getAttributes().get("member")).isNotNull();
 		assertThat(ldapAuthorities[0].getAttributes().get("member")).hasSize(3);
 		assertThat(ldapAuthorities[0].getFirstAttributeValue("member"))
-				.isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
+			.isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");

 		// java group
 		assertThat(ldapAuthorities[1].getAttributes().containsKey("member")).isTrue();
@@ -140,7 +140,7 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		assertThat(ldapAuthorities[1].getAttributes().get("member")).hasSize(3);
 		assertThat(this.groovyDevelopers.getDn()).isEqualTo(ldapAuthorities[1].getFirstAttributeValue("member"));
 		assertThat(ldapAuthorities[2].getAttributes().get("member"))
-				.contains("uid=closuredude,ou=people,dc=springframework,dc=org");
+			.contains("uid=closuredude,ou=people,dc=springframework,dc=org");

 		// test non existent attribute
 		assertThat(ldapAuthorities[2].getFirstAttributeValue("test")).isNull();
@@ -31,8 +31,9 @@ class LdapSecurityRuntimeHints implements RuntimeHintsRegistrar {

 	@Override
 	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
-		hints.reflection().registerType(TypeReference.of("com.sun.jndi.ldap.LdapCtxFactory"),
-				(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS));
+		hints.reflection()
+			.registerType(TypeReference.of("com.sun.jndi.ldap.LdapCtxFactory"),
+					(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS));
 		hints.resources().registerPattern("*.ldif");
 	}

@@ -43,7 +43,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	private static final Log log = LogFactory.getLog(SpringSecurityAuthenticationSource.class);

 	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
-			.getContextHolderStrategy();
+		.getContextHolderStrategy();

 	/**
 	 * Get the principals of the logged in user, in this case the distinguished name.
@@ -233,8 +233,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 			this.logger.debug("Failed to locate AD-specific sub-error code in message");
 			return;
 		}
-		this.logger.info(
-				LogMessage.of(() -> "Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode)));
+		this.logger
+			.info(LogMessage.of(() -> "Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode)));
 		if (this.convertSubErrorCodesToExceptions) {
 			raiseExceptionForErrorCode(subErrorCode, exception);
 		}
@@ -260,41 +260,42 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		String hexString = Integer.toHexString(code);
 		Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception);
 		switch (code) {
-		case PASSWORD_EXPIRED:
-			throw new CredentialsExpiredException(this.messages.getMessage(
-					"LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause);
-		case ACCOUNT_DISABLED:
-			throw new DisabledException(
-					this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause);
-		case ACCOUNT_EXPIRED:
-			throw new AccountExpiredException(
-					this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause);
-		case ACCOUNT_LOCKED:
-			throw new LockedException(
-					this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
-		default:
-			throw badCredentials(cause);
+			case PASSWORD_EXPIRED:
+				throw new CredentialsExpiredException(this.messages.getMessage(
+						"LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause);
+			case ACCOUNT_DISABLED:
+				throw new DisabledException(
+						this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause);
+			case ACCOUNT_EXPIRED:
+				throw new AccountExpiredException(
+						this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"),
+						cause);
+			case ACCOUNT_LOCKED:
+				throw new LockedException(
+						this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
+			default:
+				throw badCredentials(cause);
 		}
 	}

 	private String subCodeToLogMessage(int code) {
 		switch (code) {
-		case USERNAME_NOT_FOUND:
-			return "User was not found in directory";
-		case INVALID_PASSWORD:
-			return "Supplied password was invalid";
-		case NOT_PERMITTED:
-			return "User not permitted to logon at this time";
-		case PASSWORD_EXPIRED:
-			return "Password has expired";
-		case ACCOUNT_DISABLED:
-			return "Account is disabled";
-		case ACCOUNT_EXPIRED:
-			return "Account expired";
-		case PASSWORD_NEEDS_RESET:
-			return "User must reset password";
-		case ACCOUNT_LOCKED:
-			return "Account locked";
+			case USERNAME_NOT_FOUND:
+				return "User was not found in directory";
+			case INVALID_PASSWORD:
+				return "Supplied password was invalid";
+			case NOT_PERMITTED:
+				return "User not permitted to logon at this time";
+			case PASSWORD_EXPIRED:
+				return "Password has expired";
+			case ACCOUNT_DISABLED:
+				return "Account is disabled";
+			case ACCOUNT_EXPIRED:
+				return "Account expired";
+			case PASSWORD_NEEDS_RESET:
+				return "User must reset password";
+			case ACCOUNT_LOCKED:
+				return "Account locked";
 		}
 		return "Unknown (error code " + Integer.toHexString(code) + ")";
 	}
@@ -309,8 +310,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	}

 	private InternalAuthenticationServiceException badLdapConnection(Throwable cause) {
-		return new InternalAuthenticationServiceException(this.messages.getMessage(
-				"LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause);
+		return new InternalAuthenticationServiceException(this.messages
+			.getMessage("LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause);
 	}

 	private DirContextOperations searchForUser(DirContext context, String username) throws NamingException {
@@ -215,7 +215,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 				else if (tag == 1) {
 					BERIntegral error = (BERIntegral) elt.getValue();
 					PasswordPolicyResponseControl.this.errorStatus = PasswordPolicyErrorStatus.values()[error
-							.getValue()];
+						.getValue()];
 				}
 			}
 		}
@@ -128,7 +128,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 */
 	public void setSearchSubtree(boolean searchSubtree) {
 		this.searchControls
-				.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
+			.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
 	}

 	/**
@@ -157,9 +157,9 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		sb.append(getClass().getSimpleName()).append(" [");
 		sb.append("searchFilter=").append(this.searchFilter).append("; ");
 		sb.append("searchBase=").append(this.searchBase).append("; ");
-		sb.append("scope=").append(
-				(this.searchControls.getSearchScope() != SearchControls.SUBTREE_SCOPE) ? "single-level" : "subtree")
-				.append("; ");
+		sb.append("scope=")
+			.append((this.searchControls.getSearchScope() != SearchControls.SUBTREE_SCOPE) ? "single-level" : "subtree")
+			.append("; ");
 		sb.append("searchTimeLimit=").append(this.searchControls.getTimeLimit()).append("; ");
 		sb.append("derefLinkFlag=").append(this.searchControls.getDerefLinkFlag()).append(" ]");
 		return sb.toString();
@@ -84,7 +84,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private final Log logger = LogFactory.getLog(LdapUserDetailsManager.class);

 	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
-			.getContextHolderStrategy();
+		.getContextHolderStrategy();

 	/**
 	 * The strategy for mapping usernames to LDAP distinguished names. This will be used
@@ -83,7 +83,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 		}
 		// Check for PPolicy data
 		PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx
-				.getObjectAttribute(PasswordPolicyControl.OID);
+			.getObjectAttribute(PasswordPolicyControl.OID);
 		if (ppolicy != null) {
 			essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
 			essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
@@ -52,7 +52,7 @@ public class LdapUtilsTests {
 		final DirContext mockCtx = mock(DirContext.class);
 		given(mockCtx.getNameInNamespace()).willReturn("");
 		assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx))
-				.isEqualTo("cn=jane,dc=springframework,dc=org");
+			.isEqualTo("cn=jane,dc=springframework,dc=org");
 	}

 	@Test
@@ -60,7 +60,7 @@ public class LdapUtilsTests {
 		final DirContext mockCtx = mock(DirContext.class);
 		given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org");
 		assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx))
-				.isEqualTo("cn=jane smith");
+			.isEqualTo("cn=jane smith");
 	}

 	@Test
@@ -70,15 +70,15 @@ public class LdapUtilsTests {
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/")).isEqualTo("");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/")).isEqualTo("");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=springframework,dc=org"))
-				.isEqualTo("dc=springframework,dc=org");
+			.isEqualTo("dc=springframework,dc=org");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap:///dc=springframework,dc=org"))
-				.isEqualTo("dc=springframework,dc=org");
+			.isEqualTo("dc=springframework,dc=org");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/dc=springframework,dc=org"))
-				.isEqualTo("dc=springframework,dc=org");
+			.isEqualTo("dc=springframework,dc=org");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=springframework,dc=org/ou=blah"))
-				.isEqualTo("dc=springframework,dc=org/ou=blah");
+			.isEqualTo("dc=springframework,dc=org/ou=blah");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk:389/dc=springframework,dc=org/ou=blah"))
-				.isEqualTo("dc=springframework,dc=org/ou=blah");
+			.isEqualTo("dc=springframework,dc=org/ou=blah");
 	}

 }
@@ -58,8 +58,9 @@ public class SpringSecurityAuthenticationSourceTests {
 	@Test
 	public void principalIsEmptyForAnonymousUser() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored")));
+		SecurityContextHolder.getContext()
+			.setAuthentication(
+					new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored")));
 		assertThat(source.getPrincipal()).isEqualTo("");
 	}

@@ -84,7 +85,7 @@ public class SpringSecurityAuthenticationSourceTests {
 		user.setDn(new DistinguishedName("uid=joe,ou=users"));
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null));
+			.setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null));
 		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
 	}

@@ -95,7 +96,7 @@ public class SpringSecurityAuthenticationSourceTests {
 		user.setDn(new DistinguishedName("uid=joe,ou=users"));
 		SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
 		given(strategy.getContext())
-				.willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null)));
+			.willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null)));
 		SpringSecurityAuthenticationSource source = new SpringSecurityAuthenticationSource();
 		source.setSecurityContextHolderStrategy(strategy);
 		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
@@ -61,7 +61,7 @@ public class SpringSecurityLdapTemplateTests {
 		Object[] params = new Object[] {};
 		DirContextAdapter searchResultObject = mock(DirContextAdapter.class);
 		given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture()))
-				.willReturn(this.resultsEnum);
+			.willReturn(this.resultsEnum);
 		given(this.resultsEnum.hasMore()).willReturn(true, false);
 		given(this.resultsEnum.next()).willReturn(this.searchResult);
 		given(this.searchResult.getObject()).willReturn(searchResultObject);
@@ -39,8 +39,9 @@ class LdapSecurityRuntimeHintsTests {

 	@BeforeEach
 	void setup() {
-		SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories").load(RuntimeHintsRegistrar.class)
-				.forEach((registrar) -> registrar.registerHints(this.hints, ClassUtils.getDefaultClassLoader()));
+		SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+			.load(RuntimeHintsRegistrar.class)
+			.forEach((registrar) -> registrar.registerHints(this.hints, ClassUtils.getDefaultClassLoader()));
 	}

 	@Test
@@ -51,7 +52,7 @@ class LdapSecurityRuntimeHintsTests {
 	@Test
 	void ldapCtxFactoryHasHints() {
 		assertThat(RuntimeHintsPredicates.reflection().onType(TypeReference.of("com.sun.jndi.ldap.LdapCtxFactory")))
-				.accepts(this.hints);
+			.accepts(this.hints);
 	}

 }
@@ -70,7 +70,7 @@ public class LdapAuthenticationProviderTests {
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
 				() -> ldapProvider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated(null, "password")));
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> ldapProvider
-				.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("", "bobspassword")));
+			.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("", "bobspassword")));
 	}

 	@Test
@@ -151,7 +151,9 @@ public class LdapAuthenticationProviderTests {
 		given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause);
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator);
 		assertThatExceptionOfType(InternalAuthenticationServiceException.class)
-				.isThrownBy(() -> ldapProvider.authenticate(authRequest)).havingCause().isSameAs(expectedCause);
+			.isThrownBy(() -> ldapProvider.authenticate(authRequest))
+			.havingCause()
+			.isSameAs(expectedCause);
 	}

 	class MockAuthenticator implements LdapAuthenticator {
@@ -52,7 +52,8 @@ public class PasswordComparisonAuthenticatorMockTests {
 		// Setup a single return value (i.e. success)
 		final NamingEnumeration searchResults = new BasicAttributes("", null).getAll();
 		given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
-				any(SearchControls.class))).willReturn(searchResults);
+				any(SearchControls.class)))
+			.willReturn(searchResults);
 		authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Bob", "bobspassword"));
 	}

@@ -95,7 +95,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
-				.willReturn(new MockNamingEnumeration(sr));
+			.willReturn(new MockNamingEnumeration(sr));
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
@@ -112,7 +112,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
-				.willReturn(new MockNamingEnumeration(sr));
+			.willReturn(new MockNamingEnumeration(sr));
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
@@ -132,7 +132,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
-				.willReturn(new MockNamingEnumeration(sr));
+			.willReturn(new MockNamingEnumeration(sr));
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
@@ -159,7 +159,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
-				any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr));
+				any(SearchControls.class)))
+			.willReturn(new MockNamingEnumeration(sr));
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 		this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("joe@mydomain.eu", "password"));
@@ -170,7 +171,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.willThrow(new NameNotFoundException());
+			.willThrow(new NameNotFoundException());
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
@@ -181,7 +182,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.willReturn(new EmptyEnumeration<>());
+			.willReturn(new EmptyEnumeration<>());
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
@@ -204,10 +205,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		given(searchResult.getObject()).willReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2"));
 		given(searchResults.next()).willReturn(searchResult);
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.willReturn(searchResults);
+			.willReturn(searchResults);
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 		assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class)
-				.isThrownBy(() -> this.provider.authenticate(this.joe));
+			.isThrownBy(() -> this.provider.authenticate(this.joe));
 	}

 	static final String msg = "[LDAP: error code 49 - 80858585: LdapErr: DSID-DECAFF0, comment: AcceptSecurityContext error, data ";
@@ -240,9 +241,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				new AuthenticationException(msg + dataCode + ", xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe))
-				.withCauseInstanceOf(ActiveDirectoryAuthenticationException.class)
-				.satisfies((ex) -> assertThat(((ActiveDirectoryAuthenticationException) ex.getCause()).getDataCode())
-						.isEqualTo(dataCode));
+			.withCauseInstanceOf(ActiveDirectoryAuthenticationException.class)
+			.satisfies((ex) -> assertThat(((ActiveDirectoryAuthenticationException) ex.getCause()).getDataCode())
+				.isEqualTo(dataCode));
 	}

 	@Test
@@ -251,7 +252,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
 		assertThatExceptionOfType(CredentialsExpiredException.class)
-				.isThrownBy(() -> this.provider.authenticate(this.joe));
+			.isThrownBy(() -> this.provider.authenticate(this.joe));
 	}

 	@Test
@@ -302,10 +303,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		ActiveDirectoryLdapAuthenticationProvider noneReachableProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", NON_EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain");
 		noneReachableProvider
-				.setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
+			.setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
 		assertThatExceptionOfType(
 				org.springframework.security.authentication.InternalAuthenticationServiceException.class)
-						.isThrownBy(() -> noneReachableProvider.doAuthentication(this.joe));
+			.isThrownBy(() -> noneReachableProvider.doAuthentication(this.joe));
 	}

 	@Test
@@ -323,7 +324,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test
 	public void setContextEnvironmentPropertiesEmpty() {
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> this.provider.setContextEnvironmentProperties(new Hashtable<>()));
+			.isThrownBy(() -> this.provider.setContextEnvironmentProperties(new Hashtable<>()));
 	}

 	@Test
@@ -332,9 +333,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory");
 		this.provider.setContextEnvironmentProperties(env);
 		assertThatExceptionOfType(InternalAuthenticationServiceException.class)
-				.isThrownBy(() -> this.provider.authenticate(this.joe))
-				.withCauseInstanceOf(org.springframework.ldap.CommunicationException.class)
-				.withRootCauseInstanceOf(ClassNotFoundException.class);
+			.isThrownBy(() -> this.provider.authenticate(this.joe))
+			.withCauseInstanceOf(org.springframework.ldap.CommunicationException.class)
+			.withRootCauseInstanceOf(ClassNotFoundException.class);
 	}

 	ContextFactory createContextFactoryThrowing(final NamingException ex) {
@@ -364,7 +365,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		@SuppressWarnings("deprecation")
 		DistinguishedName searchBaseDn = new DistinguishedName(rootDn);
 		given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr));
+			.willReturn(new MockNamingEnumeration(sr))
+			.willReturn(new MockNamingEnumeration(sr));
 		provider.contextFactory = createContextFactoryReturning(ctx);
 		Authentication result = provider.authenticate(this.joe);
 		assertThat(result.getAuthorities()).isEmpty();
@@ -115,7 +115,7 @@ public class InetOrgPersonMixinTests {
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		assertThatExceptionOfType(JsonProcessingException.class)
-				.isThrownBy(() -> new ObjectMapper().readValue(INET_ORG_PERSON_JSON, InetOrgPerson.class));
+			.isThrownBy(() -> new ObjectMapper().readValue(INET_ORG_PERSON_JSON, InetOrgPerson.class));
 	}

 	@Test
@@ -129,7 +129,7 @@ public class InetOrgPersonMixinTests {
 		assertThat(authentication.getCarLicense()).isEqualTo(expectedAuthentication.getCarLicense());
 		assertThat(authentication.getDepartmentNumber()).isEqualTo(expectedAuthentication.getDepartmentNumber());
 		assertThat(authentication.getDestinationIndicator())
-				.isEqualTo(expectedAuthentication.getDestinationIndicator());
+			.isEqualTo(expectedAuthentication.getDestinationIndicator());
 		assertThat(authentication.getDn()).isEqualTo(expectedAuthentication.getDn());
 		assertThat(authentication.getDescription()).isEqualTo(expectedAuthentication.getDescription());
 		assertThat(authentication.getDisplayName()).isEqualTo(expectedAuthentication.getDisplayName());
@@ -153,14 +153,14 @@ public class InetOrgPersonMixinTests {
 		assertThat(authentication.getGivenName()).isEqualTo(expectedAuthentication.getGivenName());
 		assertThat(authentication.getTelephoneNumber()).isEqualTo(expectedAuthentication.getTelephoneNumber());
 		assertThat(authentication.getGraceLoginsRemaining())
-				.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
+			.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
 		assertThat(authentication.getTimeBeforeExpiration())
-				.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
+			.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
 		assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired());
 		assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked());
 		assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled());
 		assertThat(authentication.isCredentialsNonExpired())
-				.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
+			.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
 	}

 	private DirContextAdapter createUserContext() {
@@ -91,14 +91,14 @@ public class LdapUserDetailsImplMixinTests {
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		assertThatExceptionOfType(JsonProcessingException.class)
-				.isThrownBy(() -> new ObjectMapper().readValue(USER_JSON, LdapUserDetailsImpl.class));
+			.isThrownBy(() -> new ObjectMapper().readValue(USER_JSON, LdapUserDetailsImpl.class));
 	}

 	@Test
 	public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
 		LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
 		LdapUserDetailsImpl expectedAuthentication = (LdapUserDetailsImpl) mapper
-				.mapUserFromContext(createUserContext(), "ghengis", AuthorityUtils.NO_AUTHORITIES);
+			.mapUserFromContext(createUserContext(), "ghengis", AuthorityUtils.NO_AUTHORITIES);

 		LdapUserDetailsImpl authentication = this.mapper.readValue(USER_JSON, LdapUserDetailsImpl.class);
 		assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
@@ -106,14 +106,14 @@ public class LdapUserDetailsImplMixinTests {
 		assertThat(authentication.getUsername()).isEqualTo(expectedAuthentication.getUsername());
 		assertThat(authentication.getPassword()).isEqualTo(expectedAuthentication.getPassword());
 		assertThat(authentication.getGraceLoginsRemaining())
-				.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
+			.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
 		assertThat(authentication.getTimeBeforeExpiration())
-				.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
+			.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
 		assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired());
 		assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked());
 		assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled());
 		assertThat(authentication.isCredentialsNonExpired())
-				.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
+			.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
 	}

 	private DirContextAdapter createUserContext() {
@@ -94,7 +94,7 @@ public class PersonMixinTests {
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		assertThatExceptionOfType(JsonProcessingException.class)
-				.isThrownBy(() -> new ObjectMapper().readValue(PERSON_JSON, Person.class));
+			.isThrownBy(() -> new ObjectMapper().readValue(PERSON_JSON, Person.class));
 	}

 	@Test
@@ -113,14 +113,14 @@ public class PersonMixinTests {
 		assertThat(authentication.getGivenName()).isEqualTo(expectedAuthentication.getGivenName());
 		assertThat(authentication.getTelephoneNumber()).isEqualTo(expectedAuthentication.getTelephoneNumber());
 		assertThat(authentication.getGraceLoginsRemaining())
-				.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
+			.isEqualTo(expectedAuthentication.getGraceLoginsRemaining());
 		assertThat(authentication.getTimeBeforeExpiration())
-				.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
+			.isEqualTo(expectedAuthentication.getTimeBeforeExpiration());
 		assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired());
 		assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked());
 		assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled());
 		assertThat(authentication.isCredentialsNonExpired())
-				.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
+			.isEqualTo(expectedAuthentication.isCredentialsNonExpired());
 	}

 	private DirContextAdapter createUserContext() {
@@ -72,7 +72,7 @@ public class PasswordPolicyAwareContextSourceTests {
 	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
 		willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class));
 		assertThatExceptionOfType(UncategorizedLdapException.class)
-				.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
+			.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
 	}

 	@Test
@@ -81,7 +81,7 @@ public class PasswordPolicyAwareContextSourceTests {
 				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
 		willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class));
 		assertThatExceptionOfType(PasswordPolicyException.class)
-				.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
+			.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
 	}

 }
@@ -43,7 +43,7 @@ public class LdapUserDetailsServiceTests {
 	@Test
 	public void rejectsNullSearchObject() {
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator()));
+			.isThrownBy(() -> new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator()));
 	}

 	@Test