Merge branch '5.8.x' into 6.0.x

Closes gh-13882
2026-05-22 21:33:16 +00:00 · 2023-09-29 11:46:00 -03:00
parent 5351fe43da 64e2a2ff8b
commit 92c82191c9
1152 changed files with 10637 additions and 8548 deletions
@@ -174,7 +174,7 @@ public abstract class AbstractAuthorizeTag {

 	private SecurityContext getContext() {
 		ApplicationContext appContext = SecurityWebApplicationContextUtils
-				.findRequiredWebApplicationContext(getServletContext());
+			.findRequiredWebApplicationContext(getServletContext());
 		String[] names = appContext.getBeanNamesForType(SecurityContextHolderStrategy.class);
 		if (names.length == 1) {
 			SecurityContextHolderStrategy strategy = appContext.getBean(SecurityContextHolderStrategy.class);
@@ -186,11 +186,11 @@ public abstract class AbstractAuthorizeTag {
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
 		ApplicationContext appContext = SecurityWebApplicationContextUtils
-				.findRequiredWebApplicationContext(getServletContext());
+			.findRequiredWebApplicationContext(getServletContext());
 		Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class);
 		for (SecurityExpressionHandler handler : handlers.values()) {
-			if (FilterInvocation.class.equals(
-					GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
+			if (FilterInvocation.class
+				.equals(GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
 				return handler;
 			}
 		}
@@ -200,12 +200,12 @@ public abstract class AbstractAuthorizeTag {

 	private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
 		WebInvocationPrivilegeEvaluator privEvaluatorFromRequest = (WebInvocationPrivilegeEvaluator) getRequest()
-				.getAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE);
+			.getAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE);
 		if (privEvaluatorFromRequest != null) {
 			return privEvaluatorFromRequest;
 		}
 		ApplicationContext ctx = SecurityWebApplicationContextUtils
-				.findRequiredWebApplicationContext(getServletContext());
+			.findRequiredWebApplicationContext(getServletContext());
 		Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
 		if (wipes.size() == 0) {
 			throw new IOException(
@@ -58,7 +58,7 @@ public class AccessControlListTag extends TagSupport {
 	protected static final Log logger = LogFactory.getLog(AccessControlListTag.class);

 	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
-			.getContextHolderStrategy();
+		.getContextHolderStrategy();

 	private ApplicationContext applicationContext;

@@ -152,7 +152,7 @@ public class AccessControlListTag extends TagSupport {
 		String[] names = this.applicationContext.getBeanNamesForType(SecurityContextHolderStrategy.class);
 		if (names.length == 1) {
 			SecurityContextHolderStrategy strategy = this.applicationContext
-					.getBean(SecurityContextHolderStrategy.class);
+				.getBean(SecurityContextHolderStrategy.class);
 			this.securityContextHolderStrategy = strategy;
 		}
 	}
@@ -160,7 +160,7 @@ public class AccessControlListTag extends TagSupport {
 	private <T> T getBeanOfType(Class<T> type) throws JspException {
 		Map<String, T> map = this.applicationContext.getBeansOfType(type);
 		for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context
-				.getParent()) {
+			.getParent()) {
 			map.putAll(context.getBeansOfType(type));
 		}
 		if (map.size() == 0) {
@@ -47,7 +47,7 @@ import org.springframework.web.util.TagUtils;
 public class AuthenticationTag extends TagSupport {

 	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
-			.getContextHolderStrategy();
+		.getContextHolderStrategy();

 	private String var;

@@ -87,7 +87,7 @@ public class AuthenticationTag extends TagSupport {
 		super.setPageContext(pageContext);
 		ServletContext servletContext = pageContext.getServletContext();
 		ApplicationContext context = SecurityWebApplicationContextUtils
-				.findRequiredWebApplicationContext(servletContext);
+			.findRequiredWebApplicationContext(servletContext);
 		String[] names = context.getBeanNamesForType(SecurityContextHolderStrategy.class);
 		if (names.length == 1) {
 			SecurityContextHolderStrategy strategy = context.getBean(SecurityContextHolderStrategy.class);
@@ -113,7 +113,7 @@ public class AbstractAuthorizeTagTests {
 		this.tag.setUrl(uri);
 		WebApplicationContext wac = mock(WebApplicationContext.class);
 		given(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
-				.willReturn(Collections.singletonMap("wipe", expected));
+			.willReturn(Collections.singletonMap("wipe", expected));
 		given(wac.getBeanNamesForType(SecurityContextHolderStrategy.class)).willReturn(new String[0]);
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 		this.tag.authorizeUsingUrlCheck();
@@ -128,7 +128,7 @@ public class AbstractAuthorizeTagTests {
 		this.tag.setAccess("permitAll");
 		WebApplicationContext wac = mock(WebApplicationContext.class);
 		given(wac.getBeansOfType(SecurityExpressionHandler.class))
-				.willReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
+			.willReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
 		given(wac.getBeanNamesForType(SecurityContextHolderStrategy.class)).willReturn(new String[0]);
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 		assertThat(this.tag.authorize()).isTrue();
@@ -123,7 +123,7 @@ public class AccessControlListTagTests {
 	public void childContext() throws Exception {
 		ServletContext servletContext = this.pageContext.getServletContext();
 		WebApplicationContext wac = (WebApplicationContext) servletContext
-				.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
+			.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 		Object domainObject = new Object();
@@ -68,8 +68,8 @@ public class AuthenticationTagTests {

 	@Test
 	public void testOperationWhenPrincipalIsAString() throws JspException {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES));
+		SecurityContextHolder.getContext()
+			.setAuthentication(new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES));
 		this.authenticationTag.setProperty("principal");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -88,7 +88,7 @@ public class AuthenticationTagTests {
 	@Test
 	public void testOperationWhenPrincipalIsNull() throws JspException {
 		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES));
+			.setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES));
 		this.authenticationTag.setProperty("principal");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -66,7 +66,7 @@ public class AuthorizeTagTests {
 		SecurityContextHolder.getContext().setAuthentication(this.currentUser);
 		StaticWebApplicationContext ctx = new StaticWebApplicationContext();
 		BeanDefinitionBuilder webExpressionHandler = BeanDefinitionBuilder
-				.rootBeanDefinition(DefaultWebSecurityExpressionHandler.class);
+			.rootBeanDefinition(DefaultWebSecurityExpressionHandler.class);
 		webExpressionHandler.addPropertyValue("permissionEvaluator", this.permissionEvaluator);
 		ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition());
 		ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class);
@@ -59,7 +59,7 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
-				.isEqualTo("");
+			.isEqualTo("");
 	}

 	@Test
@@ -70,7 +70,7 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
-				.isEqualTo("fooBarBazQux");
+			.isEqualTo("fooBarBazQux");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
 	}

@@ -82,7 +82,7 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
-				.isEqualTo("<input type=\"hidden\" />");
+			.isEqualTo("<input type=\"hidden\" />");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
 	}

@@ -42,7 +42,7 @@ public class CsrfInputTagTests {
 		String value = this.tag.handleToken(token);
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
-				.isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
+			.isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
 	}

 	@Test
@@ -51,7 +51,7 @@ public class CsrfInputTagTests {
 		String value = this.tag.handleToken(token);
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
-				.isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
+			.isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
 	}

 }
@@ -42,9 +42,9 @@ public class CsrfMetaTagsTagTests {
 		String value = this.tag.handleToken(token);
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
-				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"
-						+ "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />"
-						+ "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
+			.isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"
+					+ "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />"
+					+ "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
 	}

 	@Test
@@ -53,9 +53,9 @@ public class CsrfMetaTagsTagTests {
 		String value = this.tag.handleToken(token);
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
-				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />"
-						+ "<meta name=\"_csrf_header\" content=\"csrfHeader\" />"
-						+ "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
+			.isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />"
+					+ "<meta name=\"_csrf_header\" content=\"csrfHeader\" />"
+					+ "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
 	}

 }