From a5aa6b3d7f2f29cd45c40079b6cc1fa27fb85acc Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Sat, 1 Aug 2020 19:33:21 -0700 Subject: [PATCH] Remove blank lines from all tests Remove all blank lines from test code so that test methods are visually grouped together. This generally helps to make the test classes easer to scan, however, the "given" / "when" / "then" blocks used by some tests are now not as easy to discern. Issue gh-8945 --- .../acls/AclFormattingUtilsTests.java | 11 - .../AclPermissionCacheOptimizerTests.java | 4 - .../acls/AclPermissionEvaluatorTests.java | 6 - ...ationCollectionFilteringProviderTests.java | 3 - .../AclEntryAfterInvocationProviderTests.java | 4 - .../domain/AccessControlImplEntryTests.java | 7 - .../security/acls/domain/AclImplTests.java | 37 --- .../AclImplementationSecurityCheckTests.java | 27 -- .../acls/domain/AuditLoggerTests.java | 1 - .../acls/domain/ObjectIdentityImplTests.java | 11 - ...ectIdentityRetrievalStrategyImplTests.java | 2 - .../security/acls/domain/PermissionTests.java | 7 - .../AbstractBasicLookupStrategyTests.java | 30 --- .../BasicLookupStrategyTestsDbHelper.java | 2 - .../security/acls/jdbc/DatabaseSeeder.java | 1 - .../acls/jdbc/EhCacheBasedAclCacheTests.java | 34 --- .../acls/jdbc/JdbcAclServiceTests.java | 8 - .../acls/jdbc/JdbcMutableAclServiceTests.java | 63 ----- ...cMutableAclServiceTestsWithAclClassId.java | 2 - .../jdbc/SpringCacheBasedAclCacheTests.java | 16 -- .../acls/sid/SidRetrievalStrategyTests.java | 4 - .../security/acls/sid/SidTests.java | 25 -- .../aspect/AnnotationSecurityAspectTests.java | 2 - .../AbstractStatelessTicketCacheTests.java | 2 - .../CasAuthenticationProviderTests.java | 43 ---- .../CasAuthenticationTokenTests.java | 20 -- .../EhCacheBasedTicketCacheTests.java | 7 - .../SpringCacheBasedTicketCacheTests.java | 4 - .../CasAuthenticationTokenMixinTests.java | 1 - .../web/CasAuthenticationEntryPointTests.java | 12 - .../cas/web/CasAuthenticationFilterTests.java | 15 -- .../cas/web/ServicePropertiesTests.java | 2 - ...aultServiceAuthenticationDetailsTests.java | 1 - .../rsocket/HelloRSocketITests.java | 2 - .../config/annotation/rsocket/JwtITests.java | 5 - ...RSocketMessageHandlerConnectionITests.java | 14 -- .../rsocket/RSocketMessageHandlerITests.java | 10 - .../rsocket/SimpleAuthenticationITests.java | 3 - .../security/config/DataSourcePopulator.java | 2 - .../config/FilterChainProxyConfigTests.java | 7 - .../MockUserServiceBeanPostProcessor.java | 1 - .../config/SecurityNamespaceHandlerTests.java | 3 - ...SecurityConfigurerAdapterClosureTests.java | 2 - .../SecurityConfigurerAdapterTests.java | 1 - .../AuthenticationManagerBuilderTests.java | 17 -- .../NamespaceAuthenticationManagerTests.java | 5 - .../NamespaceAuthenticationProviderTests.java | 2 - .../NamespaceJdbcUserServiceTests.java | 3 - .../NamespacePasswordEncoderTests.java | 4 - .../PasswordEncoderConfigurerTests.java | 1 - ...thenticationConfigurationPublishTests.java | 1 - .../AuthenticationConfigurationTests.java | 30 --- .../EnableGlobalAuthenticationTests.java | 6 - ...AuthenticationProviderConfigurerTests.java | 1 - .../UserDetailsManagerConfigurerTests.java | 7 - ...reBeanFactoryObjectPostProcessorTests.java | 15 -- .../annotation/issue50/ApplicationConfig.java | 2 - .../EnableReactiveMethodSecurityTests.java | 59 ----- ...lobalMethodSecurityConfigurationTests.java | 30 +-- ...lMethodSecurityExpressionHandlerTests.java | 6 - .../NamespaceGlobalMethodSecurityTests.java | 44 ---- ...ctiveMethodSecurityConfigurationTests.java | 9 - ...SampleEnableGlobalMethodSecurityTests.java | 4 - .../annotation/sec2758/Sec2758Tests.java | 5 - ...RequestMatcherRegistryAnyMatcherTests.java | 5 - ...mpleWebSecurityConfigurerAdapterTests.java | 25 -- ...curityConfigurerAdapterPowermockTests.java | 7 - .../WebSecurityConfigurerAdapterTests.java | 23 -- .../web/builders/HttpConfigurationTests.java | 3 - .../web/builders/NamespaceHttpTests.java | 40 --- .../web/builders/WebSecurityTests.java | 23 -- ...icationPrincipalArgumentResolverTests.java | 5 - .../configuration/EnableWebSecurityTests.java | 7 - .../HttpSecurityConfigurationTests.java | 12 - .../OAuth2ClientConfigurationTests.java | 17 -- .../web/configuration/Sec2515Tests.java | 1 - ...ntextConfigurationResourceServerTests.java | 3 - ...urityReactorContextConfigurationTests.java | 14 -- .../WebMvcSecurityConfigurationTests.java | 1 - .../WebSecurityConfigurationTests.java | 31 --- .../configuration/sec2377/Sec2377Tests.java | 2 - ...gAttributeRequestMatcherRegistryTests.java | 4 - .../configurers/AnonymousConfigurerTests.java | 4 - .../configurers/AuthorizeRequestsTests.java | 82 ------ .../ChannelSecurityConfigurerTests.java | 6 - .../web/configurers/CorsConfigurerTests.java | 12 - ...onfigurerIgnoringRequestMatchersTests.java | 12 - .../CsrfConfigurerNoWebMvcTests.java | 3 - .../web/configurers/CsrfConfigurerTests.java | 41 --- .../web/configurers/DefaultFiltersTests.java | 4 - .../DefaultLoginPageConfigurerTests.java | 18 -- ...ingConfigurerAccessDeniedHandlerTests.java | 6 - .../ExceptionHandlingConfigurerTests.java | 25 -- ...essionUrlAuthorizationConfigurerTests.java | 51 ---- .../configurers/FormLoginConfigurerTests.java | 38 --- .../HeadersConfigurerEagerHeadersTests.java | 1 - .../configurers/HeadersConfigurerTests.java | 34 --- .../configurers/HttpBasicConfigurerTests.java | 8 - .../HttpSecurityAntMatchersTests.java | 5 - .../configurers/HttpSecurityLogoutTests.java | 5 - .../HttpSecurityRequestMatchersTests.java | 44 ---- .../web/configurers/Issue55Tests.java | 3 - .../web/configurers/JeeConfigurerTests.java | 6 - .../LogoutConfigurerClearSiteDataTests.java | 3 - .../configurers/LogoutConfigurerTests.java | 18 -- .../configurers/NamespaceHttpBasicTests.java | 20 -- .../NamespaceHttpFormLoginTests.java | 9 - .../NamespaceHttpHeadersTests.java | 12 - .../NamespaceHttpInterceptUrlTests.java | 9 - .../configurers/NamespaceHttpJeeTests.java | 7 - .../configurers/NamespaceHttpLogoutTests.java | 7 - .../NamespaceHttpOpenIDLoginTests.java | 9 - .../NamespaceHttpPortMappingsTests.java | 3 - .../NamespaceHttpRequestCacheTests.java | 2 - ...aceHttpServerAccessDeniedHandlerTests.java | 3 - .../configurers/NamespaceHttpX509Tests.java | 3 - .../configurers/NamespaceRememberMeTests.java | 27 -- .../NamespaceSessionManagementTests.java | 31 --- .../configurers/PermitAllSupportTests.java | 1 - .../PortMapperConfigurerTests.java | 3 - .../RememberMeConfigurerTests.java | 16 -- .../RequestCacheConfigurerTests.java | 35 --- .../RequestMatcherConfigurerTests.java | 2 - .../SecurityContextConfigurerTests.java | 7 - .../ServletApiConfigurerTests.java | 18 -- ...ionManagementConfigurerServlet31Tests.java | 4 - ...tConfigurerSessionCreationPolicyTests.java | 10 - .../SessionManagementConfigurerTests.java | 31 --- ...onfigurerTransientAuthenticationTests.java | 2 - .../UrlAuthorizationConfigurerTests.java | 23 -- .../configurers/UrlAuthorizationsTests.java | 7 - .../web/configurers/X509ConfigurerTests.java | 4 - .../client/OAuth2ClientConfigurerTests.java | 20 -- .../client/OAuth2LoginConfigurerTests.java | 68 ----- .../OAuth2ResourceServerConfigurerTests.java | 236 ------------------ .../openid/OpenIDLoginConfigurerTests.java | 12 - .../saml2/Saml2LoginConfigurerTests.java | 6 - ...geSecurityMetadataSourceRegistryTests.java | 31 --- .../reactive/EnableWebFluxSecurityTests.java | 21 -- .../ServerHttpSecurityConfigurationTests.java | 2 - .../WebFluxSecurityConfigurationTests.java | 2 - ...SocketMessageBrokerConfigurerDocTests.java | 3 - ...WebSocketMessageBrokerConfigurerTests.java | 59 ----- ...uthenticationConfigurationGh3935Tests.java | 3 - ...ationManagerBeanDefinitionParserTests.java | 3 - ...tionProviderBeanDefinitionParserTests.java | 5 - ...cUserServiceBeanDefinitionParserTests.java | 5 +- .../PasswordEncoderParserTests.java | 2 - .../UserServiceBeanDefinitionParserTests.java | 1 - .../core/GrantedAuthorityDefaultsJcTests.java | 13 - .../GrantedAuthorityDefaultsXmlTests.java | 13 - .../UserDetailsResourceFactoryBeanTests.java | 6 - ...ityDebugBeanFactoryPostProcessorTests.java | 1 - .../security/config/doc/Element.java | 12 - .../config/doc/SpringSecurityXsdParser.java | 11 - .../security/config/doc/XmlNode.java | 1 - .../security/config/doc/XmlParser.java | 1 - .../security/config/doc/XmlSupport.java | 1 - .../config/doc/XsdDocumentedTests.java | 29 --- .../config/http/AccessDeniedConfigTests.java | 5 - .../security/config/http/CsrfConfigTests.java | 67 ----- .../DefaultFilterChainValidatorTests.java | 3 - ...tadataSourceBeanDefinitionParserTests.java | 3 - .../FormLoginBeanDefinitionParserTests.java | 19 -- .../config/http/FormLoginConfigTests.java | 29 --- .../security/config/http/HttpConfigTests.java | 7 - .../config/http/HttpCorsConfigTests.java | 12 - .../config/http/HttpHeadersConfigTests.java | 113 --------- .../config/http/HttpInterceptUrlTests.java | 5 - .../config/http/InterceptUrlConfigTests.java | 37 --- .../config/http/MiscHttpConfigTests.java | 120 --------- .../http/MultiHttpBlockConfigTests.java | 6 - .../config/http/NamespaceHttpBasicTests.java | 5 - ...OAuth2ClientBeanDefinitionParserTests.java | 21 -- .../OAuth2LoginBeanDefinitionParserTests.java | 66 ----- ...sourceServerBeanDefinitionParserTests.java | 133 ---------- .../config/http/OpenIDConfigTests.java | 24 -- .../http/PlaceHolderAndELConfigTests.java | 32 --- .../config/http/RememberMeConfigTests.java | 53 ---- ...yContextHolderAwareRequestConfigTests.java | 53 ---- ...SessionManagementConfigServlet31Tests.java | 12 - .../http/SessionManagementConfigTests.java | 85 ------- ...entConfigTransientAuthenticationTests.java | 2 - .../CustomHttpSecurityConfigurerTests.java | 11 - ...thodSecurityBeanDefinitionParserTests.java | 15 -- ...ptMethodsBeanDefinitionDecoratorTests.java | 3 - ...tationDrivenBeanDefinitionParserTests.java | 4 - .../security/config/method/Sec2196Tests.java | 2 - ...tationDrivenBeanDefinitionParserTests.java | 5 - .../config/method/sec2136/Sec2136Tests.java | 1 - ...egistrationsBeanDefinitionParserTests.java | 10 - .../config/test/SpringTestContext.java | 2 - .../util/InMemoryXmlApplicationContext.java | 1 - .../server/AuthorizeExchangeSpecTests.java | 15 -- .../config/web/server/CorsSpecTests.java | 2 - .../server/ExceptionHandlingSpecTests.java | 16 -- .../config/web/server/FormLoginTests.java | 57 ----- .../config/web/server/HeaderSpecTests.java | 42 +--- .../web/server/HttpsRedirectSpecTests.java | 17 -- .../config/web/server/LogoutSpecTests.java | 38 --- .../web/server/OAuth2ClientSpecTests.java | 16 -- .../config/web/server/OAuth2LoginTests.java | 66 ----- .../server/OAuth2ResourceServerSpecTests.java | 62 ----- .../config/web/server/RequestCacheTests.java | 15 -- .../web/server/ServerHttpSecurityTests.java | 64 ----- .../WebSocketMessageBrokerConfigTests.java | 80 ------ .../server/HtmlUnitWebTestClient.java | 4 - ...bTestClientHtmlUnitDriverBuilderTests.java | 6 - .../server/WebTestClientWebConnection.java | 2 - ...SecurityInterceptorWithAopConfigTests.java | 9 - .../security/PopulatedDatabase.java | 8 - .../security/TargetObject.java | 2 - .../security/access/AuthorizedEventTests.java | 1 - .../security/access/SecurityConfigTests.java | 6 - .../annotation/BusinessServiceImpl.java | 1 - ...xpressionProtectedBusinessServiceImpl.java | 2 - .../annotation/Jsr250BusinessServiceImpl.java | 1 - ...r250MethodSecurityMetadataSourceTests.java | 12 - .../access/annotation/Jsr250VoterTests.java | 4 - ...AnnotationSecurityMetadataSourceTests.java | 28 --- ...bstractSecurityExpressionHandlerTests.java | 1 - .../SecurityExpressionRootTests.java | 2 - ...tMethodSecurityExpressionHandlerTests.java | 21 -- .../method/MethodExpressionVoterTests.java | 5 +- .../MethodSecurityExpressionRootTests.java | 7 - ...AnnotationSecurityMetadataSourceTests.java | 9 - .../HierarchicalRolesTestHelper.java | 5 - .../RoleHierarchyAuthoritiesMapperTests.java | 5 - .../RoleHierarchyImplTests.java | 26 -- .../RoleHierarchyUtilsTests.java | 7 - .../hierarchicalroles/TestHelperTests.java | 15 -- .../AbstractSecurityInterceptorTests.java | 1 - .../AfterInvocationProviderManagerTests.java | 12 - .../InterceptorStatusTokenTests.java | 1 - .../RunAsImplAuthenticationProviderTests.java | 5 - .../intercept/RunAsManagerImplTests.java | 15 -- .../access/intercept/RunAsUserTokenTests.java | 1 - .../MethodSecurityInterceptorTests.java | 13 - ...hodSecurityMetadataSourceAdvisorTests.java | 2 - ...AspectJMethodSecurityInterceptorTests.java | 11 - ...asedMethodSecurityMetadataSourceTests.java | 1 - ...thodInvocationPrivilegeEvaluatorTests.java | 7 - .../AbstractAccessDecisionManagerTests.java | 9 - .../access/vote/AffirmativeBasedTests.java | 5 - .../access/vote/AuthenticatedVoterTests.java | 2 - .../access/vote/ConsensusBasedTests.java | 14 -- .../security/access/vote/DenyAgainVoter.java | 3 - .../security/access/vote/DenyVoter.java | 3 - .../access/vote/RoleHierarchyVoterTests.java | 2 - .../access/vote/UnanimousBasedTests.java | 16 -- .../AbstractAuthenticationTokenTests.java | 11 - .../AuthenticationTrustResolverImplTests.java | 2 - ...aultAuthenticationEventPublisherTests.java | 6 - ...ingReactiveAuthenticationManagerTests.java | 6 - .../authentication/ProviderManagerTests.java | 20 -- ...tiveAuthenticationManagerAdapterTests.java | 6 - ...ailsServiceAuthenticationManagerTests.java | 11 - .../TestingAuthenticationProviderTests.java | 2 - .../TestingAuthenticationTokenTests.java | 3 - ...oryReactiveAuthenticationManagerTests.java | 21 -- ...rnamePasswordAuthenticationTokenTests.java | 6 - .../AnonymousAuthenticationProviderTests.java | 8 - .../AnonymousAuthenticationTokenTests.java | 10 - .../dao/DaoAuthenticationProviderTests.java | 90 ------- .../event/AuthenticationEventTests.java | 4 - .../event/LoggerListenerTests.java | 2 - ...efaultJaasAuthenticationProviderTests.java | 21 -- .../jaas/JaasAuthenticationProviderTests.java | 27 -- .../authentication/jaas/JaasEventCheck.java | 1 - .../authentication/jaas/Sec760Tests.java | 2 - .../jaas/SecurityContextLoginModuleTests.java | 3 - .../jaas/TestAuthorityGranter.java | 2 - .../authentication/jaas/TestLoginModule.java | 7 - .../memory/InMemoryConfigurationTests.java | 1 - .../RemoteAuthenticationManagerImplTests.java | 5 - .../RemoteAuthenticationProviderTests.java | 9 - ...RememberMeAuthenticationProviderTests.java | 8 - .../RememberMeAuthenticationTokenTests.java | 10 - ...atedReactiveAuthorizationManagerTests.java | 7 - ...rityReactiveAuthorizationManagerTests.java | 17 -- ...elegatingSecurityContextRunnableTests.java | 1 - .../DelegatingApplicationListenerTests.java | 4 - .../core/SpringSecurityCoreVersionTests.java | 16 -- .../SpringSecurityMessageSourceTests.java | 5 - .../core/authority/AuthorityUtilsTests.java | 2 - .../SimpleGrantedAuthorityTests.java | 4 - .../mapping/SimpleAuthoritiesMapperTests.java | 3 - .../ReactiveSecurityContextHolderTests.java | 9 - .../context/SecurityContextHolderTests.java | 1 - ...tSecurityParameterNameDiscovererTests.java | 7 - .../core/session/SessionInformationTests.java | 4 - .../session/SessionRegistryImplTests.java | 26 -- .../core/token/DefaultTokenTests.java | 2 - .../MapReactiveUserDetailsServiceTests.java | 2 - .../userdetails/MockUserDetailsService.java | 1 - .../security/core/userdetails/UserTests.java | 14 -- .../cache/EhCacheBasedUserCacheTests.java | 6 - .../cache/SpringCacheBasedUserCacheTests.java | 3 - .../userdetails/jdbc/JdbcDaoImplTests.java | 17 -- .../memory/UserAttributeEditorTests.java | 9 - ...nonymousAuthenticationTokenMixinTests.java | 1 - .../BadCredentialsExceptionMixinTests.java | 1 - ...memberMeAuthenticationTokenMixinTests.java | 2 - .../jackson2/SecurityContextMixinTests.java | 1 - .../SecurityJackson2ModulesTests.java | 5 - .../SimpleGrantedAuthorityMixinTests.java | 6 - .../jackson2/UserDeserializerTests.java | 4 - .../InMemoryUserDetailsManagerTests.java | 1 - .../JdbcUserDetailsManagerTests.java | 32 --- .../security/util/FieldUtilsTests.java | 2 - .../util/MethodInvocationUtilsTests.java | 3 - .../argon2/Argon2PasswordEncoderTests.java | 16 -- .../bcrypt/BCryptPasswordEncoderTests.java | 3 - .../security/crypto/bcrypt/BCryptTests.java | 9 - .../security/crypto/codec/Utf8Tests.java | 2 - .../encrypt/AesBytesEncryptorTests.java | 5 - ...stleAesBytesEncryptorEquivalencyTests.java | 1 - .../crypto/encrypt/CryptoAssumptions.java | 1 - .../PasswordEncoderFactoriesTests.java | 1 - .../DelegatingPasswordEncoderTests.java | 22 -- .../password/LdapShaPasswordEncoderTests.java | 3 - .../password/Md4PasswordEncoderTests.java | 1 - .../MessageDigestPasswordEncoderTests.java | 1 - .../password/Pbkdf2PasswordEncoderTests.java | 5 - .../scrypt/SCryptPasswordEncoderTests.java | 5 - ...curityEvaluationContextExtensionTests.java | 4 - .../security/ldap/LdapUtilsTests.java | 5 - ...ringSecurityAuthenticationSourceTests.java | 4 - .../ldap/SpringSecurityLdapTemplateTests.java | 3 - .../LdapAuthenticationProviderTests.java | 16 -- ...swordComparisonAuthenticatorMockTests.java | 6 - ...ectoryLdapAuthenticationProviderTests.java | 38 --- ...PasswordPolicyAwareContextSourceTests.java | 4 - .../PasswordPolicyControlFactoryTests.java | 2 - .../PasswordPolicyResponseControlTests.java | 10 - .../ldap/userdetails/InetOrgPersonTests.java | 8 - .../userdetails/LdapUserDetailsImplTests.java | 1 - .../LdapUserDetailsMapperTests.java | 14 -- .../LdapUserDetailsServiceTests.java | 4 - ...sServiceLdapAuthoritiesPopulatorTests.java | 2 - ...MessageSecurityExpressionHandlerTests.java | 5 - ...ageSecurityMetadataSourceFactoryTests.java | 7 - ...MessageExpressionConfigAttributeTests.java | 3 - .../MessageExpressionVoterTests.java | 4 - .../ChannelSecurityInterceptorTests.java | 12 - ...ultMessageSecurityMetadataSourceTests.java | 3 - ...ecurityContextChannelInterceptorTests.java | 36 --- .../handler/invocation/ResolvableMethod.java | 7 - .../util/matcher/AndMessageMatcherTests.java | 5 - .../util/matcher/OrMessageMatcherTests.java | 5 - .../SimpDestinationMessageMatcherTests.java | 18 -- .../matcher/SimpMessageTypeMatcherTests.java | 3 - .../web/csrf/CsrfChannelInterceptorTests.java | 13 - .../CsrfTokenHandshakeInterceptorTests.java | 4 - ...deOAuth2AuthorizedClientProviderTests.java | 1 - ...veOAuth2AuthorizedClientProviderTests.java | 1 - ...iceOAuth2AuthorizedClientManagerTests.java | 37 --- ...iveOAuth2AuthorizedClientManagerTests.java | 84 ------- ...lsOAuth2AuthorizedClientProviderTests.java | 12 - ...veOAuth2AuthorizedClientProviderTests.java | 12 - ...ngOAuth2AuthorizedClientProviderTests.java | 3 - ...veOAuth2AuthorizedClientProviderTests.java | 4 - ...oryOAuth2AuthorizedClientServiceTests.java | 10 - ...iveOAuth2AuthorizedClientServiceTests.java | 3 - ...dbcOAuth2AuthorizedClientServiceTests.java | 33 --- .../client/OAuth2AuthorizeRequestTests.java | 3 - ...2AuthorizedClientProviderBuilderTests.java | 20 -- .../client/OAuth2AuthorizedClientTests.java | 1 - ...rdOAuth2AuthorizedClientProviderTests.java | 13 - ...veOAuth2AuthorizedClientProviderTests.java | 13 - ...2AuthorizedClientProviderBuilderTests.java | 35 --- ...enOAuth2AuthorizedClientProviderTests.java | 14 -- ...veOAuth2AuthorizedClientProviderTests.java | 14 -- .../OAuth2AuthenticationTokenTests.java | 1 - ...zationCodeAuthenticationProviderTests.java | 8 - ...orizationCodeAuthenticationTokenTests.java | 2 - ...odeReactiveAuthenticationManagerTests.java | 5 - ...Auth2LoginAuthenticationProviderTests.java | 18 -- .../OAuth2LoginAuthenticationTokenTests.java | 2 - ...ginReactiveAuthenticationManagerTests.java | 8 - ...orizationCodeTokenResponseClientTests.java | 22 -- ...ntCredentialsTokenResponseClientTests.java | 33 --- ...faultPasswordTokenResponseClientTests.java | 21 -- ...tRefreshTokenTokenResponseClientTests.java | 22 -- ...orizationCodeTokenResponseClientTests.java | 43 ---- ...nCodeGrantRequestEntityConverterTests.java | 12 - ...th2AuthorizationCodeGrantRequestTests.java | 1 - ...tialsGrantRequestEntityConverterTests.java | 4 - ...th2ClientCredentialsGrantRequestTests.java | 2 - ...swordGrantRequestEntityConverterTests.java | 4 - ...TokenGrantRequestEntityConverterTests.java | 4 - ...orizationCodeTokenResponseClientTests.java | 28 --- ...ntCredentialsTokenResponseClientTests.java | 14 -- ...ctivePasswordTokenResponseClientTests.java | 21 -- ...eRefreshTokenTokenResponseClientTests.java | 22 -- .../OAuth2ErrorResponseErrorHandlerTests.java | 4 - ...uth2AuthenticationExceptionMixinTests.java | 6 - .../OAuth2AuthenticationTokenMixinTests.java | 2 - ...zationCodeAuthenticationProviderTests.java | 27 -- ...odeReactiveAuthenticationManagerTests.java | 32 --- .../OidcIdTokenDecoderFactoryTests.java | 12 - .../OidcIdTokenValidatorTests.java | 2 - ...eactiveOidcIdTokenDecoderFactoryTests.java | 12 - .../OidcReactiveOAuth2UserServiceTests.java | 15 -- .../oidc/userinfo/OidcUserRequestTests.java | 1 - .../userinfo/OidcUserRequestUtilsTests.java | 3 - .../oidc/userinfo/OidcUserServiceTests.java | 60 ----- ...entInitiatedLogoutSuccessHandlerTests.java | 15 -- ...tiatedServerLogoutSuccessHandlerTests.java | 20 -- .../registration/ClientRegistrationTests.java | 11 - .../ClientRegistrationsTests.java | 33 --- ...CustomUserTypesOAuth2UserServiceTests.java | 18 -- .../DefaultOAuth2UserServiceTests.java | 42 ---- ...DefaultReactiveOAuth2UserServiceTests.java | 19 -- .../DelegatingOAuth2UserServiceTests.java | 4 - ...OAuth2UserRequestEntityConverterTests.java | 7 - .../userinfo/OAuth2UserRequestTests.java | 1 - ...uth2AuthorizationRequestResolverTests.java | 27 -- ...ultOAuth2AuthorizedClientManagerTests.java | 43 ---- ...iveOAuth2AuthorizedClientManagerTests.java | 76 ------ ...h2AuthorizationRequestRepositoryTests.java | 36 --- ...OAuth2AuthorizedClientRepositoryTests.java | 9 - ...uth2AuthorizationCodeGrantFilterTests.java | 36 --- ...thorizationRequestRedirectFilterTests.java | 43 ---- .../OAuth2LoginAuthenticationFilterTests.java | 53 ---- ...AuthorizedClientArgumentResolverTests.java | 14 -- ...zedClientExchangeFilterFunctionITests.java | 28 --- ...izedClientExchangeFilterFunctionTests.java | 116 --------- ...zedClientExchangeFilterFunctionITests.java | 18 -- ...izedClientExchangeFilterFunctionTests.java | 95 ------- ...uth2AuthorizationRequestResolverTests.java | 21 -- ...2AuthorizationCodeGrantWebFilterTests.java | 31 --- ...rizationRequestRedirectWebFilterTests.java | 2 - ...CodeAuthenticationTokenConverterTests.java | 6 - ...OAuth2AuthorizedClientRepositoryTests.java | 8 - ...erAuthorizationRequestRepositoryTests.java | 28 --- ...OAuth2AuthorizedClientRepositoryTests.java | 9 - ...uth2LoginAuthenticationWebFilterTests.java | 1 - .../oauth2/core/ClaimAccessorTests.java | 10 - ...aultOAuth2AuthenticatedPrincipalTests.java | 2 - .../DelegatingOAuth2TokenValidatorTests.java | 19 -- .../oauth2/core/OAuth2AccessTokenTests.java | 2 - .../oauth2/core/OAuth2ErrorTests.java | 1 - .../core/OAuth2TokenValidatorResultTests.java | 2 - .../converter/ClaimTypeConverterTests.java | 9 - ...uth2AccessTokenResponseConverterTests.java | 8 - ...2AccessTokenResponseMapConverterTests.java | 4 - .../OAuth2AccessTokenResponseTests.java | 10 - .../OAuth2AuthorizationRequestTests.java | 14 -- ...okenResponseHttpMessageConverterTests.java | 19 -- .../OAuth2ErrorHttpMessageConverterTests.java | 12 - .../DefaultAddressStandardClaimTests.java | 3 - .../core/oidc/OidcIdTokenBuilderTests.java | 18 -- .../oauth2/core/oidc/OidcIdTokenTests.java | 2 - .../core/oidc/OidcUserInfoBuilderTests.java | 10 - .../oauth2/core/oidc/OidcUserInfoTests.java | 4 - .../core/oidc/user/DefaultOidcUserTests.java | 6 - .../oidc/user/OidcUserAuthorityTests.java | 3 - .../core/user/DefaultOAuth2UserTests.java | 1 - .../core/user/OAuth2UserAuthorityTests.java | 1 - .../function/OAuth2BodyExtractorsTests.java | 13 - .../security/oauth2/jose/TestKeys.java | 3 - .../security/oauth2/jwt/JwtBuilderTests.java | 21 -- .../security/oauth2/jwt/JwtDecodersTests.java | 2 - .../oauth2/jwt/JwtIssuerValidatorTests.java | 5 - .../security/oauth2/jwt/JwtTests.java | 3 - .../jwt/JwtTimestampValidatorTests.java | 28 --- .../jwt/MappedJwtClaimSetConverterTests.java | 28 --- .../jwt/NimbusJwtDecoderJwkSupportTests.java | 11 - .../oauth2/jwt/NimbusJwtDecoderTests.java | 14 -- .../jwt/NimbusReactiveJwtDecoderTests.java | 19 -- .../oauth2/jwt/ReactiveJwtDecodersTests.java | 12 - .../jwt/ReactiveRemoteJWKSourceTests.java | 11 - .../TestOAuth2AuthenticatedPrincipals.java | 1 - .../BearerTokenAuthenticationTokenTests.java | 1 - .../resource/BearerTokenErrorTests.java | 2 - .../JwtAuthenticationConverterTests.java | 8 - .../JwtAuthenticationProviderTests.java | 13 - .../JwtAuthenticationTokenTests.java | 8 - ...arerTokenAuthenticationConverterTests.java | 6 - .../JwtGrantedAuthoritiesConverterTests.java | 32 --- ...uerAuthenticationManagerResolverTests.java | 8 - ...iveAuthenticationManagerResolverTests.java | 8 - ...JwtReactiveAuthenticationManagerTests.java | 8 - ...paqueTokenAuthenticationProviderTests.java | 8 - ...kenReactiveAuthenticationManagerTests.java | 8 - ...wtAuthenticationConverterAdapterTests.java | 17 -- ...activeJwtAuthenticationConverterTests.java | 6 - ...antedAuthoritiesConverterAdapterTests.java | 3 - .../TestBearerTokenAuthentications.java | 1 - .../NimbusOpaqueTokenIntrospectorTests.java | 16 -- ...sReactiveOpaqueTokenIntrospectorTests.java | 11 - ...rospectionAuthenticatedPrincipalTests.java | 5 - ...rerTokenAuthenticationEntryPointTests.java | 27 -- .../BearerTokenAuthenticationFilterTests.java | 25 -- .../web/DefaultBearerTokenResolverTests.java | 17 -- .../web/HeaderBearerTokenResolverTests.java | 2 - .../BearerTokenAccessDeniedHandlerTests.java | 12 - ...erTokenServerAccessDeniedHandlerTests.java | 9 - ...rverBearerExchangeFilterFunctionTests.java | 8 - ...vletBearerExchangeFilterFunctionTests.java | 8 - ...enServerAuthenticationEntryPointTests.java | 10 - ...arerTokenAuthenticationConverterTests.java | 16 -- .../openid/OpenID4JavaConsumerTests.java | 27 -- .../OpenIDAuthenticationFilterTests.java | 4 - .../OpenIDAuthenticationProviderTests.java | 21 -- .../remoting/dns/JndiDnsResolverTests.java | 7 - ...SimpleHttpInvokerRequestExecutorTests.java | 6 - ...ntextPropagatingRemoteInvocationTests.java | 11 - .../AnonymousPayloadInterceptorTests.java | 6 - ...AuthenticationPayloadInterceptorTests.java | 9 - .../AuthorizationPayloadInterceptorTests.java | 10 - ...cherReactiveAuthorizationManagerTests.java | 4 - .../core/PayloadInterceptorRSocketTests.java | 59 ----- ...PayloadSocketAcceptorInterceptorTests.java | 11 - .../core/PayloadSocketAcceptorTests.java | 15 -- .../BasicAuthenticationDecoderTests.java | 2 - .../saml2/core/TestSaml2X509Credentials.java | 1 - .../credentials/TestSaml2X509Credentials.java | 1 - ...faultSaml2AuthenticatedPrincipalTests.java | 4 - .../OpenSamlAuthenticationProviderTests.java | 18 -- ...SamlAuthenticationRequestFactoryTests.java | 3 - .../authentication/TestOpenSamlObjects.java | 22 -- .../OpenSamlMetadataResolverTests.java | 10 - .../RelyingPartyRegistrationTests.java | 1 - .../TestRelyingPartyRegistrations.java | 3 - .../Saml2WebSsoAuthenticationFilterTests.java | 3 - ...ebSsoAuthenticationRequestFilterTests.java | 4 - ...enticationRequestContextResolverTests.java | 3 - .../service/web/Saml2MetadataFilterTests.java | 27 -- .../security/taglibs/TldTests.java | 5 - .../authz/AbstractAuthorizeTagTests.java | 5 - .../authz/AccessControlListTagTests.java | 16 -- .../taglibs/authz/AuthenticationTagTests.java | 6 - .../taglibs/authz/AuthorizeTagTests.java | 4 - .../taglibs/csrf/AbstractCsrfTagTests.java | 11 - .../taglibs/csrf/CsrfInputTagTests.java | 4 - .../taglibs/csrf/CsrfMetaTagsTagTests.java | 4 - .../TestSecurityContextHolderTests.java | 5 - .../SecurityTestExecutionListenerTests.java | 1 - ...hMockCustomUserSecurityContextFactory.java | 1 - .../context/showcase/WithMockUserTests.java | 1 - .../showcase/WithUserDetailsTests.java | 1 - ...ctorContextTestExecutionListenerTests.java | 25 -- .../support/WithAnonymousUserTests.java | 3 - ...thMockUserSecurityContextFactoryTests.java | 6 - .../context/support/WithMockUserTests.java | 4 - ...ityContextTestExcecutionListenerTests.java | 11 - ...rityContextTestExecutionListenerTests.java | 12 - ...serDetailsSecurityContextFactoryTests.java | 5 - .../context/support/WithUserDetailsTests.java | 4 - .../AbstractMockServerConfigurersTests.java | 2 - ...yMockServerConfigurerOpaqueTokenTests.java | 8 - ...tyMockServerConfigurersAnnotatedTests.java | 12 - ...kServerConfigurersClassAnnotatedTests.java | 3 - ...SecurityMockServerConfigurersJwtTests.java | 6 - ...ockServerConfigurersOAuth2ClientTests.java | 11 - ...MockServerConfigurersOAuth2LoginTests.java | 12 - ...tyMockServerConfigurersOidcLoginTests.java | 13 - .../SecurityMockServerConfigurersTests.java | 14 -- .../web/servlet/request/Sec2935Tests.java | 8 - ...yMockMvcRequestBuildersFormLoginTests.java | 7 - ...MockMvcRequestBuildersFormLogoutTests.java | 7 - ...uestPostProcessorsAuthenticationTests.java | 1 - ...RequestPostProcessorsCertificateTests.java | 4 - ...MockMvcRequestPostProcessorsCsrfTests.java | 2 - ...ckMvcRequestPostProcessorsDigestTests.java | 6 - ...yMockMvcRequestPostProcessorsJwtTests.java | 6 - ...equestPostProcessorsOAuth2ClientTests.java | 5 - ...RequestPostProcessorsOAuth2LoginTests.java | 7 - ...vcRequestPostProcessorsOidcLoginTests.java | 6 - ...RequestPostProcessorsOpaqueTokenTests.java | 5 - ...estPostProcessorsSecurityContextTests.java | 1 - ...ostProcessorsTestSecurityContextTests.java | 3 - ...RequestPostProcessorsUserDetailsTests.java | 1 - ...MockMvcRequestPostProcessorsUserTests.java | 8 - .../web/servlet/response/Gh3409Tests.java | 3 - .../setup/SecurityMockMvcConfigurerTests.java | 7 - .../SecurityMockMvcConfigurersTests.java | 2 - .../CustomConfigAuthenticationTests.java | 1 - .../test/web/support/WebTestUtilsTests.java | 6 - .../security/MockFilterConfig.java | 1 - .../web/DefaultRedirectStrategyTests.java | 5 - .../security/web/FilterChainProxyTests.java | 11 - .../security/web/FilterInvocationTests.java | 6 - .../security/web/PortMapperImplTests.java | 8 - .../security/web/PortResolverImplTests.java | 5 - ...tWebInvocationPrivilegeEvaluatorTests.java | 2 - .../DelegatingAccessDeniedHandlerTests.java | 4 - .../ExceptionTranslationFilterTests.java | 29 --- ...herDelegatingAccessDeniedHandlerTests.java | 6 - .../ChannelDecisionManagerImplTests.java | 19 -- .../channel/ChannelProcessingFilterTests.java | 27 -- .../InsecureChannelProcessorTests.java | 13 - .../channel/RetryWithHttpEntryPointTests.java | 15 -- .../RetryWithHttpsEntryPointTests.java | 15 -- .../channel/SecureChannelProcessorTests.java | 13 - ...leEvaluationContextPostProcessorTests.java | 2 - ...aultWebSecurityExpressionHandlerTests.java | 3 - .../DelegatingEvaluationContextTests.java | 13 - .../expression/WebExpressionVoterTests.java | 3 - .../WebSecurityExpressionRootTests.java | 4 - ...InvocationSecurityMetadataSourceTests.java | 18 -- .../FilterSecurityInterceptorTests.java | 19 -- .../web/access/intercept/RequestKeyTests.java | 4 - ...ctAuthenticationProcessingFilterTests.java | 61 ----- .../AnonymousAuthenticationFilterTests.java | 5 - .../AuthenticationFilterTests.java | 29 --- ...DefaultLoginPageGeneratingFilterTests.java | 21 -- ...gAuthenticationEntryPointContextTests.java | 2 - ...legatingAuthenticationEntryPointTests.java | 6 - ...tingAuthenticationFailureHandlerTests.java | 15 -- ...pingAuthenticationFailureHandlerTests.java | 2 - ...rwardAuthenticaionSuccessHandlerTests.java | 3 - ...wardAuthenticationFailureHandlerTests.java | 3 - .../HttpStatusEntryPointTests.java | 1 - ...LoginUrlAuthenticationEntryPointTests.java | 24 -- ...wareAuthenticationSuccessHandlerTests.java | 4 - ...eUrlAuthenticationFailureHandlerTests.java | 6 - ...eUrlAuthenticationSuccessHandlerTests.java | 11 - ...namePasswordAuthenticationFilterTests.java | 15 -- .../logout/CompositeLogoutHandlerTests.java | 11 - .../DelegatingLogoutSuccessHandlerTests.java | 8 - .../ForwardLogoutSuccessHandlerTests.java | 7 - .../HeaderWriterLogoutHandlerTests.java | 2 - ...tusReturningLogoutSuccessHandlerTests.java | 8 - .../logout/LogoutHandlerTests.java | 4 - ...cessEventPublishingLogoutHandlerTests.java | 4 - .../SecurityContextLogoutHandlerTests.java | 3 - ...PreAuthenticatedProcessingFilterTests.java | 42 ---- ...henticatedAuthenticationProviderTests.java | 2 - ...AuthenticatedAuthenticationTokenTests.java | 8 +- ...tedAuthoritiesUserDetailsServiceTests.java | 2 - ...estAttributeAuthenticationFilterTests.java | 6 - ...equestHeaderAuthenticationFilterTests.java | 6 - ...edWebAuthenticationDetailsSourceTests.java | 3 - ...PreAuthenticatedProcessingFilterTests.java | 1 - .../WebXmlJ2eeDefinedRolesRetrieverTests.java | 2 - ...PreAuthenticatedProcessingFilterTests.java | 3 - .../preauth/x509/X509TestUtils.java | 3 - .../AbstractRememberMeServicesTests.java | 70 ------ .../JdbcTokenRepositoryImplTests.java | 15 -- .../NullRememberMeServicesTests.java | 1 - ...tentTokenBasedRememberMeServicesTests.java | 5 - .../RememberMeAuthenticationFilterTests.java | 11 - .../TokenBasedRememberMeServicesTests.java | 37 --- ...iteSessionAuthenticationStrategyTests.java | 4 - ...ionControlAuthenticationStrategyTests.java | 12 - ...terSessionAuthenticationStrategyTests.java | 1 - .../switchuser/SwitchUserFilterTests.java | 67 ----- ...efaultLogoutPageGeneratingFilterTests.java | 3 - .../BasicAuthenticationConverterTests.java | 5 - .../BasicAuthenticationEntryPointTests.java | 8 - .../www/BasicAuthenticationFilterTests.java | 60 ----- .../www/DigestAuthUtilsTests.java | 14 -- .../DigestAuthenticationEntryPointTests.java | 20 -- .../www/DigestAuthenticationFilterTests.java | 73 ------ .../ConcurrentSessionFilterTests.java | 46 ---- ...ecurityWebApplicationInitializerTests.java | 70 ------ ...SessionSecurityContextRepositoryTests.java | 25 -- ...xtOnUpdateOrErrorResponseWrapperTests.java | 1 - ...SecurityContextPersistenceFilterTests.java | 7 - ...extCallableProcessingInterceptorTests.java | 4 - ...WebAsyncManagerIntegrationFilterTests.java | 5 - .../csrf/CookieCsrfTokenRepositoryTests.java | 36 --- .../csrf/CsrfAuthenticationStrategyTests.java | 5 - .../security/web/csrf/CsrfFilterTests.java | 51 ---- .../web/csrf/CsrfLogoutHandlerTests.java | 1 - .../HttpSessionCsrfTokenRepositoryTests.java | 15 -- .../csrf/LazyCsrfTokenRepositoryTests.java | 6 - .../security/web/debug/DebugFilterTests.java | 8 - .../firewall/DefaultHttpFirewallTests.java | 4 - .../web/firewall/FirewalledResponseTests.java | 17 -- .../web/firewall/RequestWrapperTests.java | 4 - .../web/firewall/StrictHttpFirewallTests.java | 52 ---- .../web/header/HeaderWriterFilterTests.java | 17 -- .../CacheControlHeadersWriterTests.java | 9 - .../ClearSiteDataHeaderWriterTests.java | 4 - .../writers/CompositeHeaderWriterTests.java | 2 - ...ontentSecurityPolicyHeaderWriterTests.java | 8 - ...gatingRequestMatcherHeaderWriterTests.java | 4 - .../FeaturePolicyHeaderWriterTests.java | 1 - .../header/writers/HpkpHeaderWriterTests.java | 25 -- .../header/writers/HstsHeaderWriterTests.java | 18 -- .../ReferrerPolicyHeaderWriterTests.java | 3 - .../writers/StaticHeaderWriterTests.java | 5 - .../XContentTypeOptionsHeaderWriterTests.java | 1 - .../XXssProtectionHeaderWriterTests.java | 8 - ...equestParameterAllowFromStrategyTests.java | 5 - .../FrameOptionsHeaderWriterTests.java | 10 - .../RegExpAllowFromStrategyTests.java | 3 - .../WhiteListedAllowFromStrategyTests.java | 5 - .../XFrameOptionsHeaderWriterTests.java | 2 - .../JaasApiIntegrationFilterTests.java | 5 - .../web/jackson2/CookieMixinTests.java | 1 - .../jackson2/DefaultCsrfTokenMixinTests.java | 1 - .../DefaultSavedRequestMixinTests.java | 3 - ...nticatedAuthenticationTokenMixinTests.java | 1 - .../web/jackson2/SavedCookieMixinTests.java | 2 - .../WebAuthenticationDetailsMixinTests.java | 3 - .../security/web/method/ResolvableMethod.java | 7 - .../CsrfTokenArgumentResolverTests.java | 1 - ...tSecurityContextArgumentResolverTests.java | 1 - ...icationPrincipalArgumentResolverTests.java | 20 -- .../CsrfRequestDataValueProcessorTests.java | 1 - .../savedrequest/CookieRequestCacheTests.java | 16 -- .../HttpSessionRequestCacheTests.java | 10 - .../RequestCacheAwareFilterTests.java | 7 - .../SavedRequestAwareWrapperTests.java | 5 - .../savedrequest/SimpleSavedRequestTests.java | 7 - .../DefaultServerRedirectStrategyTests.java | 11 - ...ngServerAuthenticationEntryPointTests.java | 4 - .../web/server/WebFilterChainProxyTests.java | 2 - .../web/server/WebFilterExchangeTests.java | 2 - ...AnonymousAuthenticationWebFilterTests.java | 2 - ...onverterServerWebExchangeMatcherTests.java | 5 - .../AuthenticationWebFilterTests.java | 41 --- ...rverAuthenticationSuccessHandlerTests.java | 6 - ...icServerAuthenticationEntryPointTests.java | 5 - ...thenticatedAuthenticationManagerTests.java | 6 - ...ctServerAuthenticationEntryPointTests.java | 5 - ...rverAuthenticationFailureHandlerTests.java | 5 - ...rverAuthenticationSuccessHandlerTests.java | 5 - ...ticationEntryPointFailureHandlerTests.java | 1 - ...FormLoginAuthenticationConverterTests.java | 5 - ...HttpBasicAuthenticationConverterTests.java | 9 - ...erverX509AuthenticationConverterTests.java | 4 - .../SwitchUserWebFilterTests.java | 69 ----- .../DelegatingServerLogoutHandlerTests.java | 4 - .../HeaderWriterServerLogoutHandlerTests.java | 2 - ...urningServerLogoutSuccessHandlerTests.java | 3 - .../logout/LogoutWebFilterTests.java | 2 - .../AuthorizationWebFilterTests.java | 12 - ...tingReactiveAuthorizationManagerTests.java | 4 - .../ExceptionTranslationWebFilterTests.java | 13 - ...pStatusServerAccessDeniedHandlerTests.java | 5 - ...egatingServerAccessDeniedHandlerTests.java | 9 - ...pServerSecurityContextRepositoryTests.java | 2 - .../context/ReactorContextWebFilterTests.java | 6 - ...ontextServerWebExchangeWebFilterTests.java | 2 - ...nServerSecurityContextRepositoryTests.java | 8 - .../CookieServerCsrfTokenRepositoryTests.java | 15 -- .../csrf/CsrfServerLogoutHandlerTests.java | 1 - .../web/server/csrf/CsrfWebFilterTests.java | 35 --- ...SessionServerCsrfTokenRepositoryTests.java | 9 - ...heControlServerHttpHeadersWriterTests.java | 10 - ...rSiteDataServerHttpHeadersWriterTests.java | 6 - ...CompositeServerHttpHeadersWriterTests.java | 11 - ...ityPolicyServerHttpHeadersWriterTests.java | 5 - ...urePolicyServerHttpHeadersWriterTests.java | 3 - .../HttpHeaderWriterWebFilterTests.java | 6 - ...rerPolicyServerHttpHeadersWriterTests.java | 3 - .../StaticServerHttpHeadersWriterTests.java | 8 - ...tSecurityServerHttpHeadersWriterTests.java | 10 - ...peOptionsServerHttpHeadersWriterTests.java | 3 - ...meOptionsServerHttpHeadersWriterTests.java | 7 - ...rotectionServerHttpHeadersWriterTests.java | 7 - .../DefaultCsrfServerTokenMixinTests.java | 1 - .../CookieServerRequestCacheTests.java | 14 -- .../ServerRequestCacheWebFilterTests.java | 4 - .../WebSessionServerRequestCacheTests.java | 13 - .../HttpsRedirectWebFilterTests.java | 5 - .../ui/LoginPageGeneratingWebFilterTests.java | 6 - .../AndServerWebExchangeMatcherTests.java | 12 - ...ediaTypeServerWebExchangeMatcherTests.java | 5 - .../NegatedServerWebExchangeMatcherTests.java | 6 - .../OrServerWebExchangeMatcherTests.java | 9 - ...hMatcherServerWebExchangeMatcherTests.java | 6 - .../ServerWebExchangeMatchersTests.java | 2 - .../CsrfRequestDataValueProcessorTests.java | 3 - .../util/matcher/MvcRequestMatcherTests.java | 17 -- ...yContextHolderAwareRequestFilterTests.java | 30 --- ...ContextHolderAwareRequestWrapperTests.java | 20 -- ...ultSessionAuthenticationStrategyTests.java | 24 -- .../HttpSessionEventPublisherTests.java | 23 -- .../session/SessionManagementFilterTests.java | 15 -- .../util/OnCommittedResponseWrapperTests.java | 226 ----------------- .../web/util/ThrowableAnalyzerTests.java | 30 --- .../util/matcher/AndRequestMatcherTests.java | 5 - .../matcher/AntPathRequestMatcherTests.java | 10 - .../util/matcher/ELRequestMatcherTests.java | 9 - .../util/matcher/IpAddressMatcherTests.java | 3 - ...diaTypeRequestMatcherRequestHCNSTests.java | 8 - .../matcher/MediaTypeRequestMatcherTests.java | 27 -- .../matcher/NegatedRequestMatcherTests.java | 2 - .../util/matcher/OrRequestMatcherTests.java | 5 - .../matcher/RegexRequestMatcherTests.java | 7 - 787 files changed, 9 insertions(+), 10241 deletions(-) diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java index 268beeef5a..6f09d71890 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java @@ -39,21 +39,18 @@ public class AclFormattingUtilsTests { } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", null); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING"); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH"); } @@ -68,7 +65,6 @@ public class AclFormattingUtilsTests { String removeBits = "...............................R"; assertThat(AclFormattingUtils.demergePatterns(original, removeBits)) .isEqualTo("...........................A...."); - assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF"); assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......"); } @@ -81,21 +77,18 @@ public class AclFormattingUtilsTests { } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", null); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING"); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH"); } @@ -108,7 +101,6 @@ public class AclFormattingUtilsTests { String original = "...............................R"; String extraBits = "...........................A...."; assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo("...........................A...R"); - assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF"); assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL")).isEqualTo("GHIJKL"); } @@ -116,21 +108,18 @@ public class AclFormattingUtilsTests { @Test public final void testBinaryPrints() { assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****"); - try { AclFormattingUtils.printBinary(15, Permission.RESERVED_ON); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException notExpected) { } - try { AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException notExpected) { } - assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx"); } diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java index 968cf92093..844a2d4d86 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java @@ -54,9 +54,7 @@ public class AclPermissionCacheOptimizerTests { ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") }; given(oidStrat.getObjectIdentity(dos[0])).willReturn(oids[0]); given(oidStrat.getObjectIdentity(dos[2])).willReturn(oids[1]); - pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos)); - // AclService should be invoked with the list of required Oids verify(service).readAclsById(eq(Arrays.asList(oids)), any(List.class)); } @@ -69,9 +67,7 @@ public class AclPermissionCacheOptimizerTests { SidRetrievalStrategy sids = mock(SidRetrievalStrategy.class); pco.setObjectIdentityRetrievalStrategy(oids); pco.setSidRetrievalStrategy(sids); - pco.cachePermissionsFor(mock(Authentication.class), Collections.emptyList()); - verifyZeroInteractions(service, sids, oids); } diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java index 5bdc6a5446..a29c3ab3be 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java @@ -50,10 +50,8 @@ public class AclPermissionEvaluatorTests { pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); - given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl); given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true); - assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue(); } @@ -61,7 +59,6 @@ public class AclPermissionEvaluatorTests { public void resolvePermissionNonEnglishLocale() { Locale systemLocale = Locale.getDefault(); Locale.setDefault(new Locale("tr")); - AclService service = mock(AclService.class); AclPermissionEvaluator pe = new AclPermissionEvaluator(service); ObjectIdentity oid = mock(ObjectIdentity.class); @@ -70,12 +67,9 @@ public class AclPermissionEvaluatorTests { pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); - given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl); given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true); - assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue(); - Locale.setDefault(systemLocale); } diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java index 55800137e0..296e306d5f 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java @@ -58,7 +58,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class)); provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); - Object returned = provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), new ArrayList(Arrays.asList(new Object(), new Object()))); @@ -76,7 +75,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider( mock(AclService.class), Arrays.asList(mock(Permission.class))); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), Collections.emptyList(), returned)); } @@ -86,7 +84,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { AclService service = mock(AclService.class); AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider( service, Arrays.asList(mock(Permission.class))); - assertThat(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java index 5e8bb47953..b044f89c3a 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java @@ -74,7 +74,6 @@ public class AclEntryAfterInvocationProviderTests { provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); } @@ -84,7 +83,6 @@ public class AclEntryAfterInvocationProviderTests { AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(mock(AclService.class), Arrays.asList(mock(Permission.class))); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), Collections.emptyList(), returned)); } @@ -96,7 +94,6 @@ public class AclEntryAfterInvocationProviderTests { provider.setProcessDomainObjectClass(String.class); // Not a String Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); } @@ -133,7 +130,6 @@ public class AclEntryAfterInvocationProviderTests { AclService service = mock(AclService.class); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); - assertThat(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java index c51bc86701..743f8ee3b8 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java @@ -46,7 +46,6 @@ public class AccessControlImplEntryTests { } catch (IllegalArgumentException expected) { } - // Check Sid field is present try { new AccessControlEntryImpl(null, mock(Acl.class), null, BasePermission.ADMINISTRATION, true, true, true); @@ -54,7 +53,6 @@ public class AccessControlImplEntryTests { } catch (IllegalArgumentException expected) { } - // Check Permission field is present try { new AccessControlEntryImpl(null, mock(Acl.class), new PrincipalSid("johndoe"), null, true, true, true); @@ -68,11 +66,9 @@ public class AccessControlImplEntryTests { public void testAccessControlEntryImplGetters() { Acl mockAcl = mock(Acl.class); Sid sid = new PrincipalSid("johndoe"); - // Create a sample entry AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); - // and check every get() method assertThat(ace.getId()).isEqualTo(1L); assertThat(ace.getAcl()).isEqualTo(mockAcl); @@ -87,13 +83,10 @@ public class AccessControlImplEntryTests { public void testEquals() { final Acl mockAcl = mock(Acl.class); final ObjectIdentity oid = mock(ObjectIdentity.class); - given(mockAcl.getObjectIdentity()).willReturn(oid); Sid sid = new PrincipalSid("johndoe"); - AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); - assertThat(ace).isNotNull(); assertThat(ace).isNotEqualTo(100L); assertThat(ace).isEqualTo(ace); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java index 7427916de8..c86776a9c7 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java @@ -156,7 +156,6 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); @@ -165,7 +164,6 @@ public class AclImplTests { assertThat(acl).isEqualTo(acl.getEntries().get(0).getAcl()); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST1")); - // Add a second permission acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); service.updateAcl(acl); @@ -174,7 +172,6 @@ public class AclImplTests { assertThat(acl).isEqualTo(acl.getEntries().get(1).getAcl()); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); - // Add a third permission, after the first one acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false); service.updateAcl(acl); @@ -193,11 +190,9 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); - acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); } @@ -206,20 +201,17 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Add several permissions acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true); service.updateAcl(acl); - // Delete first permission and check the order of the remaining permissions is // kept acl.deleteAce(0); assertThat(acl.getEntries()).hasSize(2); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST3")); - // Add one more permission and remove the permission in the middle acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true); service.updateAcl(acl); @@ -227,7 +219,6 @@ public class AclImplTests { assertThat(acl.getEntries()).hasSize(2); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST4")); - // Remove remaining permissions acl.deleteAce(1); acl.deleteAce(0); @@ -274,17 +265,14 @@ public class AclImplTests { auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100); - // Create an ACL which owner is not the authenticated principal MutableAcl rootAcl = new AclImpl(rootOid, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); - // Grant some permissions rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false); rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true); rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false); rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true); - // Check permissions granting List permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE); List sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST")); @@ -320,7 +308,6 @@ public class AclImplTests { ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102); ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103); ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104); - // Create ACLs PrincipalSid joe = new PrincipalSid("joe"); MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, this.authzStrategy, this.pgs, null, null, false, @@ -329,13 +316,11 @@ public class AclImplTests { MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, this.authzStrategy, this.pgs, null, null, true, joe); MutableAcl childAcl1 = new AclImpl(childOid1, 4, this.authzStrategy, this.pgs, null, null, true, joe); MutableAcl childAcl2 = new AclImpl(childOid2, 4, this.authzStrategy, this.pgs, null, null, false, joe); - // Create hierarchies childAcl2.setParent(childAcl1); childAcl1.setParent(parentAcl1); parentAcl2.setParent(grandParentAcl); parentAcl1.setParent(grandParentAcl); - // Add some permissions grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true); @@ -345,7 +330,6 @@ public class AclImplTests { parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false); parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true); childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true); - // Check granting process for parent1 assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue(); assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) @@ -353,18 +337,15 @@ public class AclImplTests { assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue(); assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse(); assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse(); - // Check granting process for parent2 assertThat(parentAcl2.isGranted(CREATE, BEN, false)).isTrue(); assertThat(parentAcl2.isGranted(WRITE, BEN, false)).isTrue(); assertThat(parentAcl2.isGranted(DELETE, BEN, false)).isFalse(); - // Check granting process for child1 assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue(); assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) .isTrue(); assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse(); - // Check granting process for child2 (doesn't inherit the permissions from its // parent) try { @@ -389,21 +370,17 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true); service.updateAcl(acl); - assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission()); - // Change each permission acl.updateAce(0, BasePermission.CREATE); acl.updateAce(1, BasePermission.DELETE); acl.updateAce(2, BasePermission.READ); - // Check the change was successfully made assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission()); @@ -418,20 +395,16 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); service.updateAcl(acl); - assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse(); - // Change each permission ((AuditableAcl) acl).updateAuditing(0, true, true); ((AuditableAcl) acl).updateAuditing(1, true, true); - // Check the change was successfuly made assertThat(acl.getEntries()).extracting("auditSuccess").containsOnly(true, true); assertThat(acl.getEntries()).extracting("auditFailure").containsOnly(true, true); @@ -452,20 +425,16 @@ public class AclImplTests { acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); service.updateAcl(acl); - assertThat(1).isEqualTo(acl.getId()); assertThat(identity).isEqualTo(acl.getObjectIdentity()); assertThat(new PrincipalSid("joe")).isEqualTo(acl.getOwner()); assertThat(acl.getParentAcl()).isNull(); assertThat(acl.isEntriesInheriting()).isTrue(); assertThat(acl.getEntries()).hasSize(2); - acl.setParent(parentAcl); assertThat(parentAcl).isEqualTo(acl.getParentAcl()); - acl.setEntriesInheriting(false); assertThat(acl.isEntriesInheriting()).isFalse(); - acl.setOwner(new PrincipalSid("ben")); assertThat(new PrincipalSid("ben")).isEqualTo(acl.getOwner()); } @@ -475,7 +444,6 @@ public class AclImplTests { List loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED")); MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, loadedSids, true, new PrincipalSid("joe")); - assertThat(acl.isSidLoaded(loadedSids)).isTrue(); assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben")))) .isTrue(); @@ -534,7 +502,6 @@ public class AclImplTests { AclImpl parentAcl = new AclImpl(this.objectIdentity, 1L, this.authzStrategy, this.mockAuditLogger); AclImpl childAcl = new AclImpl(this.objectIdentity, 2L, this.authzStrategy, this.mockAuditLogger); AclImpl changeParentAcl = new AclImpl(this.objectIdentity, 3L, this.authzStrategy, this.mockAuditLogger); - childAcl.setParent(parentAcl); childAcl.setParent(changeParentAcl); } @@ -562,10 +529,8 @@ public class AclImplTests { ObjectIdentity oid = new ObjectIdentityImpl("type", 1); AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role")); PermissionGrantingStrategy grantingStrategy = new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()); - AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid); AccessControlEntryImpl ace = new AccessControlEntryImpl(1L, acl, sid, BasePermission.READ, true, true, true); - Field fieldAces = FieldUtils.getField(AclImpl.class, "aces"); fieldAces.setAccessible(true); List aces = (List) fieldAces.get(acl); @@ -617,7 +582,6 @@ public class AclImplTests { try { newAces = (List) acesField.get(acl); newAces.clear(); - for (int i = 0; i < oldAces.size(); i++) { AccessControlEntry ac = oldAces.get(i); // Just give an ID to all this acl's aces, rest of the fields are just @@ -630,7 +594,6 @@ public class AclImplTests { catch (IllegalAccessException ex) { ex.printStackTrace(); } - return acl; } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java index b563914901..9a121f71ab 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java @@ -58,18 +58,14 @@ public class AclImplementationSecurityCheckTests { "ROLE_OWNERSHIP"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); - aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL); aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING); aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - // Create another authorization strategy AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), @@ -102,21 +98,17 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); // Authorization strategy will require a different role for each access AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - // Let's give the principal the ADMINISTRATION permission, without // granting access MutableAcl aclFirstDeny = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); - // The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL); - // The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the // principal doesn't have these authorities, // nor granting access @@ -132,7 +124,6 @@ public class AclImplementationSecurityCheckTests { } catch (AccessDeniedException expected) { } - // Add granting access to this principal aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); // and try again for CHANGE_AUDITING - the first ACE's granting flag @@ -143,27 +134,21 @@ public class AclImplementationSecurityCheckTests { } catch (AccessDeniedException expected) { } - // Create another ACL and give the principal the ADMINISTRATION // permission, with granting access MutableAcl aclFirstAllow = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); - // The CHANGE_AUDITING test should pass as there is one ACE with // granting access - aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING); - // Add a deny ACE and test again for CHANGE_AUDITING aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); try { aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING); - } catch (AccessDeniedException notExpected) { fail("It shouldn't have thrown AccessDeniedException"); } - // Create an ACL with no ACE MutableAcl aclNoACE = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); try { @@ -171,12 +156,10 @@ public class AclImplementationSecurityCheckTests { fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } // and still grant access for CHANGE_GENERAL try { aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); @@ -189,19 +172,16 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100); // Authorization strategy will require a different role for each access AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), new SimpleGrantedAuthority("ROLE_GENERAL")); - // Let's give the principal an ADMINISTRATION permission, with granting // access MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, new ConsoleAuditLogger()); - // Check against the 'child' acl, which doesn't offer any authorization // rights on CHANGE_OWNERSHIP try { @@ -209,21 +189,17 @@ public class AclImplementationSecurityCheckTests { fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Link the child with its parent and test again against the // CHANGE_OWNERSHIP right childAcl.setParent(parentAcl); childAcl.setEntriesInheriting(true); try { aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); } - // Create a root parent and link it to the middle parent MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); @@ -233,7 +209,6 @@ public class AclImplementationSecurityCheckTests { childAcl.setParent(parentAcl); try { aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); @@ -245,12 +220,10 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_ONE"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false, new PrincipalSid(auth)); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java index 6542c73b59..e2abb35c01 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java @@ -76,7 +76,6 @@ public class AuditLoggerTests { @Test public void successIsLoggedIfAceRequiresSuccessAudit() { given(this.ace.isAuditSuccess()).willReturn(true); - this.logger.logIfNeeded(true, this.ace); assertThat(this.bytes.toString()).startsWith("GRANTED due to ACE"); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java index f4def65adc..309dc8776f 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java @@ -42,7 +42,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // Check String-Serializable constructor required field try { new ObjectIdentityImpl("", 1L); @@ -50,7 +49,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // Check Serializable parameter is not null try { new ObjectIdentityImpl(DOMAIN_CLASS, null); @@ -58,7 +56,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // The correct way of using String-Serializable constructor try { new ObjectIdentityImpl(DOMAIN_CLASS, 1L); @@ -66,7 +63,6 @@ public class ObjectIdentityImplTests { catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); } - // Check the Class-Serializable constructor try { new ObjectIdentityImpl(MockIdDomainObject.class, null); @@ -91,9 +87,7 @@ public class ObjectIdentityImplTests { fail("It should have thrown IdentityUnavailableException"); } catch (IdentityUnavailableException expected) { - } - // getId() should return a non-null value MockIdDomainObject mockId = new MockIdDomainObject(); try { @@ -101,9 +95,7 @@ public class ObjectIdentityImplTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - // getId() should return a Serializable object mockId.setId(new MockIdDomainObject()); try { @@ -112,7 +104,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // getId() should return a Serializable object mockId.setId(100L); try { @@ -132,7 +123,6 @@ public class ObjectIdentityImplTests { ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, 1L); MockIdDomainObject mockObj = new MockIdDomainObject(); mockObj.setId(1L); - String string = "SOME_STRING"; assertThat(string).isNotSameAs(obj); assertThat(obj).isNotNull(); @@ -155,7 +145,6 @@ public class ObjectIdentityImplTests { public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() { ObjectIdentity obj = new ObjectIdentityImpl(Object.class, 5L); ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, 5); - assertThat(obj2).isEqualTo(obj); assertThat(obj2.hashCode()).isEqualTo(obj.hashCode()); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java index ec2c572b95..b6787f893c 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java @@ -34,10 +34,8 @@ public class ObjectIdentityRetrievalStrategyImplTests { public void testObjectIdentityCreation() { MockIdDomainObject domain = new MockIdDomainObject(); domain.setId(1); - ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl(); ObjectIdentity identity = retStrategy.getObjectIdentity(domain); - assertThat(identity).isNotNull(); assertThat(new ObjectIdentityImpl(domain)).isEqualTo(identity); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java index 1d10aeb66c..5aef8e4c74 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java @@ -62,26 +62,19 @@ public class PermissionTests { @Test public void stringConversion() { this.permissionFactory.registerPublicPermissions(SpecialPermission.class); - assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]"); - assertThat(BasePermission.ADMINISTRATION.toString()) .isEqualTo("BasePermission[...........................A....=16]"); - assertThat(new CumulativePermission().set(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[...............................R=1]"); - assertThat( new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString()) .isEqualTo("CumulativePermission[..........................EA....=48]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[...........................A...R=17]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) .clear(BasePermission.ADMINISTRATION).toString()) .isEqualTo("CumulativePermission[...............................R=1]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) .clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[................................=0]"); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java index 097be23708..6000bab596 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java @@ -147,7 +147,6 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); // Deliberately use an integer for the child, to reproduce bug report in SEC-819 ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102); - Map map = this.strategy .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); checkEntries(topParentOid, middleParentOid, childOid, map); @@ -158,15 +157,12 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); - // Objects were put in cache this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); - // Let's empty the database to force acls retrieval from cache emptyDatabase(); Map map = this.strategy .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); - checkEntries(topParentOid, middleParentOid, childOid, map); } @@ -175,7 +171,6 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); - // Set a batch size to allow multiple database queries in order to retrieve all // acls this.strategy.setBatchSize(1); @@ -187,31 +182,25 @@ public abstract class AbstractBasicLookupStrategyTests { private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid, Map map) { assertThat(map).hasSize(3); - MutableAcl topParent = (MutableAcl) map.get(topParentOid); MutableAcl middleParent = (MutableAcl) map.get(middleParentOid); MutableAcl child = (MutableAcl) map.get(childOid); - // Check the retrieved versions has IDs assertThat(topParent.getId()).isNotNull(); assertThat(middleParent.getId()).isNotNull(); assertThat(child.getId()).isNotNull(); - // Check their parents were correctly retrieved assertThat(topParent.getParentAcl()).isNull(); assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(topParentOid); assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid); - // Check their ACEs were correctly retrieved assertThat(topParent.getEntries()).hasSize(2); assertThat(middleParent.getEntries()).hasSize(1); assertThat(child.getEntries()).hasSize(1); - // Check object identities were correctly retrieved assertThat(topParent.getObjectIdentity()).isEqualTo(topParentOid); assertThat(middleParent.getObjectIdentity()).isEqualTo(middleParentOid); assertThat(child.getObjectIdentity()).isEqualTo(childOid); - // Check each entry assertThat(topParent.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(1)).isEqualTo(topParent.getId()); @@ -222,14 +211,12 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat((topParent.getEntries().get(0)).isGranting()).isTrue(); - assertThat(Long.valueOf(2)).isEqualTo(topParent.getEntries().get(1).getId()); assertThat(topParent.getEntries().get(1).getPermission()).isEqualTo(BasePermission.WRITE); assertThat(topParent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("ben")); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess()).isFalse(); assertThat(topParent.getEntries().get(1).isGranting()).isFalse(); - assertThat(middleParent.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(2)).isEqualTo(middleParent.getId()); assertThat(new PrincipalSid("ben")).isEqualTo(middleParent.getOwner()); @@ -239,7 +226,6 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat(middleParent.getEntries().get(0).isGranting()).isTrue(); - assertThat(child.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(3)).isEqualTo(child.getId()); assertThat(new PrincipalSid("ben")).isEqualTo(child.getOwner()); @@ -255,15 +241,12 @@ public abstract class AbstractBasicLookupStrategyTests { public void testAllParentsAreRetrievedWhenChildIsLoaded() { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);"; getJdbcTemplate().execute(query); - ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 103L); - // Retrieve the child Map map = this.strategy.readAclsById(Arrays.asList(childOid), null); - // Check that the child and all its parents were retrieved assertThat(map.get(childOid)).isNotNull(); assertThat(map.get(childOid).getObjectIdentity()).isEqualTo(childOid); @@ -271,7 +254,6 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(map.get(middleParentOid).getObjectIdentity()).isEqualTo(middleParentOid); assertThat(map.get(topParentOid)).isNotNull(); assertThat(map.get(topParentOid).getObjectIdentity()).isEqualTo(topParentOid); - // The second parent shouldn't have been retrieved assertThat(map.get(middleParent2Oid)).isNull(); } @@ -287,26 +269,21 @@ public abstract class AbstractBasicLookupStrategyTests { + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (9,2,108,7,1,1);" + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)"; getJdbcTemplate().execute(query); - ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L); ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, 105L); ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 106); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 107); - // First lookup only child, thus populating the cache with grandParent, // parent1 // and child List checkPermission = Arrays.asList(BasePermission.READ); List sids = Arrays.asList(BEN_SID); List childOids = Arrays.asList(childOid); - this.strategy.setBatchSize(6); Map foundAcls = this.strategy.readAclsById(childOids, sids); - Acl foundChildAcl = foundAcls.get(childOid); assertThat(foundChildAcl).isNotNull(); assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue(); - // Search for object identities has to be done in the following order: // last // element have to be one which @@ -315,12 +292,10 @@ public abstract class AbstractBasicLookupStrategyTests { List allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid); try { foundAcls = this.strategy.readAclsById(allOids, sids); - } catch (NotFoundException notExpected) { fail("It shouldn't have thrown NotFoundException"); } - Acl foundParent2Acl = foundAcls.get(parent2Oid); assertThat(foundParent2Acl).isNotNull(); assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue(); @@ -329,18 +304,14 @@ public abstract class AbstractBasicLookupStrategyTests { @Test(expected = IllegalArgumentException.class) public void nullOwnerIsNotSupported() { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,104,null,null,1);"; - getJdbcTemplate().execute(query); - ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L); - this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)); } @Test public void testCreatePrincipalSid() { Sid result = this.strategy.createSid(true, "sid"); - assertThat(result.getClass()).isEqualTo(PrincipalSid.class); assertThat(((PrincipalSid) result).getPrincipal()).isEqualTo("sid"); } @@ -348,7 +319,6 @@ public abstract class AbstractBasicLookupStrategyTests { @Test public void testCreateGrantedAuthority() { Sid result = this.strategy.createSid(false, "sid"); - assertThat(result.getClass()).isEqualTo(GrantedAuthoritySid.class); assertThat(((GrantedAuthoritySid) result).getGrantedAuthority()).isEqualTo("sid"); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java index 16206dea2b..32a2547351 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java @@ -58,12 +58,10 @@ public class BasicLookupStrategyTestsDbHelper { else { connectionUrl = "jdbc:hsqldb:mem:lookupstrategytestWithAclClassIdType"; sqlClassPathResource = ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID; - } this.dataSource = new SingleConnectionDataSource(connectionUrl, "sa", "", true); this.dataSource.setDriverClassName("org.hsqldb.jdbcDriver"); this.jdbcTemplate = new JdbcTemplate(this.dataSource); - Resource resource = new ClassPathResource(sqlClassPathResource); String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream())); this.jdbcTemplate.execute(sql); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java index 9d2d6c2e5d..eca0b5d635 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java @@ -35,7 +35,6 @@ public class DatabaseSeeder { public DatabaseSeeder(DataSource dataSource, Resource resource) throws IOException { Assert.notNull(dataSource, "dataSource required"); Assert.notNull(resource, "resource required"); - JdbcTemplate template = new JdbcTemplate(dataSource); String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream())); template.execute(sql); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java index 04f496a43b..d293b50084 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java @@ -82,12 +82,10 @@ public class EhCacheBasedAclCacheTests { this.myCache = new EhCacheBasedAclCache(this.cache, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER"))); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - this.acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); } @@ -111,7 +109,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { ObjectIdentity obj = null; this.myCache.evictFromCache(obj); @@ -119,7 +116,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { Serializable id = null; this.myCache.getFromCache(id); @@ -127,7 +123,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { ObjectIdentity obj = null; this.myCache.getFromCache(obj); @@ -135,7 +130,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { MutableAcl acl = null; this.myCache.putInCache(acl); @@ -154,17 +148,13 @@ public class EhCacheBasedAclCacheTests { ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(this.acl); oos.close(); - FileInputStream fis = new FileInputStream(file); ObjectInputStream ois = new ObjectInputStream(fis); MutableAcl retrieved = (MutableAcl) ois.readObject(); ois.close(); - assertThat(retrieved).isEqualTo(this.acl); - Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved); assertThat(retrieved1).isNull(); - Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved); assertThat(retrieved2).isNull(); } @@ -172,14 +162,12 @@ public class EhCacheBasedAclCacheTests { @Test public void clearCache() { this.myCache.clearCache(); - verify(this.cache).removeAll(); } @Test public void putInCache() { this.myCache.putInCache(this.acl); - verify(this.cache, times(2)).put(this.element.capture()); assertThat(this.element.getValue().getKey()).isEqualTo(this.acl.getId()); assertThat(this.element.getValue().getObjectValue()).isEqualTo(this.acl); @@ -192,29 +180,21 @@ public class EhCacheBasedAclCacheTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger()); this.acl.setParent(parentAcl); - this.myCache.putInCache(this.acl); - verify(this.cache, times(4)).put(this.element.capture()); - List allValues = this.element.getAllValues(); - assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity()); assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl); - assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId()); assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl); - assertThat(allValues.get(2).getKey()).isEqualTo(this.acl.getObjectIdentity()); assertThat(allValues.get(2).getObjectValue()).isEqualTo(this.acl); - assertThat(allValues.get(3).getKey()).isEqualTo(this.acl.getId()); assertThat(allValues.get(3).getObjectValue()).isEqualTo(this.acl); } @@ -222,21 +202,16 @@ public class EhCacheBasedAclCacheTests { @Test public void getFromCacheSerializable() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl); } @Test public void getFromCacheSerializablePopulatesTransient() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.putInCache(this.acl); - ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null); ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null); - MutableAcl fromCache = this.myCache.getFromCache(this.acl.getId()); - assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull(); assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull(); } @@ -244,21 +219,16 @@ public class EhCacheBasedAclCacheTests { @Test public void getFromCacheObjectIdentity() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl); } @Test public void getFromCacheObjectIdentityPopulatesTransient() { given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.putInCache(this.acl); - ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null); ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null); - MutableAcl fromCache = this.myCache.getFromCache(this.acl.getObjectIdentity()); - assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull(); assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull(); } @@ -266,9 +236,7 @@ public class EhCacheBasedAclCacheTests { @Test public void evictCacheSerializable() { given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.evictFromCache(this.acl.getObjectIdentity()); - verify(this.cache).remove(this.acl.getId()); verify(this.cache).remove(this.acl.getObjectIdentity()); } @@ -276,9 +244,7 @@ public class EhCacheBasedAclCacheTests { @Test public void evictCacheObjectIdentity() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.evictFromCache(this.acl.getId()); - verify(this.cache).remove(this.acl.getId()); verify(this.cache).remove(this.acl.getObjectIdentity()); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java index 3e5e09c2f7..a4ff652ef1 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java @@ -97,7 +97,6 @@ public class JdbcAclServiceTests { given(this.lookupStrategy.readAclsById(anyList(), anyList())).willReturn(result); ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1); List sids = Arrays.asList(new PrincipalSid("user")); - this.aclService.readAclById(objectIdentity, sids); } @@ -108,7 +107,6 @@ public class JdbcAclServiceTests { Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" }; given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result); ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L); - List objectIdentities = this.aclService.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("5577"); @@ -117,7 +115,6 @@ public class JdbcAclServiceTests { @Test public void findNoChildren() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L); - List objectIdentities = this.aclService.findChildren(objectIdentity); assertThat(objectIdentities).isNull(); } @@ -125,7 +122,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenWithoutIdType() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); assertThat(objectIdentities.get(0).getType()).isEqualTo(MockUntypedIdDomainObject.class.getName()); @@ -135,7 +131,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenForUnknownObject() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 33); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities).isNull(); } @@ -143,7 +138,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeLong() { ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US-PAL"); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(2); assertThat(objectIdentities.get(0).getType()).isEqualTo(MockLongIdDomainObject.class.getName()); @@ -155,7 +149,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeString() { ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US"); - this.aclServiceIntegration.setAclClassIdSupported(true); List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); @@ -166,7 +159,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeUUID() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockUntypedIdDomainObject.class, 5000L); - this.aclServiceIntegration.setAclClassIdSupported(true); List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java index 9d70049f1a..fe44732540 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java @@ -142,123 +142,97 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin @Transactional public void testLifecycle() { SecurityContextHolder.getContext().setAuthentication(this.auth); - MutableAcl topParent = this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); - // Specify the inheritance hierarchy middleParent.setParent(topParent); child.setParent(middleParent); - // Now let's add a couple of permissions topParent.insertAce(0, BasePermission.READ, new PrincipalSid(this.auth), true); topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(this.auth), false); middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), true); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false); - // Explicitly save the changed ACL this.jdbcMutableAclService.updateAcl(topParent); this.jdbcMutableAclService.updateAcl(middleParent); this.jdbcMutableAclService.updateAcl(child); - // Let's check if we can read them back correctly Map map = this.jdbcMutableAclService .readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid())); assertThat(map).hasSize(3); - // Replace our current objects with their retrieved versions topParent = (MutableAcl) map.get(getTopParentOid()); middleParent = (MutableAcl) map.get(getMiddleParentOid()); child = (MutableAcl) map.get(getChildOid()); - // Check the retrieved versions has IDs assertThat(topParent.getId()).isNotNull(); assertThat(middleParent.getId()).isNotNull(); assertThat(child.getId()).isNotNull(); - // Check their parents were correctly persisted assertThat(topParent.getParentAcl()).isNull(); assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(getTopParentOid()); assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid()); - // Check their ACEs were correctly persisted assertThat(topParent.getEntries()).hasSize(2); assertThat(middleParent.getEntries()).hasSize(1); assertThat(child.getEntries()).hasSize(1); - // Check the retrieved rights are correct List read = Arrays.asList(BasePermission.READ); List write = Arrays.asList(BasePermission.WRITE); List delete = Arrays.asList(BasePermission.DELETE); List pSid = Arrays.asList((Sid) new PrincipalSid(this.auth)); - assertThat(topParent.isGranted(read, pSid, false)).isTrue(); assertThat(topParent.isGranted(write, pSid, false)).isFalse(); assertThat(middleParent.isGranted(delete, pSid, false)).isTrue(); assertThat(child.isGranted(delete, pSid, false)).isFalse(); - try { child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Now check the inherited rights (when not explicitly overridden) also look OK assertThat(child.isGranted(read, pSid, false)).isTrue(); assertThat(child.isGranted(write, pSid, false)).isFalse(); assertThat(child.isGranted(delete, pSid, false)).isFalse(); - // Next change the child so it doesn't inherit permissions from above child.setEntriesInheriting(false); this.jdbcMutableAclService.updateAcl(child); child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid()); assertThat(child.isEntriesInheriting()).isFalse(); - // Check the child permissions no longer inherit assertThat(child.isGranted(delete, pSid, true)).isFalse(); - try { child.isGranted(read, pSid, true); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - try { child.isGranted(write, pSid, true); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Let's add an identical permission to the child, but it'll appear AFTER the // current permission, so has no impact child.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true); - // Let's also add another permission to the child child.insertAce(2, BasePermission.CREATE, new PrincipalSid(this.auth), true); - // Save the changed child this.jdbcMutableAclService.updateAcl(child); child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid()); assertThat(child.getEntries()).hasSize(3); - // Output permissions for (int i = 0; i < child.getEntries().size(); i++) { System.out.println(child.getEntries().get(i)); } - // Check the permissions are as they should be assertThat(child.isGranted(delete, pSid, true)).isFalse(); // as earlier // permission // overrode assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue(); - // Now check the first ACE (index 0) really is DELETE for our Sid and is // non-granting AccessControlEntry entry = child.getEntries().get(0); @@ -266,15 +240,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin assertThat(entry.getSid()).isEqualTo(new PrincipalSid(this.auth)); assertThat(entry.isGranting()).isFalse(); assertThat(entry.getId()).isNotNull(); - // Now delete that first ACE child.deleteAce(0); - // Save and check it worked child = this.jdbcMutableAclService.updateAcl(child); assertThat(child.getEntries()).hasSize(2); assertThat(child.isGranted(delete, pSid, false)).isTrue(); - SecurityContextHolder.clearContext(); } @@ -285,7 +256,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin @Transactional public void deleteAclAlsoDeletesChildren() { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); @@ -294,27 +264,21 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin this.jdbcMutableAclService.updateAcl(child); // Check the childOid really is a child of middleParentOid Acl childAcl = this.jdbcMutableAclService.readAclById(getChildOid()); - assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid()); - // Delete the mid-parent and test if the child was deleted, as well this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true); - try { this.jdbcMutableAclService.readAclById(getMiddleParentOid()); fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } try { this.jdbcMutableAclService.readAclById(getChildOid()); fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid()); assertThat(acl).isNotNull(); assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity()); @@ -328,14 +292,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin } catch (IllegalArgumentException expected) { } - try { new JdbcMutableAclService(this.dataSource, null, this.aclCache); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null); fail("It should have thrown IllegalArgumentException"); @@ -386,11 +348,9 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin SecurityContextHolder.getContext().setAuthentication(this.auth); MutableAcl parent = this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); - // Specify the inheritance hierarchy child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - try { this.jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK // checking in the @@ -413,13 +373,11 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false); this.jdbcMutableAclService.updateAcl(child); - // Remove the child and check all related database rows were removed accordingly this.jdbcMutableAclService.deleteAcl(getChildOid(), false); assertThat(this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1); assertThat(this.jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty(); assertThat(this.jdbcTemplate.queryForList("select * from acl_entry")).isEmpty(); - // Check the cache assertThat(this.aclCache.getFromCache(getChildOid())).isNull(); assertThat(this.aclCache.getFromCache(102L)).isNull(); @@ -432,7 +390,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin SecurityContextHolder.getContext().setAuthentication(this.auth); ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101); this.jdbcMutableAclService.createAcl(oid); - assertThat(this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull(); } @@ -445,27 +402,20 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L); - MutableAcl parent = this.jdbcMutableAclService.createAcl(parentOid); MutableAcl child = this.jdbcMutableAclService.createAcl(childOid); - child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid); parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true); this.jdbcMutableAclService.updateAcl(parent); - parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid); parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true); this.jdbcMutableAclService.updateAcl(parent); - child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid); parent = (MutableAcl) child.getParentAcl(); - assertThat(parent.getEntries()).hasSize(2) .withFailMessage("Fails because child has a stale reference to its parent"); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1); @@ -483,22 +433,16 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED"); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, 1L); - MutableAcl parent = this.jdbcMutableAclService.createAcl(rootObject); MutableAcl child = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L)); child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true); this.jdbcMutableAclService.updateAcl(parent); - parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true); this.jdbcMutableAclService.updateAcl(parent); - child = (MutableAcl) this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L)); - parent = (MutableAcl) child.getParentAcl(); - assertThat(parent.getEntries()).hasSize(2); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16); assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR")); @@ -512,24 +456,19 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 110L); MutableAcl topParent = this.jdbcMutableAclService.createAcl(topParentOid); - // Add an ACE permission entry Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION); assertThat(cm.getMask()).isEqualTo(17); Sid benSid = new PrincipalSid(auth); topParent.insertAce(0, cm, benSid, true); assertThat(topParent.getEntries()).hasSize(1); - // Explicitly save the changed ACL topParent = this.jdbcMutableAclService.updateAcl(topParent); - // Check the mask was retrieved correctly assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17); assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue(); - SecurityContextHolder.clearContext(); } @@ -539,9 +478,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin new CustomJdbcMutableAclService(this.dataSource, this.lookupStrategy, this.aclCache)); CustomSid customSid = new CustomSid("Custom sid"); given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L); - Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false); - assertThat(new Long(1L)).isEqualTo(result); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java index f912ad7514..ab69977a56 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java @@ -75,11 +75,9 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ @Transactional public void identityWithUuidIdIsSupportedByCreateAcl() { SecurityContextHolder.getContext().setAuthentication(getAuth()); - UUID id = UUID.randomUUID(); ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id); getJdbcMutableAclService().createAcl(oid); - assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id))) .isNotNull(); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java index 3d2a9c7928..9a3bd62400 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java @@ -89,37 +89,28 @@ public class SpringCacheBasedAclCacheTests { new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); AuditLogger auditLogger = new ConsoleAuditLogger(); - PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger); SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy); MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger); - assertThat(realCache).isEmpty(); myCache.putInCache(acl); - // Check we can get from cache the same objects we put in assertThat(acl).isEqualTo(myCache.getFromCache(1L)); assertThat(acl).isEqualTo(myCache.getFromCache(identity)); - // Put another object in cache ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, 101L); MutableAcl acl2 = new AclImpl(identity2, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger()); - myCache.putInCache(acl2); - // Try to evict an entry that doesn't exist myCache.evictFromCache(3L); myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, 102L)); assertThat(realCache).hasSize(4); - myCache.evictFromCache(1L); assertThat(realCache).hasSize(2); - // Check the second object inserted assertThat(acl2).isEqualTo(myCache.getFromCache(2L)); assertThat(acl2).isEqualTo(myCache.getFromCache(identity2)); - myCache.evictFromCache(identity2); assertThat(realCache).isEmpty(); } @@ -129,31 +120,24 @@ public class SpringCacheBasedAclCacheTests { public void cacheOperationsAclWithParent() throws Exception { Cache cache = getCache(); Map realCache = (Map) cache.getNativeCache(); - Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L); ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); AuditLogger auditLogger = new ConsoleAuditLogger(); - PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger); SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy); - MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger); MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger); - acl.setParent(parentAcl); - assertThat(realCache).isEmpty(); myCache.putInCache(acl); assertThat(4).isEqualTo(realCache.size()); - // Check we can get from cache the same objects we put in AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L); assertThat(aclFromCache).isEqualTo(acl); diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java index 0d5d0617a6..5922f8f670 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java @@ -50,16 +50,13 @@ public class SidRetrievalStrategyTests { public void correctSidsAreRetrieved() { SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl(); List sids = retrStrategy.getSids(this.authentication); - assertThat(sids).isNotNull(); assertThat(sids).hasSize(4); assertThat(sids.get(0)).isNotNull(); assertThat(sids.get(0) instanceof PrincipalSid).isTrue(); - for (int i = 1; i < sids.size(); i++) { assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue(); } - assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott"); assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A"); assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B"); @@ -72,7 +69,6 @@ public class SidRetrievalStrategyTests { List rhAuthorities = AuthorityUtils.createAuthorityList("D"); given(rh.getReachableGrantedAuthorities(anyCollection())).willReturn(rhAuthorities); SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh); - List sids = strat.getSids(this.authentication); assertThat(sids).hasSize(2); assertThat(sids.get(0)).isNotNull(); diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java index c9ae5a238b..3b566e8c92 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java @@ -46,17 +46,14 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - try { new PrincipalSid(""); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - new PrincipalSid("johndoe"); // throws no exception - // Check one Authentication-argument constructor try { Authentication authentication = null; @@ -65,7 +62,6 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - try { Authentication authentication = new TestingAuthenticationToken(null, "password"); new PrincipalSid(authentication); @@ -73,7 +69,6 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); new PrincipalSid(authentication); // throws no exception @@ -88,25 +83,19 @@ public class SidTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new GrantedAuthoritySid(""); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new GrantedAuthoritySid("ROLE_TEST"); - } catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); } - // Check one GrantedAuthority-argument constructor try { GrantedAuthority ga = null; @@ -114,22 +103,17 @@ public class SidTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { GrantedAuthority ga = new SimpleGrantedAuthority(null); new GrantedAuthoritySid(ga); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); new GrantedAuthoritySid(ga); - } catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); @@ -140,7 +124,6 @@ public class SidTests { public void testPrincipalSidEquals() { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); - assertThat(principalSid.equals(null)).isFalse(); assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(principalSid.equals(principalSid)).isTrue(); @@ -155,7 +138,6 @@ public class SidTests { public void testGrantedAuthoritySidEquals() { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); Sid gaSid = new GrantedAuthoritySid(ga); - assertThat(gaSid.equals(null)).isFalse(); assertThat(gaSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(gaSid.equals(gaSid)).isTrue(); @@ -170,7 +152,6 @@ public class SidTests { public void testPrincipalSidHashCode() { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); - assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode()); assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode()); assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode()); @@ -182,7 +163,6 @@ public class SidTests { public void testGrantedAuthoritySidHashCode() { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); Sid gaSid = new GrantedAuthoritySid(ga); - assertThat(gaSid.hashCode()).isEqualTo("ROLE_TEST".hashCode()); assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode()); assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode()); @@ -196,10 +176,8 @@ public class SidTests { PrincipalSid principalSid = new PrincipalSid(authentication); GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga); - assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue(); assertThat("scott".equals(principalSid.getPrincipal())).isFalse(); - assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue(); assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse(); } @@ -209,7 +187,6 @@ public class SidTests { User user = new User("user", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_TEST"))); Authentication authentication = new TestingAuthenticationToken(user, "password"); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("user").isEqualTo(principalSid.getPrincipal()); } @@ -217,7 +194,6 @@ public class SidTests { public void getPrincipalWhenPrincipalNotInstanceOfUserDetailsThenReturnsPrincipalName() { Authentication authentication = new TestingAuthenticationToken("token", "password"); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("token").isEqualTo(principalSid.getPrincipal()); } @@ -225,7 +201,6 @@ public class SidTests { public void getPrincipalWhenCustomAuthenticationPrincipalThenReturnsPrincipalName() { Authentication authentication = new CustomAuthenticationToken(new CustomToken("token"), null); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("token").isEqualTo(principalSid.getPrincipal()); } diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java index f7d81ac042..9c0923a18a 100644 --- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java @@ -111,7 +111,6 @@ public class AnnotationSecurityAspectTests { @Test(expected = AccessDeniedException.class) public void internalPrivateCallIsIntercepted() { SecurityContextHolder.getContext().setAuthentication(this.anne); - try { this.secured.publicCallsPrivate(); fail("Expected AccessDeniedException"); @@ -124,7 +123,6 @@ public class AnnotationSecurityAspectTests { @Test(expected = AccessDeniedException.class) public void protectedMethodIsIntercepted() { SecurityContextHolder.getContext().setAuthentication(this.anne); - this.secured.protectedMethod(); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java index d9248e6eec..7f1233b7d5 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java @@ -35,11 +35,9 @@ public abstract class AbstractStatelessTicketCacheTests { protected CasAuthenticationToken getToken() { List proxyList = new ArrayList<>(); proxyList.add("https://localhost/newPortal/login/cas"); - User user = new User("rod", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); final Assertion assertion = new AssertionImpl("rod"); - return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java index 1d680d1683..d5bef694f1 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java @@ -71,7 +71,6 @@ public class CasAuthenticationProviderTests { final ServiceProperties serviceProperties = new ServiceProperties(); serviceProperties.setSendRenew(false); serviceProperties.setService("http://test.com"); - return serviceProperties; } @@ -80,27 +79,20 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setServiceProperties(makeServiceProperties()); - cap.setTicketValidator(new MockTicketValidator(true)); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "ST-123"); token.setDetails("details"); - Authentication result = cap.authenticate(token); - // Confirm ST-123 was NOT added to the cache assertThat(cache.getByTicketId("ST-456") == null).isTrue(); - if (!(result instanceof CasAuthenticationToken)) { fail("Should have returned a CasAuthenticationToken"); } - CasAuthenticationToken casResult = (CasAuthenticationToken) result; assertThat(casResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); assertThat(casResult.getCredentials()).isEqualTo("ST-123"); @@ -108,11 +100,9 @@ public class CasAuthenticationProviderTests { assertThat(casResult.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_B")); assertThat(casResult.getKeyHash()).isEqualTo(cap.getKey().hashCode()); assertThat(casResult.getDetails()).isEqualTo("details"); - // Now confirm the CasAuthenticationToken is automatically re-accepted. // To ensure TicketValidator not called again, set it to deliver an exception... cap.setTicketValidator(new MockTicketValidator(false)); - Authentication laterResult = cap.authenticate(result); assertThat(laterResult).isEqualTo(result); } @@ -122,34 +112,26 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, "ST-456"); token.setDetails("details"); - Authentication result = cap.authenticate(token); - // Confirm ST-456 was added to the cache assertThat(cache.getByTicketId("ST-456") != null).isTrue(); - if (!(result instanceof CasAuthenticationToken)) { fail("Should have returned a CasAuthenticationToken"); } - assertThat(result.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); assertThat(result.getCredentials()).isEqualTo("ST-456"); assertThat(result.getDetails()).isEqualTo("details"); - // Now try to authenticate again. To ensure TicketValidator not // called again, set it to deliver an exception... cap.setTicketValidator(new MockTicketValidator(false)); - // Previously created UsernamePasswordAuthenticationToken is OK Authentication newResult = cap.authenticate(token); assertThat(newResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); @@ -163,22 +145,17 @@ public class CasAuthenticationProviderTests { given(details.getServiceUrl()).willReturn(serviceUrl); TicketValidator validator = mock(TicketValidator.class); given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod")); - ServiceProperties serviceProperties = makeServiceProperties(); serviceProperties.setAuthenticateAllArtifacts(true); - CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - cap.setTicketValidator(validator); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); - String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); - Authentication result = cap.authenticate(token); } @@ -189,40 +166,31 @@ public class CasAuthenticationProviderTests { given(details.getServiceUrl()).willReturn(serviceUrl); TicketValidator validator = mock(TicketValidator.class); given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod")); - ServiceProperties serviceProperties = makeServiceProperties(); serviceProperties.setAuthenticateAllArtifacts(true); - CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - cap.setTicketValidator(validator); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); - String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); - Authentication result = cap.authenticate(token); verify(validator).validate(ticket, serviceProperties.getService()); - serviceProperties.setAuthenticateAllArtifacts(true); result = cap.authenticate(token); verify(validator, times(2)).validate(ticket, serviceProperties.getService()); - token.setDetails(details); result = cap.authenticate(token); verify(validator).validate(ticket, serviceUrl); - serviceProperties.setAuthenticateAllArtifacts(false); serviceProperties.setService(null); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); result = cap.authenticate(token); verify(validator, times(2)).validate(ticket, serviceUrl); - token.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); try { cap.authenticate(token); @@ -230,7 +198,6 @@ public class CasAuthenticationProviderTests { } catch (IllegalStateException success) { } - cap.setServiceProperties(null); cap.afterPropertiesSet(); try { @@ -246,16 +213,13 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, ""); - cap.authenticate(token); } @@ -265,16 +229,13 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", makeUserDetails(), "credentials", AuthorityUtils.createAuthorityList("XX"), makeUserDetails(), assertion); - cap.authenticate(token); } @@ -329,7 +290,6 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - // TODO disabled because why do we need to expose this? // assertThat(cap.getUserDetailsService() != null).isTrue(); assertThat(cap.getKey()).isEqualTo("qwerty"); @@ -346,10 +306,8 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(cap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(cap.authenticate(token)).isNull(); } @@ -363,7 +321,6 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("some_normal_user", "password", AuthorityUtils.createAuthorityList("ROLE_A")); assertThat(cap.authenticate(token)).isNull(); diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java index 2de2cc4ea6..21278296c5 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java @@ -59,35 +59,30 @@ public class CasAuthenticationTokenTests { } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", null, "Password", this.ROLES, makeUserDetails(), assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), null, this.ROLES, makeUserDetails(), assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, null, assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(), assertion); @@ -106,13 +101,10 @@ public class CasAuthenticationTokenTests { @Test public void testEqualsWhenEqual() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(token2).isEqualTo(token1); } @@ -138,30 +130,24 @@ public class CasAuthenticationTokenTests { fail("Should have thrown NoSuchMethodException"); } catch (NoSuchMethodException expected) { - } } @Test public void testNotEqualsDueToAbstractParentEqualsCheck() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(!token1.equals(token2)).isTrue(); } @Test public void testNotEqualsDueToDifferentAuthenticationClass() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", this.ROLES); assertThat(!token1.equals(token2)).isTrue(); @@ -170,13 +156,10 @@ public class CasAuthenticationTokenTests { @Test public void testNotEqualsDueToKey() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(!token1.equals(token2)).isTrue(); } @@ -184,13 +167,10 @@ public class CasAuthenticationTokenTests { public void testNotEqualsDueToAssertion() { final Assertion assertion = new AssertionImpl("test"); final Assertion assertion2 = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion2); - assertThat(!token1.equals(token2)).isTrue(); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java index e571254522..513158a479 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java @@ -52,17 +52,13 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache(); cache.setCache(cacheManager.getCache("castickets")); cache.afterPropertiesSet(); - final CasAuthenticationToken token = getToken(); - // Check it gets stored in the cache cache.putTicketInCache(token); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token); - // Check it gets removed from the cache cache.removeTicketFromCache(getToken()); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull(); - // Check it doesn't return values for null or unknown service tickets assertThat(cache.getByTicketId(null)).isNull(); assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull(); @@ -71,15 +67,12 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe @Test public void testStartupDetectsMissingCache() throws Exception { EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache(); - try { cache.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - Ehcache myCache = cacheManager.getCache("castickets"); cache.setCache(myCache); assertThat(cache.getCache()).isEqualTo(myCache); diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java index b9bfffcd51..607ed39260 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java @@ -44,17 +44,13 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac @Test public void testCacheOperation() throws Exception { SpringCacheBasedTicketCache cache = new SpringCacheBasedTicketCache(cacheManager.getCache("castickets")); - final CasAuthenticationToken token = getToken(); - // Check it gets stored in the cache cache.putTicketInCache(token); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token); - // Check it gets removed from the cache cache.removeTicketFromCache(getToken()); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull(); - // Check it doesn't return values for null or unknown service tickets assertThat(cache.getByTicketId(null)).isNull(); assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull(); diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java index 7ed182ccc9..4eed00cbe9 100644 --- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java +++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java @@ -74,7 +74,6 @@ public class CasAuthenticationTokenMixinTests { + "\"authorities\": " + AUTHORITIES_SET_JSON + "}"; // @formatter:on - private static final String CAS_TOKEN_JSON = "{" + "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", " + "\"keyHash\": " + KEY.hashCode() + "," + "\"principal\": " + USER_JSON + ", " + "\"credentials\": " diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java index 15cb9df2c4..825542cb79 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java @@ -38,7 +38,6 @@ public class CasAuthenticationEntryPointTests { public void testDetectsMissingLoginFormUrl() throws Exception { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setServiceProperties(new ServiceProperties()); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -52,7 +51,6 @@ public class CasAuthenticationEntryPointTests { public void testDetectsMissingServiceProperties() throws Exception { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -67,7 +65,6 @@ public class CasAuthenticationEntryPointTests { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); assertThat(ep.getLoginUrl()).isEqualTo("https://cas/login"); - ep.setServiceProperties(new ServiceProperties()); assertThat(ep.getServiceProperties() != null).isTrue(); } @@ -77,19 +74,14 @@ public class CasAuthenticationEntryPointTests { ServiceProperties sp = new ServiceProperties(); sp.setSendRenew(false); sp.setService("https://mycompany.com/bigWebApp/login/cas"); - CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); ep.setServiceProperties(sp); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); ep.commence(request, response, null); - assertThat( "https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8")) .isEqualTo(response.getRedirectedUrl()); @@ -100,16 +92,12 @@ public class CasAuthenticationEntryPointTests { ServiceProperties sp = new ServiceProperties(); sp.setSendRenew(true); sp.setService("https://mycompany.com/bigWebApp/login/cas"); - CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); ep.setServiceProperties(sp); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); ep.commence(request, response, null); assertThat("https://cas/login?service=" diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index e37c07619f..e704ecd3ff 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -69,12 +69,9 @@ public class CasAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/login/cas"); request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ"); - CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager((a) -> a); - assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue(); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); } @@ -85,7 +82,6 @@ public class CasAuthenticationFilterTests { filter.setAuthenticationManager((a) -> { throw new BadCredentialsException("Rejected"); }); - filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse()); } @@ -96,7 +92,6 @@ public class CasAuthenticationFilterTests { filter.setFilterProcessesUrl(url); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); } @@ -106,7 +101,6 @@ public class CasAuthenticationFilterTests { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/pgtCallback"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyReceptorUrl(request.getServletPath()); @@ -121,17 +115,14 @@ public class CasAuthenticationFilterTests { public void testRequiresAuthenticationAuthAll() { ServiceProperties properties = new ServiceProperties(); properties.setAuthenticateAllArtifacts(true); - String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); filter.setServiceProperties(properties); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); - request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); request.setParameter(properties.getArtifactParameter(), "value"); @@ -151,7 +142,6 @@ public class CasAuthenticationFilterTests { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); @@ -171,20 +161,17 @@ public class CasAuthenticationFilterTests { request.setServletPath("/authenticate"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setServiceProperties(serviceProperties); filter.setAuthenticationSuccessHandler(successHandler); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setAuthenticationManager(manager); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull() .withFailMessage("Authentication should not be null"); verify(chain).doFilter(request, response); verifyZeroInteractions(successHandler); - // validate for when the filterProcessUrl matches filter.setFilterProcessesUrl(request.getServletPath()); SecurityContextHolder.clearContext(); @@ -200,11 +187,9 @@ public class CasAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); - filter.doFilter(request, response, chain); verifyZeroInteractions(chain); } diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java index 47bd7db94b..cc61ac93be 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java @@ -68,10 +68,8 @@ public class ServicePropertiesTests { assertThat(sp.getArtifactParameter()).isEqualTo("notticket"); sp.setServiceParameter("notservice"); assertThat(sp.getServiceParameter()).isEqualTo("notservice"); - sp.setService("https://mycompany.com/service"); assertThat(sp.getService()).isEqualTo("https://mycompany.com/service"); - sp.afterPropertiesSet(); } } diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java index a292662cc4..d7d95ea3a7 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java @@ -55,7 +55,6 @@ public class DefaultServiceAuthenticationDetailsTests { this.request.setRequestURI("/cas-sample/secure/"); this.artifactPattern = DefaultServiceAuthenticationDetails .createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER); - } @After diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java index a6809b8574..7262646c80 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java @@ -86,7 +86,6 @@ public class HelloRSocketITests { public void retrieveMonoWhenSecureThenDenied() throws Exception { this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies()) .connectTcp("localhost", this.server.address().getPort()).block(); - String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isNotNull(); @@ -106,7 +105,6 @@ public class HelloRSocketITests { String hiRob = this.requester.route("secure.retrieve-mono") .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java index 12e27e88c9..f8b30d7e51 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java @@ -102,9 +102,7 @@ public class JwtITests { this.requester = requester() .setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -112,14 +110,11 @@ public class JwtITests { public void routeWhenAuthenticationBearerThenAuthorized() { MimeType authenticationMimeType = MimeTypeUtils .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); - BearerTokenMetadata credentials = new BearerTokenMetadata("token"); given(this.decoder.decode(any())).willReturn(Mono.just(jwt())); this.requester = requester().setupMetadata(credentials, authenticationMimeType) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java index 1a73888c74..ecacae6b21 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java @@ -94,9 +94,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -105,7 +103,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class) .block()).isInstanceOf(ApplicationErrorException.class); } @@ -116,12 +113,10 @@ public class RSocketMessageHandlerConnectionITests { this.requester = requester() .setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.admin.retrieve-mono") .metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -131,12 +126,10 @@ public class RSocketMessageHandlerConnectionITests { this.requester = requester() .setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiUser = this.requester.route("secure.authority.retrieve-mono") .metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .data("Felipe").retrieveMono(String.class).block(); - assertThat(hiUser).isEqualTo("Hi Felipe"); } @@ -144,7 +137,6 @@ public class RSocketMessageHandlerConnectionITests { public void connectWhenNotAuthenticated() { this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort()) .block(); - assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block()) .isNotNull(); // FIXME: https://github.com/rsocket/rsocket-java/issues/686 @@ -156,7 +148,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block()) .isNotNull(); // FIXME: https://github.com/rsocket/rsocket-java/issues/686 @@ -168,7 +159,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class); } @@ -178,9 +168,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("anyroute").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -189,9 +177,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("admin", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiEbert = this.requester.route("management.users").data("admin").retrieveMono(String.class).block(); - assertThat(hiEbert).isEqualTo("Hi admin"); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java index eb22782c00..9b4f37a09d 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java @@ -79,7 +79,6 @@ public class RSocketMessageHandlerITests { this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY) .addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder()) .transport(TcpServerTransport.create("localhost", 0)).start().block(); - this.requester = RSocketRequester.builder() // .rsocketFactory((factory) -> // factory.addRequesterPlugin(payloadInterceptor)) @@ -99,7 +98,6 @@ public class RSocketMessageHandlerITests { String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -111,7 +109,6 @@ public class RSocketMessageHandlerITests { .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block()).isInstanceOf(ApplicationErrorException.class) .hasMessageContaining("Invalid Credentials"); - assertThat(this.controller.payloads).isEmpty(); } @@ -122,7 +119,6 @@ public class RSocketMessageHandlerITests { String hiRob = this.requester.route("secure.retrieve-mono") .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } @@ -131,7 +127,6 @@ public class RSocketMessageHandlerITests { public void retrieveMonoWhenPublicThenGranted() throws Exception { String data = "rob"; String hiRob = this.requester.route("retrieve-mono").data(data).retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } @@ -142,7 +137,6 @@ public class RSocketMessageHandlerITests { assertThatCode(() -> this.requester.route("secure.retrieve-flux").data(data, String.class) .retrieveFlux(String.class).collectList().block()).isInstanceOf(ApplicationErrorException.class) .hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -151,7 +145,6 @@ public class RSocketMessageHandlerITests { Flux data = Flux.just("a", "b", "c"); List hi = this.requester.route("retrieve-flux").data(data, String.class).retrieveFlux(String.class) .collectList().block(); - assertThat(hi).containsOnly("hello a", "hello b", "hello c"); assertThat(this.controller.payloads).containsOnlyElementsOf(data.collectList().block()); } @@ -162,7 +155,6 @@ public class RSocketMessageHandlerITests { assertThatCode( () -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block()) .isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -170,7 +162,6 @@ public class RSocketMessageHandlerITests { public void sendWhenSecureThenDenied() throws Exception { String data = "hi"; this.requester.route("secure.send").data(data).send().block(); - assertThat(this.controller.payloads).isEmpty(); } @@ -248,7 +239,6 @@ public class RSocketMessageHandlerITests { @MessageMapping({ "secure.send", "send" }) Mono send(Mono payload) { return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll())); - } private synchronized void doNotifyAll() { diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java index fc3d4e01ed..29f1c3b495 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java @@ -92,7 +92,6 @@ public class SimpleAuthenticationITests { public void retrieveMonoWhenSecureThenDenied() throws Exception { this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies()) .connectTcp("localhost", this.server.address().getPort()).block(); - String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class); @@ -103,7 +102,6 @@ public class SimpleAuthenticationITests { public void retrieveMonoWhenAuthorizedThenGranted() { MimeType authenticationMimeType = MimeTypeUtils .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); - UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password"); this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType) .rsocketStrategies(this.handler.getRSocketStrategies()) @@ -111,7 +109,6 @@ public class SimpleAuthenticationITests { String data = "rob"; String hiRob = this.requester.route("secure.retrieve-mono").metadata(credentials, authenticationMimeType) .data(data).retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java index 53b57df075..103addaebd 100644 --- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java +++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java @@ -34,13 +34,11 @@ public class DataSourcePopulator implements InitializingBean { @Override public void afterPropertiesSet() { Assert.notNull(this.template, "dataSource required"); - this.template.execute( "CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);"); this.template.execute( "CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));"); this.template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);"); - /* * Passwords encoded using MD5, NOT in Base64 format, with null as salt Encoded * password for rod is "koala" Encoded password for dianne is "emu" Encoded diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java index 0730702b94..d570897460 100644 --- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java @@ -111,7 +111,6 @@ public class FilterChainProxyConfigTests { @Test public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() { FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class); - List chains = fcp.getFilterChains(); assertThat(getPattern(chains.get(0))).isEqualTo("/login*"); assertThat(getPattern(chains.get(1))).isEqualTo("/logout"); @@ -127,17 +126,14 @@ public class FilterChainProxyConfigTests { List filters = filterChainProxy.getFilters("/foo/blah;x=1"); assertThat(filters).hasSize(1); assertThat(filters.get(0) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); - filters = filterChainProxy.getFilters("/some;x=2,y=3/other/path;z=4/blah"); assertThat(filters).isNotNull(); assertThat(filters).hasSize(3); assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue(); assertThat(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); assertThat(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); - filters = filterChainProxy.getFilters("/do/not/filter;x=7"); assertThat(filters).isEmpty(); - filters = filterChainProxy.getFilters("/another/nonspecificmatch"); assertThat(filters).hasSize(3); assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue(); @@ -148,13 +144,10 @@ public class FilterChainProxyConfigTests { private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.setServletPath("/foo/secure/super/somefile.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - filterChainProxy.doFilter(request, response, chain); verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - request.setServletPath("/a/path/which/doesnt/match/any/filter.html"); chain = mock(FilterChain.class); filterChainProxy.doFilter(request, response, chain); diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java index 1a08796e61..fdec646a62 100644 --- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java +++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java @@ -37,7 +37,6 @@ public class MockUserServiceBeanPostProcessor implements BeanPostProcessor { if (bean instanceof PostProcessedMockUserDetailsService) { ((PostProcessedMockUserDetailsService) bean).setPostProcessorWasHere("Hello from the post processor!"); } - return bean; } diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java index 9b7ccaf51a..454209e4f0 100644 --- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java @@ -90,13 +90,10 @@ public class SecurityNamespaceHandlerTests { PowerMockito.spy(ClassUtils.class); PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class)); - Log logger = mock(Log.class); SecurityNamespaceHandler handler = new SecurityNamespaceHandler(); ReflectionTestUtils.setField(handler, "logger", logger); - handler.init(); - PowerMockito.verifyStatic(ClassUtils.class); ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class)); verifyZeroInteractions(logger); diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java index c1cf8715e9..b98c51df78 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java @@ -43,10 +43,8 @@ public class SecurityConfigurerAdapterClosureTests { return l; } }); - this.conf.init(builder); this.conf.configure(builder); - assertThat(this.conf.list).contains("a"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java index b6e0a5a87b..9e6aeba683 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java @@ -36,7 +36,6 @@ public class SecurityConfigurerAdapterTests { public void postProcessObjectPostProcessorsAreSorted() { this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE)); this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE)); - assertThat(this.adapter.postProcess("hi")) .isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java index fd6749db83..2c3a719c01 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java @@ -76,11 +76,9 @@ public class AuthenticationManagerBuilderTests { public void buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationProvider provider = mock(AuthenticationProvider.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.authenticationProvider(provider); builder.build(); - verify(opp, never()).postProcess(provider); } @@ -92,13 +90,11 @@ public class AuthenticationManagerBuilderTests { given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0)); AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep) .inMemoryAuthentication().and().build(); - try { am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } catch (AuthenticationException success) { } - verify(aep).publishAuthenticationFailure(any(), any()); } @@ -107,9 +103,7 @@ public class AuthenticationManagerBuilderTests { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -119,9 +113,7 @@ public class AuthenticationManagerBuilderTests { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -129,9 +121,7 @@ public class AuthenticationManagerBuilderTests { @Test public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception { this.spring.register(MultiAuthenticationProvidersConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("USER")); - this.mockMvc.perform(formLogin().user("admin")) .andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN")); } @@ -140,11 +130,9 @@ public class AuthenticationManagerBuilderTests { public void buildWhenAuthenticationProviderThenIsConfigured() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationProvider provider = mock(AuthenticationProvider.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.authenticationProvider(provider); builder.build(); - assertThat(builder.isConfigured()).isTrue(); } @@ -152,27 +140,22 @@ public class AuthenticationManagerBuilderTests { public void buildWhenParentThenIsConfigured() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationManager parent = mock(AuthenticationManager.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.parentAuthenticationManager(parent); builder.build(); - assertThat(builder.isConfigured()).isTrue(); } @Test public void buildWhenNotConfiguredThenIsConfiguredFalse() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.build(); - assertThat(builder.isConfigured()).isFalse(); } public void buildWhenUserFromProperties() throws Exception { this.spring.register(UserFromPropertiesConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("joe", "joespassword")) .andExpect(authenticated().withUsername("joe").withRoles("USER")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java index a4ca8c40b1..d21faea9ea 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java @@ -47,10 +47,8 @@ public class NamespaceAuthenticationManagerTests { @Test public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception { this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire(); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull())); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull())); // no exception due to username being cleared out @@ -59,10 +57,8 @@ public class NamespaceAuthenticationManagerTests { @Test public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(EraseCredentialsFalseConfig.class).autowire(); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); // no exception due to username being cleared out @@ -72,7 +68,6 @@ public class NamespaceAuthenticationManagerTests { // SEC-2533 public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire(); - this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers .authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java index 61d1e1e660..f29882cea9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java @@ -49,7 +49,6 @@ public class NamespaceAuthenticationProviderTests { // authentication-provider@ref public void authenticationProviderRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } @@ -57,7 +56,6 @@ public class NamespaceAuthenticationProviderTests { // authentication-provider@user-service-ref public void authenticationProviderUserServiceRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java index e8a4d77abe..58556a7463 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java @@ -53,14 +53,12 @@ public class NamespaceJdbcUserServiceTests { @Test public void jdbcUserService() throws Exception { this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } @Test public void jdbcUserServiceCustom() throws Exception { this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER")); } @@ -118,7 +116,6 @@ public class NamespaceJdbcUserServiceTests { // jdbc-user-service@role-prefix .rolePrefix("ROLE_"); // @formatter:on - } static class CustomUserCache implements UserCache { diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java index 1068e37d13..91759cd703 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java @@ -52,21 +52,18 @@ public class NamespacePasswordEncoderTests { @Test public void passwordEncoderRefWithInMemory() throws Exception { this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @Test public void passwordEncoderRefWithJdbc() throws Exception { this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @Test public void passwordEncoderRefWithUserDetailsService() throws Exception { this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @@ -91,7 +88,6 @@ public class NamespacePasswordEncoderTests { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); // @formatter:off auth diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java index 086f7cbc00..456efd48f6 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java @@ -51,7 +51,6 @@ public class PasswordEncoderConfigurerTests { @Test public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception { this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java index 3194b6cff7..3c6ec39bf5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java @@ -48,7 +48,6 @@ public class AuthenticationConfigurationPublishTests { @Test public void authenticationEventPublisherBeanUsedByDefault() { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(this.listener.getEvents()).hasSize(1); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java index e02f237cd8..9c5c153200 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java @@ -88,7 +88,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableGlobalMethodSecurity() { this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -98,7 +97,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableWebSecurity() { this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -108,7 +106,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableWebMvcSecurity() { this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -117,7 +114,6 @@ public class AuthenticationConfigurationTests { @Test public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) .isNull(); } @@ -126,7 +122,6 @@ public class AuthenticationConfigurationTests { public void getAuthenticationManagerWhenNoOpGlobalAuthenticationConfigurerAdapterThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, NoOpGlobalAuthenticationConfigurerAdapter.class).autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) .isNull(); } @@ -136,10 +131,8 @@ public class AuthenticationConfigurationTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, UserGlobalAuthenticationConfigurerAdapter.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @@ -148,11 +141,9 @@ public class AuthenticationConfigurationTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, AuthenticationManagerBeanConfig.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); given(authentication.authenticate(token)).willReturn(TestAuthentication.authenticatedUser()); - assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @@ -173,13 +164,10 @@ public class AuthenticationConfigurationTests { config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(), new BootGlobalAuthenticationConfigurerAdapter())); AuthenticationManager authenticationManager = config.getAuthenticationManager(); - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy( () -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"))) .isInstanceOf(AuthenticationException.class); - } @Test @@ -188,7 +176,6 @@ public class AuthenticationConfigurationTests { AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter())); AuthenticationManager authenticationManager = config.getAuthenticationManager(); - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")); } @@ -198,17 +185,14 @@ public class AuthenticationConfigurationTests { this.spring.register(Sec2531Config.class).autowire(); ObjectPostProcessor opp = this.spring.getContext().getBean(ObjectPostProcessor.class); given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0)); - AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.getAuthenticationManager(); - verify(opp).postProcess(any(ProxyFactoryBean.class)); } @Test public void getAuthenticationManagerWhenSec2822ThenCannotForceAuthenticationAlreadyBuilt() throws Exception { this.spring.register(Sec2822WebSecurity.class, Sec2822UseAuth.class, Sec2822Config.class).autowire(); - this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); // no exception } @@ -222,9 +206,7 @@ public class AuthenticationConfigurationTests { AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid"))) .isInstanceOf(AuthenticationException.class); } @@ -239,9 +221,7 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid"))) .isInstanceOf(AuthenticationException.class); } @@ -257,9 +237,7 @@ public class AuthenticationConfigurationTests { given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); given(manager.updatePassword(any(), any())).willReturn(user); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - verify(manager).updatePassword(eq(user), startsWith("{bcrypt}")); } @@ -272,7 +250,6 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -285,7 +262,6 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -314,9 +290,7 @@ public class AuthenticationConfigurationTests { throws Exception { this.spring.register(AuthenticationConfigurationSubclass.class).autowire(); AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class); - this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); - assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class); } @@ -447,15 +421,11 @@ public class AuthenticationConfigurationTests { if (auth.isConfigured()) { return; } - UserDetails user = User.withUserDetails(PasswordEncodedUser.user()).username("boot").build(); - List users = Arrays.asList(user); InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager(users); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setUserDetailsService(inMemory); - auth.authenticationProvider(provider); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java index 4f6d9e735f..8a5e0db601 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java @@ -40,29 +40,23 @@ public class EnableGlobalAuthenticationTests { @Test public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception { this.spring.register(Config.class).autowire(); - AuthenticationConfiguration auth = this.spring.getContext().getBean(AuthenticationConfiguration.class); - assertThat(auth.getAuthenticationManager()).isNotNull(); } @Test public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java index fcadd1ec3d..40e9f8e149 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java @@ -40,7 +40,6 @@ public class LdapAuthenticationProviderConfigurerTests { assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(SimpleAuthorityMapper.class); this.configurer.authoritiesMapper(new NullAuthoritiesMapper()); assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class); - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java index a6e2e698c7..67a8747c78 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java @@ -46,7 +46,6 @@ public class UserDetailsManagerConfigurerTests { UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").roles("USER").disabled(true) .accountExpired(true).accountLocked(true).credentialsExpired(true).build(); - assertThat(userDetails.getUsername()).isEqualTo("user"); assertThat(userDetails.getPassword()).isEqualTo("password"); assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo("ROLE_USER"); @@ -59,31 +58,25 @@ public class UserDetailsManagerConfigurerTests { @Test public void authoritiesWithGrantedAuthorityWorks() { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(authority).build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority); } @Test public void authoritiesWithStringAuthorityWorks() { String authority = "ROLE_USER"; - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(authority).build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority); } @Test public void authoritiesWithAListOfGrantedAuthorityWorks() { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority)) .build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java index 78d24959c0..c0efa4c5e7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java @@ -54,7 +54,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenApplicationContextAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ApplicationContextAware toPostProcess = mock(ApplicationContextAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setApplicationContext(isNotNull()); @@ -63,17 +62,14 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenApplicationEventPublisherAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ApplicationEventPublisherAware toPostProcess = mock(ApplicationEventPublisherAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setApplicationEventPublisher(isNotNull()); - } @Test public void postProcessWhenBeanClassLoaderAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - BeanClassLoaderAware toPostProcess = mock(BeanClassLoaderAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setBeanClassLoader(isNotNull()); @@ -82,7 +78,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenBeanFactoryAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - BeanFactoryAware toPostProcess = mock(BeanFactoryAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setBeanFactory(isNotNull()); @@ -91,7 +86,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenEnvironmentAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - EnvironmentAware toPostProcess = mock(EnvironmentAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setEnvironment(isNotNull()); @@ -100,7 +94,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenMessageSourceAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - MessageSourceAware toPostProcess = mock(MessageSourceAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setMessageSource(isNotNull()); @@ -109,7 +102,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenServletContextAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ServletContextAware toPostProcess = mock(ServletContextAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setServletContext(isNotNull()); @@ -118,21 +110,16 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenDisposableBeanThenAwareInvoked() throws Exception { this.spring.register(Config.class).autowire(); - DisposableBean toPostProcess = mock(DisposableBean.class); this.objectObjectPostProcessor.postProcess(toPostProcess); - this.spring.getContext().close(); - verify(toPostProcess).destroy(); } @Test public void postProcessWhenSmartInitializingSingletonThenAwareInvoked() { this.spring.register(Config.class, SmartConfig.class).autowire(); - SmartConfig config = this.spring.getContext().getBean(SmartConfig.class); - verify(config.toTest).afterSingletonsInstantiated(); } @@ -140,9 +127,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests { // SEC-2382 public void autowireBeanFactoryWhenBeanNameAutoProxyCreatorThenWorks() { this.spring.testConfigLocations("AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml").autowire(); - MyAdvisedBean bean = this.spring.getContext().getBean(MyAdvisedBean.class); - assertThat(bean.doStuff()).isEqualTo("null"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java index fa946076f7..47535d1ce5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java +++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java @@ -52,12 +52,10 @@ public class ApplicationConfig { vendorAdapter.setDatabase(Database.HSQL); vendorAdapter.setGenerateDdl(true); vendorAdapter.setShowSql(true); - LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean(); factory.setJpaVendorAdapter(vendorAdapter); factory.setPackagesToScan(User.class.getPackage().getName()); factory.setDataSource(dataSource()); - return factory; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java index 751199fb55..44e6e6a0d3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java @@ -81,23 +81,19 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.monoFindById(1L)).willReturn(Mono.from(this.result)); - this.delegate.monoFindById(1L); - this.result.assertNoSubscribers(); } @Test public void monoWhenPermitAllThenSuccess() { given(this.delegate.monoFindById(1L)).willReturn(Mono.just("success")); - StepVerifier.create(this.delegate.monoFindById(1L)).expectNext("success").verifyComplete(); } @Test public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); @@ -106,28 +102,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -135,7 +126,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -143,27 +133,22 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeFindById(1L)).willReturn(Mono.just("user")); - Mono findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -171,7 +156,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -179,7 +163,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("user")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -187,7 +170,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("anonymous")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -195,33 +177,27 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } // Flux tests - @Test public void fluxWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.fluxFindById(1L)).willReturn(Flux.from(this.result)); - this.delegate.fluxFindById(1L); - this.result.assertNoSubscribers(); } @Test public void fluxWhenPermitAllThenSuccess() { given(this.delegate.fluxFindById(1L)).willReturn(Flux.just("success")); - StepVerifier.create(this.delegate.fluxFindById(1L)).expectNext("success").verifyComplete(); } @Test public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result")) @@ -231,28 +207,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -260,7 +231,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -268,27 +238,22 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeFindById(1L)).willReturn(Flux.just("user")); - Flux findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -296,7 +261,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -304,7 +268,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("user")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -312,7 +275,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("anonymous")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -320,33 +282,27 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } // Publisher tests - @Test public void publisherWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.publisherFindById(1L)).willReturn(this.result); - this.delegate.publisherFindById(1L); - this.result.assertNoSubscribers(); } @Test public void publisherWhenPermitAllThenSuccess() { given(this.delegate.publisherFindById(1L)).willReturn(publisherJust("success")); - StepVerifier.create(this.delegate.publisherFindById(1L)).expectNext("success").verifyComplete(); } @Test public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result")); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result")) @@ -356,28 +312,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); - Publisher findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L)) .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); @@ -386,7 +337,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); - Publisher findById = this.messageService.publisherPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -394,28 +344,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); - Publisher findById = this.messageService.publisherPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); @@ -424,7 +369,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); @@ -433,7 +377,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); @@ -442,7 +385,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("anonymous")); - Publisher findById = this.messageService.publisherPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -450,7 +392,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java index d5a8b8ef35..713839542b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java @@ -110,13 +110,11 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void methodSecurityAuthenticationManagerPublishesEvent() { this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire(); - try { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar")); } catch (AuthenticationException ex) { } - assertThat(this.events.getEvents()).extracting(Object::getClass) .containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class); } @@ -125,14 +123,10 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void methodSecurityWhenAuthenticationTrustResolverIsBeanThenAutowires() { this.spring.register(CustomTrustResolverConfig.class).autowire(); - AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class); given(trustResolver.isAnonymous(any())).willReturn(true, false); - assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeNotAnonymous(); - verify(trustResolver, atLeastOnce()).isAnonymous(any()); } @@ -142,9 +136,7 @@ public class GlobalMethodSecurityConfigurationTests { public void defaultWebSecurityExpressionHandlerHasBeanResolverSet() { this.spring.register(ExpressionHandlerHasBeanResolverSetConfig.class).autowire(); Authz authz = this.spring.getContext().getBean(Authz.class); - assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeBean(true); } @@ -152,9 +144,7 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.postAnnotation("deny")).isInstanceOf(AccessDeniedException.class); - this.service.postAnnotation("grant"); // no exception } @@ -165,17 +155,14 @@ public class GlobalMethodSecurityConfigurationTests { this.spring.register(AutowirePermissionEvaluatorConfig.class).autowire(); PermissionEvaluator permission = this.spring.getContext().getBean(PermissionEvaluator.class); given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false); - this.service.hasPermission("something"); // no exception - assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class); } @Test public void multiPermissionEvaluatorConfig() { this.spring.register(MultiPermissionEvaluatorConfig.class).autowire(); - // no exception } @@ -184,7 +171,6 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void enableGlobalMethodSecurityWorksOnSuperclass() { this.spring.register(ChildConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -200,7 +186,6 @@ public class GlobalMethodSecurityConfigurationTests { child.register(Sec2479ChildConfig.class); child.refresh(); this.spring.context(child).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } } @@ -209,9 +194,7 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void enableGlobalMethodSecurityDoesNotTriggerEagerInitializationOfBeansInGlobalAuthenticationConfigurer() { this.spring.register(Sec2815Config.class).autowire(); - MockBeanPostProcessor pp = this.spring.getContext().getBean(MockBeanPostProcessor.class); - assertThat(pp.beforeInit).containsKeys("dataSource"); assertThat(pp.afterInit).containsKeys("dataSource"); } @@ -220,9 +203,9 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void globalSecurityProxiesSecurity() { this.spring.register(Sec3005Config.class).autowire(); - assertThat(this.service.getClass()).matches((c) -> !Proxy.isProxyClass(c), "is not proxy class"); } + // // // gh-3797 // def preAuthorizeBeanSpel() { @@ -241,14 +224,11 @@ public class GlobalMethodSecurityConfigurationTests { // thrown(AccessDeniedException) // } // - @Test @WithMockUser public void preAuthorizeBeanSpel() { this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeBean(true); } @@ -257,7 +237,6 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void roleHierarchy() { this.spring.register(RoleHierarchyConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); this.service.preAuthorizeAdmin(); } @@ -266,12 +245,9 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser(authorities = "ROLE:USER") public void grantedAuthorityDefaultsAutowires() { this.spring.register(CustomGrantedAuthorityConfig.class).autowire(); - CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() .getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - customService.customPrefixRoleUser(); // no exception } @@ -280,12 +256,9 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser(authorities = "USER") public void grantedAuthorityDefaultsWithEmptyRolePrefix() { this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire(); - EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() .getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class); - assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class); - customService.emptyPrefixRoleUser(); // no exception } @@ -297,7 +270,6 @@ public class GlobalMethodSecurityConfigurationTests { .getBean(MethodInterceptor.class); MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext() .getBean(MethodSecurityMetadataSource.class); - assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java index 3c0532b3f3..90d0d45f08 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java @@ -54,9 +54,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @WithMockUser public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPreAuthorizesAccordingly() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.hasPermission("granted")).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.hasPermission("denied")).isInstanceOf(AccessDeniedException.class); } @@ -64,9 +62,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @WithMockUser public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPostAuthorizesAccordingly() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.postHasPermission("granted")).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.postHasPermission("denied")).isInstanceOf(AccessDeniedException.class); } @@ -76,7 +72,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @Override protected MethodSecurityExpressionHandler createExpressionHandler() { DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); - expressionHandler.setPermissionEvaluator(new PermissionEvaluator() { @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, @@ -90,7 +85,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { throw new UnsupportedOperationException(); } }); - return expressionHandler; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java index 5266e15d28..e61d475da5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java @@ -78,18 +78,14 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - } @Test @WithMockUser public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() { this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class); } @@ -97,7 +93,6 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() { this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class); } @@ -105,15 +100,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenJsr250EnabledThenAuthorizes() { this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); - assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException(); - } @Test @@ -121,11 +111,8 @@ public class NamespaceGlobalMethodSecurityTests { public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() { this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class) .autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); } @@ -133,12 +120,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception { this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); - // TODO diagnose why aspectj isn't weaving method security advice around // MethodSecurityServiceImpl } @@ -146,24 +131,19 @@ public class NamespaceGlobalMethodSecurityTests { @Test public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire() throws Exception { - this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); - } @Test @WithMockUser public void methodSecurityWhenOrderSpecifiedThenConfigured() { this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(-135); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); } @@ -171,10 +151,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class); } @@ -183,10 +161,8 @@ public class NamespaceGlobalMethodSecurityTests { public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class) .autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class); } @@ -194,11 +170,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() { this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -206,11 +179,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() { this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -218,10 +188,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenProxyTargetClassThenDoesNotWireToInterface() { this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire(); - // make sure service was actually proxied assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -229,9 +197,7 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenDefaultProxyThenWiresToInterface() { this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -239,7 +205,6 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() { this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.service.runAs().getAuthorities()) .anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority())); } @@ -248,13 +213,9 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenSecuredEnabledThenSecures() { this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); } @@ -269,11 +230,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() { this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -320,7 +278,6 @@ public class NamespaceGlobalMethodSecurityTests { @Override public Object decide(Authentication authentication, Object object, Collection attributes, Object returnedObject) throws AccessDeniedException { - throw new AccessDeniedException("custom AfterInvocationManager"); } @@ -403,7 +360,6 @@ public class NamespaceGlobalMethodSecurityTests { BeanDefinitionRegistry registry) { BeanDefinitionBuilder advice = BeanDefinitionBuilder.rootBeanDefinition(ExceptingInterceptor.class); registry.registerBeanDefinition("exceptingInterceptor", advice.getBeanDefinition()); - BeanDefinitionBuilder advisor = BeanDefinitionBuilder .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java index 961e0e3bf1..f4c7d66b2f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java @@ -46,15 +46,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException { this.spring.register(WithRolePrefixConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "CUSTOM_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isFalse(); assertThat(root.hasRole("ROLE_CUSTOM_ABC")).isFalse(); assertThat(root.hasRole("CUSTOM_ABC")).isTrue(); @@ -64,15 +61,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithDefaultConfig() throws NoSuchMethodException { this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isTrue(); assertThat(root.hasRole("ABC")).isTrue(); } @@ -80,15 +74,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException { this.spring.register(SubclassConfig.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isTrue(); assertThat(root.hasRole("ABC")).isTrue(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java index 91ad7a5c96..4984b241eb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java @@ -60,19 +60,15 @@ public class SampleEnableGlobalMethodSecurityTests { @Test public void preAuthorize() { this.spring.register(SampleWebSecurityConfig.class).autowire(); - assertThat(this.methodSecurityService.secured()).isNull(); assertThat(this.methodSecurityService.jsr250()).isNull(); - assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @Test public void customPermissionHandler() { this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire(); - assertThat(this.methodSecurityService.hasPermission("allowed")).isNull(); - assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied")) .isInstanceOf(AccessDeniedException.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java index 80472bb588..bbca9375c7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java @@ -68,20 +68,15 @@ public class Sec2758Tests { @WithMockUser(authorities = "CUSTOM") @Test public void requestWhenNullifyingRolePrefixThenPassivityRestored() throws Exception { - this.spring.register(SecurityConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @WithMockUser(authorities = "CUSTOM") @Test public void methodSecurityWhenNullifyingRolePrefixThenPassivityRestored() { - this.spring.register(SecurityConfig.class).autowire(); - assertThatCode(() -> this.service.doJsr250()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.doPreAuthorize()).doesNotThrowAnyException(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java index bf6cbe1e3e..98232d5a6d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java @@ -77,7 +77,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .antMatchers("/demo/**").permitAll(); // @formatter:on - } } @@ -93,7 +92,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .mvcMatchers("/demo/**").permitAll(); // @formatter:on - } } @@ -109,7 +107,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .regexMatchers(".*").permitAll(); // @formatter:on - } } @@ -125,7 +122,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .anyRequest().permitAll(); // @formatter:on - } } @@ -141,7 +137,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .requestMatchers(new AntPathRequestMatcher("/**")).permitAll(); // @formatter:on - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java index 53aff06eec..8250a819ad 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java @@ -69,7 +69,6 @@ public class SampleWebSecurityConfigurerAdapterTests { this.request = new MockHttpServletRequest("GET", ""); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response); this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); @@ -78,136 +77,112 @@ public class SampleWebSecurityConfigurerAdapterTests { @Test public void helloWorldSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.addHeader("Accept", "text/html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void helloWorldSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addHeader("Accept", "text/html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void helloWorldSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addHeader("Accept", "text/html"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void readmeSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void multiHttpSampleWhenRequestProtectedResourceThenStatusUnauthorized() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void multiHttpSampleWhenRequestAdminResourceWithRegularUserThenStatusForbidden() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:password".getBytes())); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @Test public void multiHttpSampleWhenRequestAdminResourceWithAdminUserThenStatusOk() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes())); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java index 7a46bdddcb..cccc804823 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java @@ -84,9 +84,7 @@ public class WebSecurityConfigurerAdapterPowermockTests { PowerMockito .when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) .thenReturn(Arrays.asList(configurer)); - loadConfig(Config.class); - assertThat(configurer.init).isTrue(); assertThat(configurer.configure).isTrue(); } @@ -94,21 +92,16 @@ public class WebSecurityConfigurerAdapterPowermockTests { @Test public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception { this.spring.register(WebAsyncPopulatedByDefaultConfig.class).autowire(); - WebAsyncManager webAsyncManager = mock(WebAsyncManager.class); - this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager)); - ArgumentCaptor callableProcessingInterceptorArgCaptor = ArgumentCaptor .forClass(CallableProcessingInterceptor.class); verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(), callableProcessingInterceptorArgCaptor.capture()); - CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor .getAllValues().stream() .filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass())) .findFirst().orElse(null); - assertThat(callableProcessingInterceptor).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java index 8c0d1914f5..68b3b22b1e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java @@ -84,7 +84,6 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenRequestSecureThenDefaultSecurityHeadersReturned() throws Exception { this.spring.register(HeadersArePopulatedByDefaultConfig.class).autowire(); - this.mockMvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff")) .andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) @@ -96,9 +95,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception { this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty(); assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1); } @@ -106,9 +103,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureProtectedConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); } @@ -116,9 +111,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureGlobalConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); } @@ -128,10 +121,8 @@ public class WebSecurityConfigurerAdapterTests { OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock( ContentNegotiationStrategy.class); this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire(); - OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext() .getBean(OverrideContentNegotiationStrategySharedObjectConfig.class); - assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) .isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN); @@ -140,10 +131,8 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() { this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire(); - ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext() .getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class); - assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) .isInstanceOf(HeaderContentNegotiationStrategy.class); @@ -152,9 +141,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() { this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire(); - MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class); - assertThatCode(() -> myFilter.userDetailsService.loadUserByUsername("user")).doesNotThrowAnyException(); assertThatExceptionOfType(UsernameNotFoundException.class) .isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin")); @@ -164,10 +151,8 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() { this.spring.register(ApplicationContextSharedObjectConfig.class).autowire(); - ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext() .getBean(ApplicationContextSharedObjectConfig.class); - assertThat(securityConfig.applicationContextSharedObject).isNotNull(); assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext()); } @@ -176,9 +161,7 @@ public class WebSecurityConfigurerAdapterTests { public void loadConfigWhenCustomAuthenticationTrustResolverBeanThenOverridesDefault() { CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class); this.spring.register(CustomTrustResolverConfig.class).autowire(); - CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class); - assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull(); assertThat(securityConfig.authenticationTrustResolverSharedObject) .isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN); @@ -195,12 +178,9 @@ public class WebSecurityConfigurerAdapterTests { @Test public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire(); - AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext() .getBean(AuthenticationEventPublisher.class); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); - verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class)); } @@ -208,14 +188,11 @@ public class WebSecurityConfigurerAdapterTests { @Test public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire(); - AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER; - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since // no // providers // configured - verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class), any(Authentication.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java index 404fcc566e..5fa3a802fa 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java @@ -74,9 +74,7 @@ public class HttpConfigurationTests { public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception { CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter()); this.spring.register(CasAuthenticationFilterConfig.class).autowire(); - this.mockMvc.perform(get("/")); - verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class)); } @@ -84,7 +82,6 @@ public class HttpConfigurationTests { @Test public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception { this.spring.register(RequestMatcherRegistryConfigs.class).autowire(); - this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java index 3ae4b97201..4dbdf6dd1b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java @@ -93,11 +93,8 @@ public class NamespaceHttpTests { given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).willReturn(true); given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class))) .willReturn(true); - this.spring.register(AccessDecisionManagerRefConfig.class).autowire(); - this.mockMvc.perform(get("/")); - verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class), any(), anyCollection()); } @@ -105,7 +102,6 @@ public class NamespaceHttpTests { @Test // http@access-denied-page public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception { this.spring.register(AccessDeniedPageConfig.class).autowire(); - this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden()) .andExpect(forwardedUrl("/AccessDeniedPage")); } @@ -114,19 +110,15 @@ public class NamespaceHttpTests { public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception { AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(AuthenticationManagerRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()); - verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class)); } @Test // http@create-session=always public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception { this.spring.register(CreateSessionAlwaysConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNotNull(); assertThat(session.isNew()).isTrue(); } @@ -134,25 +126,19 @@ public class NamespaceHttpTests { @Test // http@create-session=stateless public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception { this.spring.register(CreateSessionStatelessConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @Test // http@create-session=ifRequired public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception { this.spring.register(IfRequiredConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); - mvcResult = this.mockMvc.perform(formLogin()).andReturn(); session = mvcResult.getRequest().getSession(false); - assertThat(session).isNotNull(); assertThat(session.isNew()).isTrue(); } @@ -160,10 +146,8 @@ public class NamespaceHttpTests { @Test // http@create-session=never public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception { this.spring.register(CreateSessionNeverConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -171,7 +155,6 @@ public class NamespaceHttpTests { public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint() throws Exception { this.spring.register(EntryPointRefConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrlPattern("**/entry-point")); } @@ -180,22 +163,17 @@ public class NamespaceHttpTests { public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception { LoginContext loginContext = mock(LoginContext.class); given(loginContext.getSubject()).willReturn(new Subject()); - JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class); given(authenticationToken.isAuthenticated()).willReturn(true); given(authenticationToken.getLoginContext()).willReturn(loginContext); - this.spring.register(JaasApiProvisionConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(authenticationToken))); - verify(loginContext, times(1)).getSubject(); } @Test // http@realm public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception { this.spring.register(RealmConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\"")); } @@ -203,9 +181,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref ant public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() { this.spring.register(RequestMatcherAntConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -215,9 +191,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref regex public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() { this.spring.register(RequestMatcherRegexConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -227,9 +201,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() { this.spring.register(RequestMatcherRefConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -240,9 +212,7 @@ public class NamespaceHttpTests { @Test // http@security=none public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() { this.spring.register(SecurityNoneConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -250,7 +220,6 @@ public class NamespaceHttpTests { assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()) .isEqualTo("/resources/**"); assertThat(securityFilterChain.getFilters()).isEmpty(); - assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class); securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class); @@ -262,7 +231,6 @@ public class NamespaceHttpTests { @Test // http@security-context-repository-ref public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextRepoConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); @@ -271,9 +239,7 @@ public class NamespaceHttpTests { @Test // http@servlet-api-provision=false public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception { this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire(); - this.mockMvc.perform(get("/")); - assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE) .isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class); } @@ -281,9 +247,7 @@ public class NamespaceHttpTests { @Test // http@servlet-api-provision defaults to true public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception { this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire(); - this.mockMvc.perform(get("/")); - assertThat(SecurityContextHolderAwareRequestWrapper.class) .isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE); } @@ -291,9 +255,7 @@ public class NamespaceHttpTests { @Test // http@use-expressions=true public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() { this.spring.register(UseExpressionsConfig.class).autowire(); - UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class); - assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class) .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } @@ -301,9 +263,7 @@ public class NamespaceHttpTests { @Test // http@use-expressions=false public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() { this.spring.register(DisableUseExpressionsConfig.class).autowire(); - DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class); - assertThat(DefaultFilterInvocationSecurityMetadataSource.class) .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java index 25b5785f18..8e58db3ec9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java @@ -75,66 +75,44 @@ public class WebSecurityTests { @Test public void ignoringMvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/other"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void ignoringMvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @@ -143,7 +121,6 @@ public class WebSecurityTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java index 8d5e1d5ca0..f66ab12ebd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java @@ -67,9 +67,7 @@ public class AuthenticationPrincipalArgumentResolverTests { context.setAuthentication( new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities())); SecurityContextHolder.setContext(context); - MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user")); } @@ -84,12 +82,10 @@ public class AuthenticationPrincipalArgumentResolverTests { .inMemoryAuthentication(); // @formatter:off } - @Bean public UsernameExtractor usernameExtractor() { return new UsernameExtractor(); } - @RestController static class UserController { @GetMapping("/users/self") @@ -98,7 +94,6 @@ public class AuthenticationPrincipalArgumentResolverTests { } } } - static class UsernameExtractor { public String extract(User u) { return "extracted-" + u.getUsername(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java index 15594e6498..96b058bd50 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -57,7 +57,6 @@ public class EnableWebSecurityTests { @Test public void configureWhenOverrideAuthenticationManagerBeanThenAuthenticationManagerBeanRegistered() { this.spring.register(SecurityConfig.class).autowire(); - AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class); Authentication authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken("user", "password")); @@ -73,7 +72,6 @@ public class EnableWebSecurityTests { @Test public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); } @@ -81,7 +79,6 @@ public class EnableWebSecurityTests { @Test public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); } @@ -89,20 +86,16 @@ public class EnableWebSecurityTests { @Test public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java index 732eebe133..12818336b9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java @@ -81,7 +81,6 @@ public class HttpSecurityConfigurationTests { @Test public void getWhenDefaultFilterChainBeanThenDefaultHeadersInResponse() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, @@ -100,48 +99,39 @@ public class HttpSecurityConfigurationTests { @Test public void logoutWhenDefaultFilterChainBeanThenCreatesDefaultLogoutEndpoint() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class).autowire(); - this.mockMvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/login?logout")); } @Test public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class, NameController.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob"))).andExpect(request().asyncStarted()) .andReturn(); - this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob")); } @Test public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception { this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); } @Test public void authenticateWhenDefaultFilterChainBeanThenSessionIdChanges() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mockMvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void authenticateWhenDefaultFilterChainBeanThenRedirectsToSavedRequest() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages")).andReturn().getRequest() .getSession(); - this.mockMvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andExpect(redirectedUrl("http://localhost/messages")); @@ -150,7 +140,6 @@ public class HttpSecurityConfigurationTests { @Test public void authenticateWhenDefaultFilterChainBeanThenRolePrefixIsSet() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, UserController.class).autowire(); - this.mockMvc .perform(get("/user") .with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")))) @@ -160,7 +149,6 @@ public class HttpSecurityConfigurationTests { @Test public void loginWhenUsingDefaultsThenDefaultLoginPageGenerated() throws Exception { this.spring.register(SecurityEnabledConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java index bd872e58e4..815317885a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java @@ -77,29 +77,23 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId(clientRegistrationId).build(); given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId))) .willReturn(clientRegistration); - OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class); given(authorizedClient.getClientRegistration()).willReturn(clientRegistration); given(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication), any(HttpServletRequest.class))).willReturn(authorizedClient); - OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class); given(authorizedClient.getAccessToken()).willReturn(accessToken); - OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); - OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient; this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) @@ -113,25 +107,20 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() .registrationId(clientRegistrationId).build(); given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build(); given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class))) .willReturn(accessTokenResponse); - OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient; this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) @@ -177,28 +166,22 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId(clientRegistrationId).build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName, TestOAuth2AccessTokens.noScopes()); - given(authorizedClientManager.authorize(any())).willReturn(authorizedClient); - OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager; this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("resolved")); - verify(authorizedClientManager).authorize(any()); verifyNoInteractions(clientRegistrationRepository); verifyNoInteractions(authorizedClientRepository); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java index 37542b9fbb..77ee64ea66 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java @@ -60,7 +60,6 @@ public class Sec2515Tests { .getContext(); context.setClassLoader(new URLClassLoader(new URL[0], context.getClassLoader())); this.spring.autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationManager.class)).isNotNull(); } // SEC-2515 diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java index a870dbc6e9..9f63464d12 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java @@ -63,7 +63,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { public void requestWhenUsingFilterThenBearerTokenPropagated() throws Exception { BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer(); this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire(); - this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("Bearer token")); } @@ -73,7 +72,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { public void requestWhenNotUsingFilterThenBearerTokenNotPropagated() throws Exception { BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer(); this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire(); - this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("")); } @@ -155,7 +153,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { String header = request.getHeader("Authorization"); if (StringUtils.isBlank(header)) { return response; - } return response.setBody(header); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java index f4e09b2fe6..60e719b57a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java @@ -106,10 +106,8 @@ public class SecurityReactorContextConfigurationTests { RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - String testKey = "test_key"; String testValue = "test_value"; - BaseSubscriber parent = new BaseSubscriber() { @Override public Context currentContext() { @@ -117,9 +115,7 @@ public class SecurityReactorContextConfigurationTests { } }; CoreSubscriber subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent); - Context resultContext = subscriber.currentContext(); - assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue); Map securityContextAttributes = resultContext .getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null); @@ -134,7 +130,6 @@ public class SecurityReactorContextConfigurationTests { RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - Context parentContext = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>()); BaseSubscriber parent = new BaseSubscriber() { @@ -144,7 +139,6 @@ public class SecurityReactorContextConfigurationTests { } }; CoreSubscriber subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent); - Context resultContext = subscriber.currentContext(); assertThat(resultContext).isSameAs(parentContext); } @@ -189,7 +183,6 @@ public class SecurityReactorContextConfigurationTests { return null; } }); - CoreSubscriber subscriber = this.subscriberRegistrar .createSubscriberIfNecessary(Operators.emptySubscriber()); assertThat(subscriber).isInstanceOf(SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.class); @@ -200,14 +193,11 @@ public class SecurityReactorContextConfigurationTests { // Trigger the importing of SecurityReactorContextConfiguration via // OAuth2ImportSelector this.spring.register(SecurityConfig.class).autowire(); - // Setup for SecurityReactorContextSubscriberRegistrar RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build(); - ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext() .filter((ctx) -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)) .map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class) @@ -221,18 +211,14 @@ public class SecurityReactorContextConfigurationTests { return ClientResponse.create(HttpStatus.NOT_FOUND).build(); } }); - ClientRequest clientRequest = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); MockExchangeFunction exchange = new MockExchangeFunction(); - Map expectedContextAttributes = new HashMap<>(); expectedContextAttributes.put(HttpServletRequest.class, this.servletRequest); expectedContextAttributes.put(HttpServletResponse.class, this.servletResponse); expectedContextAttributes.put(Authentication.class, this.authentication); - Mono clientResponseMono = filter.filter(clientRequest, exchange) .flatMap((response) -> filter.filter(clientRequest, exchange)); - StepVerifier.create(clientResponseMono).expectAccessibleContext() .contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes) .then().expectNext(clientResponseOk).verifyComplete(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java index d3e2f8cce2..09d5c6d44b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java @@ -94,7 +94,6 @@ public class WebMvcSecurityConfigurationTests { public void csrfToken() throws Exception { CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token"); MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken); - this.mockMvc.perform(request).andExpect(assertResult(csrfToken)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java index 534425c175..5950691cc5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java @@ -89,30 +89,22 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebSecurityConfigurersHaveOrderThenFilterChainsOrdered() { this.spring.register(SortedWebSecurityConfigurerAdaptersConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); assertThat(filterChains).hasSize(6); - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); - request.setServletPath("/ignore1"); assertThat(filterChains.get(0).matches(request)).isTrue(); assertThat(filterChains.get(0).getFilters()).isEmpty(); - request.setServletPath("/ignore2"); assertThat(filterChains.get(1).matches(request)).isTrue(); assertThat(filterChains.get(1).getFilters()).isEmpty(); - request.setServletPath("/role1/**"); assertThat(filterChains.get(2).matches(request)).isTrue(); - request.setServletPath("/role2/**"); assertThat(filterChains.get(3).matches(request)).isTrue(); - request.setServletPath("/role3/**"); assertThat(filterChains.get(4).matches(request)).isTrue(); - request.setServletPath("/**"); assertThat(filterChains.get(5).matches(request)).isTrue(); } @@ -120,22 +112,16 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() { this.spring.register(SortedSecurityFilterChainConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); assertThat(filterChains).hasSize(4); - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); - request.setServletPath("/role1/**"); assertThat(filterChains.get(0).matches(request)).isTrue(); - request.setServletPath("/role2/**"); assertThat(filterChains.get(1).matches(request)).isTrue(); - request.setServletPath("/role3/**"); assertThat(filterChains.get(2).matches(request)).isTrue(); - request.setServletPath("/**"); assertThat(filterChains.get(3).matches(request)).isTrue(); } @@ -143,7 +129,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() { Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class) .hasMessageContaining("@Order on WebSecurityConfigurers must be unique") .hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName()) @@ -153,9 +138,7 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebInvocationPrivilegeEvaluatorSetThenIsRegistered() { PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class); - this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) .isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR); } @@ -165,9 +148,7 @@ public class WebSecurityConfigurationTests { WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class); given(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser()) .willReturn(mock(ExpressionParser.class)); - this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) .isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER); } @@ -176,7 +157,6 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() { Throwable thrown = catchThrowable( () -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class); assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class); } @@ -184,7 +164,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() { this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) .isInstanceOf(DefaultWebSecurityExpressionHandler.class); } @@ -195,7 +174,6 @@ public class WebSecurityConfigurationTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused", "ROLE_ADMIN"); FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); - AbstractSecurityExpressionHandler handler = this.spring.getContext() .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); @@ -210,7 +188,6 @@ public class WebSecurityConfigurationTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused"); FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); - AbstractSecurityExpressionHandler handler = this.spring.getContext() .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); @@ -222,7 +199,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenDefaultIsRegistered() { this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) .isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class); } @@ -239,7 +215,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultSecurityExpressionHandlerThenBeanResolverSet() throws Exception { this.spring.register(DefaultExpressionHandlerSetsBeanResolverConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); this.mockMvc.perform(post("/")).andExpect(status().isForbidden()); } @@ -248,14 +223,11 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() { this.spring.register(ParentConfig.class).autowire(); - this.child.register(ChildConfig.class); this.child.getContext().setParent(this.spring.getContext()); this.child.autowire(); - assertThat(this.spring.getContext().getBean("springSecurityFilterChain")).isNotNull(); assertThat(this.child.getContext().getBean("springSecurityFilterChain")).isNotNull(); - assertThat(this.spring.getContext().containsBean("springSecurityFilterChain")).isTrue(); assertThat(this.child.getContext().containsBean("springSecurityFilterChain")).isTrue(); } @@ -271,17 +243,14 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() { this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class) .autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); - assertThat(filterChains).hasSize(4); } @Test public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() { Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class) .hasRootCauseExactlyInstanceOf(IllegalStateException.class) .hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain."); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java index 57a1ca74f1..729c041d08 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java @@ -39,10 +39,8 @@ public class Sec2377Tests { @Test public void refreshContextWhenParentAndChildRegisteredThenNoException() { this.parent.register(Sec2377AConfig.class).autowire(); - ConfigurableApplicationContext context = this.child.register(Sec2377BConfig.class).getContext(); context.setParent(this.parent.getContext()); - this.child.autowire(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java index c585d27f40..39a50575ff 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java @@ -41,7 +41,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testGetRequestMatcherIsTypeRegexMatcher() { List requestMatchers = this.registry.regexMatchers(HttpMethod.GET, "/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class); } @@ -50,7 +49,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testRequestMatcherIsTypeRegexMatcher() { List requestMatchers = this.registry.regexMatchers("/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class); } @@ -59,7 +57,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testGetRequestMatcherIsTypeAntPathRequestMatcher() { List requestMatchers = this.registry.antMatchers(HttpMethod.GET, "/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class); } @@ -68,7 +65,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testRequestMatcherIsTypeAntPathRequestMatcher() { List requestMatchers = this.registry.antMatchers("/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java index 71e4af4647..c25de5ebaf 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java @@ -52,28 +52,24 @@ public class AnonymousConfigurerTests { @Test public void requestWhenAnonymousTwiceInvokedThenDoesNotOverride() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(content().string("principal")); } @Test public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception { this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(content().string("principal")); } @Test public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception { this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isForbidden()); } @Test public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception { this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java index 935e4c62d4..22792f926e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java @@ -94,9 +94,7 @@ public class AuthorizeRequestsTests { public void antMatchersMethodAndNoPatterns() throws Exception { loadConfig(AntMatchersNoPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -104,9 +102,7 @@ public class AuthorizeRequestsTests { public void postWhenPostDenyAllInLambdaThenRespondsWithForbidden() throws Exception { loadConfig(AntMatchersNoPatternsInLambdaConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -114,18 +110,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariables() throws Exception { loadConfig(AntPatchersPathVariables.class); - this.request.setServletPath("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -133,18 +123,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariablesCaseInsensitive() throws Exception { loadConfig(AntPatchersPathVariables.class); - this.request.setServletPath("/USER/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/USER/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -152,18 +136,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariablesCaseInsensitiveCamelCaseVariables() throws Exception { loadConfig(AntMatchersPathVariablesCamelCaseVariables.class); - this.request.setServletPath("/USER/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/USER/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -171,185 +149,126 @@ public class AuthorizeRequestsTests { @Test public void roleHiearchy() throws Exception { loadConfig(RoleHiearchyConfig.class); - SecurityContext securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused", AuthorityUtils.createAuthorityList("ROLE_USER"))); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherDenyAllThenRespondsWithUnauthorized() throws Exception { loadConfig(MvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherServletPathDenyAllThenMatchesOnServletPath() throws Exception { loadConfig(MvcMatcherServletPathInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void mvcMatcherPathVariables() throws Exception { loadConfig(MvcMatcherPathVariablesConfig.class); - this.request.setRequestURI("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setRequestURI("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherPathVariablesThenMatchesOnPathVariables() throws Exception { loadConfig(MvcMatcherPathVariablesInLambdaConfig.class); - this.request.setRequestURI("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setRequestURI("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -358,7 +277,6 @@ public class AuthorizeRequestsTests { this.context.register(configs); this.context.setServletContext(this.servletContext); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java index 11f93dafb3..491c1960ea 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java @@ -56,7 +56,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnInsecureChannelProcessor() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(InsecureChannelProcessor.class)); } @@ -64,7 +63,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecureChannelProcessor() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecureChannelProcessor.class)); } @@ -72,7 +70,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelDecisionManagerImpl() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelDecisionManagerImpl.class)); } @@ -80,21 +77,18 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelProcessingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelProcessingFilter.class)); } @Test public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/")); } @Test public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception { this.spring.register(RequiresChannelInLambdaConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java index a238e07b2c..0530f29de3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java @@ -73,7 +73,6 @@ public class CorsConfigurerTests { @Test public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -82,7 +81,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -93,7 +91,6 @@ public class CorsConfigurerTests { @Test public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -102,7 +99,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -113,7 +109,6 @@ public class CorsConfigurerTests { @Test public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -122,7 +117,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -134,7 +128,6 @@ public class CorsConfigurerTests { public void getWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -144,7 +137,6 @@ public class CorsConfigurerTests { public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -155,7 +147,6 @@ public class CorsConfigurerTests { @Test public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -164,7 +155,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -175,7 +165,6 @@ public class CorsConfigurerTests { @Test public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -184,7 +173,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java index 14c59ab078..7ae673cef3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java @@ -50,43 +50,31 @@ public class CsrfConfigurerIgnoringRequestMatchersTests { @Test public void requestWhenIgnoringRequestMatchersThenAugmentedByConfiguredRequestMatcher() throws Exception { this.spring.register(IgnoringRequestMatchers.class, BasicController.class).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isForbidden()); - this.mvc.perform(post("/path")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception { this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isForbidden()); - this.mvc.perform(post("/path")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception { - this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()); - this.mvc.perform(post("/csrf")).andExpect(status().isOk()); - this.mvc.perform(put("/no-csrf")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatcherInLambdaThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception { - this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()); - this.mvc.perform(post("/csrf")).andExpect(status().isOk()); - this.mvc.perform(put("/no-csrf")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java index 387ec6a009..108f04abb2 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java @@ -50,21 +50,18 @@ public class CsrfConfigurerNoWebMvcTests { @Test public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() { loadContext(EnableWebConfig.class); - assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } @Test public void findDispatcherServletPreventsCsrfRequestDataValueProcessor() { loadContext(EnableWebMvcConfig.class); - assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } @Test public void overrideCsrfRequestDataValueProcessor() { loadContext(EnableWebOverrideRequestDataConfig.class); - assertThat(this.context.getBean(RequestDataValueProcessor.class).getClass()) .isNotEqualTo(CsrfRequestDataValueProcessor.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java index 2162872879..dbdc70f79e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java @@ -96,7 +96,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(post("/")).andExpect(status().isForbidden()); } @@ -105,7 +104,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(put("/")).andExpect(status().isForbidden()); } @@ -114,7 +112,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(patch("/")).andExpect(status().isForbidden()); } @@ -123,7 +120,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(delete("/")).andExpect(status().isForbidden()); } @@ -132,7 +128,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(request("INVALID", URI.create("/"))).andExpect(status().isForbidden()); } @@ -141,7 +136,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -150,7 +144,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(head("/")).andExpect(status().isOk()); } @@ -159,7 +152,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(request(HttpMethod.TRACE, "/")).andExpect(status().isOk()); } @@ -168,28 +160,24 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(options("/")).andExpect(status().isOk()); } @Test public void enableWebSecurityWhenDefaultConfigurationThenCreatesRequestDataValueProcessor() { this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull(); } @Test public void postWhenCsrfDisabledThenRespondsWithOk() throws Exception { this.spring.register(DisableCsrfConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); } @Test public void postWhenCsrfDisabledInLambdaThenRespondsWithOk() throws Exception { this.spring.register(DisableCsrfInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); } @@ -197,9 +185,7 @@ public class CsrfConfigurerTests { @Test public void loginWhenCsrfDisabledThenRedirectsToPreviousPostRequest() throws Exception { this.spring.register(DisableCsrfEnablesRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/to-save")).andReturn(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password") .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/to-save")); @@ -212,12 +198,10 @@ public class CsrfConfigurerTests { given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn(); this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("/")); - verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) .loadToken(any(HttpServletRequest.class)); } @@ -229,12 +213,10 @@ public class CsrfConfigurerTests { given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn(); this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/some-url")); - verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) .loadToken(any(HttpServletRequest.class)); } @@ -243,10 +225,8 @@ public class CsrfConfigurerTests { @Test public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception { this.spring.register(InvalidSessionUrlConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")).andExpect(status().isFound()) .andExpect(redirectedUrl("/error/sessionError")).andReturn(); - this.mvc.perform(post("/").session((MockHttpSession) mvcResult.getRequest().getSession())) .andExpect(status().isForbidden()); } @@ -255,7 +235,6 @@ public class CsrfConfigurerTests { public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception { this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire(); given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(false); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -264,7 +243,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherConfig.MATCHER = mock(RequestMatcher.class); given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(true); this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isForbidden()); } @@ -273,7 +251,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class); this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire(); given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(false); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -282,7 +259,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class); given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(true); this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isForbidden()); } @@ -292,7 +268,6 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryConfig.REPO.loadToken(any())) .willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token")); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryConfig.REPO).loadToken(any(HttpServletRequest.class)); } @@ -301,9 +276,7 @@ public class CsrfConfigurerTests { public void logoutWhenCustomCsrfTokenRepositoryThenCsrfTokenIsCleared() throws Exception { CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user"))); - verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -315,10 +288,8 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfTokenRepositoryConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); - verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -329,7 +300,6 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any())) .willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token")); this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class)); } @@ -338,9 +308,7 @@ public class CsrfConfigurerTests { public void getWhenCustomAccessDeniedHandlerThenHandlerIsUsed() throws Exception { AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class); this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); - verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any()); } @@ -348,7 +316,6 @@ public class CsrfConfigurerTests { @Test public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isForbidden()).andExpect(unauthenticated()); } @@ -356,7 +323,6 @@ public class CsrfConfigurerTests { @Test public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden()) .andExpect(authenticated()); } @@ -365,14 +331,12 @@ public class CsrfConfigurerTests { @Test public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated()); } @Test public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception { this.spring.register(LogoutAllowsGetConfig.class).autowire(); - this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated()); } @@ -386,9 +350,7 @@ public class CsrfConfigurerTests { @Test public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception { this.spring.register(DefaultDoesNotCreateSession.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); - assertThat(mvcResult.getRequest().getSession(false)).isNull(); } @@ -401,12 +363,9 @@ public class CsrfConfigurerTests { @Test public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception { CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class); - this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); - verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java index ef9220d001..f16d989226 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java @@ -100,10 +100,8 @@ public class DefaultFiltersTests { assertThat(filterChains.size()).isEqualTo(2); DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0); DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1); - assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true); assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class); - List> classes = secondFilter.getFilters().stream().map(Filter::getClass) .collect(Collectors.toList()); assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue(); @@ -125,11 +123,9 @@ public class DefaultFiltersTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest("POST", ""); request.setServletPath("/logout"); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response); request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); - this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response, new MockFilterChain()); assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java index 3b398acaac..3b7ff75b02 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java @@ -68,7 +68,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void getWhenFormLoginEnabledThenRedirectsToLoginPage() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); } @@ -77,7 +76,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -103,7 +101,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginWhenNoCredentialsThenRedirectedToLoginPageWithError() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error")); } @@ -112,9 +109,7 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf())).andReturn(); - this.mvc.perform(get("/login?error").session((MockHttpSession) mvcResult.getRequest().getSession()) .sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" @@ -142,7 +137,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginWhenValidCredentialsThenRedirectsToDefaultSuccessPage() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); } @@ -152,7 +146,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -179,14 +172,12 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginPageWhenLoggedOutAndCustomLogoutSuccessHandlerThenDoesNotRenderLoginPage() throws Exception { this.spring.register(DefaultLoginPageCustomLogoutSuccessHandlerConfig.class).autowire(); - this.mvc.perform(get("/login?logout")).andExpect(content().string("")); } @Test public void loginPageWhenLoggedOutAndCustomLogoutSuccessUrlThenDoesNotRenderLoginPage() throws Exception { this.spring.register(DefaultLoginPageCustomLogoutSuccessUrlConfig.class).autowire(); - this.mvc.perform(get("/login?logout")).andExpect(content().string("")); } @@ -195,7 +186,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -223,10 +213,8 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginPageWhenOpenIdLoginConfiguredThenOpedIdLoginPage() throws Exception { this.spring.register(DefaultLoginPageWithOpenIDConfig.class).autowire(); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -251,7 +239,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageWithFormLoginOpenIDRememberMeConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -290,7 +277,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnDefaultLoginPageGeneratingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(DefaultLoginPageGeneratingFilter.class)); } @@ -298,7 +284,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @@ -307,7 +292,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class)); } @@ -315,14 +299,12 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } @Test public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() { this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire(); - FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChain.getFilterChains().get(0).getFilters().stream() .filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java index 139b2ab63b..1022b268e5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java @@ -55,9 +55,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenThenCustomizesResponseByRequest() throws Exception { this.spring.register(RequestMatcherBasedAccessDeniedHandlerConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden()); } @@ -65,9 +63,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception { this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden()); } @@ -75,9 +71,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception { this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java index bc22565be6..594083644f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java @@ -67,7 +67,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } @@ -75,7 +74,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML)) .andExpect(status().isFound()); } @@ -84,7 +82,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImageGifThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_GIF)).andExpect(status().isFound()); } @@ -92,7 +89,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImageJpgThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_JPEG)).andExpect(status().isFound()); } @@ -100,7 +96,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImagePngThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_PNG)).andExpect(status().isFound()); } @@ -108,7 +103,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextHtmlThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)).andExpect(status().isFound()); } @@ -116,7 +110,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextPlainThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_PLAIN)).andExpect(status().isFound()); } @@ -124,7 +117,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML)) .andExpect(status().isUnauthorized()); } @@ -133,7 +125,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED)) .andExpect(status().isUnauthorized()); } @@ -142,7 +133,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationJsonThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON)) .andExpect(status().isUnauthorized()); } @@ -151,7 +141,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM)) .andExpect(status().isUnauthorized()); } @@ -160,7 +149,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA)) .andExpect(status().isUnauthorized()); } @@ -169,7 +157,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_XML)).andExpect(status().isUnauthorized()); } @@ -177,14 +164,12 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptIsAnyThenRespondsWith401() throws Exception { this.spring.register(DefaultSecurityConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.ALL)).andExpect(status().isUnauthorized()); } @Test public void getWhenAcceptIsChromeThenRespondsWith302() throws Exception { this.spring.register(DefaultSecurityConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8")) .andExpect(status().isFound()); @@ -193,7 +178,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptIsTextPlainAndXRequestedWithIsXHRThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header("Accept", MediaType.TEXT_PLAIN).header("X-Requested-With", "XMLHttpRequest")) .andExpect(status().isUnauthorized()); } @@ -202,9 +186,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception { this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class) .autowire(); - this.mvc.perform(get("/")); - verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce()) .resolveMediaTypes(any(NativeWebRequest.class)); } @@ -212,7 +194,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception { this.spring.register(DefaultHttpConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")) .andExpect(redirectedUrl("http://localhost/login")); } @@ -220,16 +201,13 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception { this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized()); } @Test public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -278,17 +256,14 @@ public class ExceptionHandlingConfigurerTests { // @formatter:off } } - @EnableWebSecurity static class HttpBasicAndFormLoginEntryPointsConfig extends WebSecurityConfigurerAdapter { - @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } - @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java index d4fb8ebf88..f1abe4e97a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java @@ -93,7 +93,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenNoCustomAccessDecisionManagerThenUsesAffirmativeBased() { this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire(); - verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor).postProcess(any(AffirmativeBased.class)); } @@ -113,7 +112,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -122,7 +120,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -130,14 +127,12 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAnyAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -146,7 +141,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -154,14 +148,12 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -169,7 +161,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -178,7 +169,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleOtherThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER")))) .andExpect(status().isForbidden()); } @@ -186,49 +176,42 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAuthorityRoleUserOrAdminAuthRequiredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenHasAnyRoleUserConfiguredAndRoleIsAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsAdminThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isOk()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsOtherThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden()); } @Test public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception { this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with((request) -> { request.setRemoteAddr("192.168.1.0"); return request; @@ -238,7 +221,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasIpAddressConfiguredAndIpAddressDoesNotMatchThenRespondsWithUnauthorized() throws Exception { this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with((request) -> { request.setRemoteAddr("192.168.1.1"); return request; @@ -248,28 +230,24 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAnonymousConfiguredAndAnonymousUserThenRespondsWithOk() throws Exception { this.spring.register(AnonymousConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void getWhenAnonymousConfiguredAndLoggedInUserThenRespondsWithForbidden() throws Exception { this.spring.register(AnonymousConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden()); } @Test public void getWhenRememberMeConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(RememberMeConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenRememberMeConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception { this.spring.register(RememberMeConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isOk()); @@ -278,28 +256,24 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(DenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception { this.spring.register(DenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception { this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception { this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isOk()); @@ -308,7 +282,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception { this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isUnauthorized()); @@ -317,35 +290,30 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception { this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized()); } @Test public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception { this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized()); } @@ -358,58 +326,49 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenApplicationListenerInvokedOnAuthorizedEvent() throws Exception { this.spring.register(AuthorizedRequestsWithPostProcessorConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(AuthorizedRequestsWithPostProcessorConfig.AL).onApplicationEvent(any(AuthorizedEvent.class)); } @Test public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @@ -417,7 +376,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @@ -425,7 +383,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() { this.spring.register(Sec3011Config.class).autowire(); - verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class)); } @@ -433,7 +390,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeMatchesThenRespondsWithOk() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow")).andExpect(status().isOk()); } @@ -441,7 +397,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny")).andExpect(status().isForbidden()); } @@ -449,7 +404,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectMatchesThenRespondsWithOk() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allowObject")).andExpect(status().isOk()); } @@ -457,21 +411,18 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden()); } @Test public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception { this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception { this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @@ -939,7 +890,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Bean PermissionEvaluator permissionEvaluator() { return new PermissionEvaluator() { - @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { @@ -951,7 +901,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { Object permission) { return "ID".equals(targetId) && "TYPE".equals(targetType) && "PERMISSION".equals(permission); } - }; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java index 505d5313a4..af6618b1fa 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java @@ -69,29 +69,22 @@ public class FormLoginConfigurerTests { @Test public void requestCache() throws Exception { this.spring.register(RequestCacheConfig.class, AuthenticationTestConfiguration.class).autowire(); - RequestCacheConfig config = this.spring.getContext().getBean(RequestCacheConfig.class); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); - verify(config.requestCache).getRequest(any(), any()); } @Test public void requestCacheAsBean() throws Exception { this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire(); - RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); - verify(requestCache).getRequest(any(), any()); } @Test public void loginWhenFormLoginConfiguredThenHasDefaultUsernameAndPasswordParameterNames() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("username", "user").password("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -99,7 +92,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginConfiguredThenHasDefaultFailureUrl() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -107,28 +99,24 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginConfiguredThenHasDefaultSuccessUrl() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void getLoginPageWhenFormLoginConfiguredThenNotSecured() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isFound()); } @Test public void loginWhenFormLoginConfiguredThenSecured() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(post("/login")).andExpect(status().isForbidden()); } @Test public void requestProtectedWhenFormLoginConfiguredThenRedirectsToLogin() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(get("/private")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -136,7 +124,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultUsernameAndPasswordParameterNames() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("username", "user").password("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -144,7 +131,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultFailureUrl() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -152,28 +138,24 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultSuccessUrl() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void getLoginPageWhenFormLoginDefaultsInLambdaThenNotSecured() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()); } @Test public void loginWhenFormLoginDefaultsInLambdaThenSecured() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(post("/login")).andExpect(status().isForbidden()); } @Test public void requestProtectedWhenFormLoginDefaultsInLambdaThenRedirectsToLogin() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/private")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -181,21 +163,18 @@ public class FormLoginConfigurerTests { @Test public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWithErrorQueryWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(get("/login?error")).andExpect(status().isOk()).andExpect(redirectedUrl(null)); } @Test public void loginWhenFormLoginPermitAllAndInvalidUserThenRedirectsToLoginPageWithError() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -203,21 +182,18 @@ public class FormLoginConfigurerTests { @Test public void getLoginPageWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWithErrorQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate?error")).andExpect(redirectedUrl(null)); } @Test public void loginWhenCustomLoginPageAndInvalidUserThenRedirectsToCustomLoginPageWithError() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(formLogin("/authenticate").user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/authenticate?error")); } @@ -225,35 +201,30 @@ public class FormLoginConfigurerTests { @Test public void logoutWhenCustomLoginPageThenRedirectsToCustomLoginPage() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(logout()).andExpect(redirectedUrl("/authenticate?logout")); } @Test public void getLoginPageWithLogoutQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate?logout")).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null)); } @Test public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception { this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire(); - this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception { this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -262,17 +233,14 @@ public class FormLoginConfigurerTests { FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class); given(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).willReturn(9443); this.spring.register(FormLoginUsesPortMapperConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost:9443/login")); - verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any()); } @Test public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception { this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire(); - this.mockMvc.perform(get("/login?error")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -280,21 +248,18 @@ public class FormLoginConfigurerTests { @Test public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated()); } @Test public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception { this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url")); } @Test public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception { this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url")); } @@ -302,7 +267,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @@ -311,7 +275,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class)); } @@ -319,7 +282,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java index 12d4c472cb..6dd607e894 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java @@ -48,7 +48,6 @@ public class HeadersConfigurerEagerHeadersTests { @Test public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception { this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff")) .andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java index 81a541d42d..c4da0f5809 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java @@ -62,7 +62,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeadersConfiguredThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) @@ -80,7 +79,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeadersConfiguredInLambdaThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) @@ -99,7 +97,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndContentTypeConfiguredThenOnlyContentTypeHeaderInResponse() throws Exception { this.spring.register(ContentTypeOptionsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); @@ -108,7 +105,6 @@ public class HeadersConfigurerTests { @Test public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception { this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); @@ -118,7 +114,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndFrameOptionsConfiguredThenOnlyFrameOptionsHeaderInResponse() throws Exception { this.spring.register(FrameOptionsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS); @@ -128,7 +123,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndHstsConfiguredThenOnlyStrictTransportSecurityHeaderInResponse() throws Exception { this.spring.register(HstsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect( header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) @@ -140,7 +134,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndCacheControlConfiguredThenCacheControlAndExpiresAndPragmaHeadersInResponse() throws Exception { this.spring.register(CacheControlConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) .andExpect(header().string(HttpHeaders.EXPIRES, "0")) @@ -153,7 +146,6 @@ public class HeadersConfigurerTests { public void getWhenOnlyCacheControlConfiguredInLambdaThenCacheControlAndExpiresAndPragmaHeadersInResponse() throws Exception { this.spring.register(CacheControlInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) .andExpect(header().string(HttpHeaders.EXPIRES, "0")) @@ -166,7 +158,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndXssProtectionConfiguredThenOnlyXssProtectionHeaderInResponse() throws Exception { this.spring.register(XssProtectionConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); @@ -175,7 +166,6 @@ public class HeadersConfigurerTests { @Test public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception { this.spring.register(XssProtectionInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); @@ -184,7 +174,6 @@ public class HeadersConfigurerTests { @Test public void getWhenFrameOptionsSameOriginConfiguredThenFrameOptionsHeaderHasValueSameOrigin() throws Exception { this.spring.register(HeadersCustomSameOriginConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) .andReturn(); @@ -194,7 +183,6 @@ public class HeadersConfigurerTests { public void getWhenFrameOptionsSameOriginConfiguredInLambdaThenFrameOptionsHeaderHasValueSameOrigin() throws Exception { this.spring.register(HeadersCustomSameOriginInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) .andReturn(); @@ -203,7 +191,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeaderDefaultsDisabledAndPublicHpkpWithNoPinThenNoHeadersInResponse() throws Exception { this.spring.register(HpkpConfigNoPins.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty(); } @@ -211,7 +198,6 @@ public class HeadersConfigurerTests { @Test public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception { this.spring.register(HpkpConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -222,7 +208,6 @@ public class HeadersConfigurerTests { @Test public void getWhenInsecureRequestHeaderDefaultsDisabledAndHpkpWithPinThenNoHeadersInResponse() throws Exception { this.spring.register(HpkpConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty(); } @@ -231,7 +216,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse() throws Exception { this.spring.register(HpkpConfigWithPins.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"")) @@ -242,7 +226,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception { this.spring.register(HpkpConfigCustomAge.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -253,7 +236,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception { this.spring.register(HpkpConfigTerminateConnection.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -265,7 +247,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse() throws Exception { this.spring.register(HpkpConfigIncludeSubDomains.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains")) @@ -276,7 +257,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpConfigWithReportURI.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -288,7 +268,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpConfigWithReportURIAsString.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -300,7 +279,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -311,7 +289,6 @@ public class HeadersConfigurerTests { @Test public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY); @@ -321,7 +298,6 @@ public class HeadersConfigurerTests { public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY, "default-src 'self'; script-src trustedscripts.example.com")) @@ -334,7 +310,6 @@ public class HeadersConfigurerTests { public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY, "default-src 'self'; script-src trustedscripts.example.com")) @@ -358,7 +333,6 @@ public class HeadersConfigurerTests { @Test public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception { this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY); @@ -367,7 +341,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception { this.spring.register(ReferrerPolicyDefaultConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -376,7 +349,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception { this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -386,7 +358,6 @@ public class HeadersConfigurerTests { public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse() throws Exception { this.spring.register(ReferrerPolicyCustomConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -395,7 +366,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception { this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -404,7 +374,6 @@ public class HeadersConfigurerTests { @Test public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception { this.spring.register(FeaturePolicyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy"); @@ -420,7 +389,6 @@ public class HeadersConfigurerTests { public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse() throws Exception { this.spring.register(HstsWithPreloadConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header() .string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload")) .andReturn(); @@ -431,7 +399,6 @@ public class HeadersConfigurerTests { public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse() throws Exception { this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header() .string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload")) .andReturn(); @@ -659,7 +626,6 @@ public class HeadersConfigurerTests { Map pins = new LinkedHashMap<>(); pins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); pins.put("E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=", "sha256"); - // @formatter:off http .headers() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java index 493a85479d..2626139e22 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java @@ -67,14 +67,12 @@ public class HttpBasicConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnBasicAuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(BasicAuthenticationFilter.class)); } @Test public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\"")); } @@ -83,7 +81,6 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(DefaultsEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\"")); } @@ -91,9 +88,7 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenUsingCustomAuthenticationEntryPointThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(CustomAuthenticationEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -101,9 +96,7 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenInvokedTwiceThenUsesOriginalEntryPoint() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -112,7 +105,6 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception { this.spring.register(BasicUsesRememberMeConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true")) .andExpect(cookie().exists("remember-me")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java index 5357ad70da..9690aed1dd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java @@ -73,9 +73,7 @@ public class HttpSecurityAntMatchersTests { public void antMatchersMethodAndNoPatterns() throws Exception { loadConfig(AntMatchersNoPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -84,9 +82,7 @@ public class HttpSecurityAntMatchersTests { public void antMatchersMethodAndEmptyPatterns() throws Exception { loadConfig(AntMatchersEmptyPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -94,7 +90,6 @@ public class HttpSecurityAntMatchersTests { this.context = new AnnotationConfigWebApplicationContext(); this.context.register(configs); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java index 11ac70b1a6..da18813b49 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java @@ -73,17 +73,13 @@ public class HttpSecurityLogoutTests { @Test public void clearAuthenticationFalse() throws Exception { loadConfig(ClearAuthenticationFalseConfig.class); - SecurityContext currentContext = SecurityContextHolder.createEmptyContext(); currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext); this.request.setMethod("POST"); this.request.setServletPath("/logout"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(currentContext.getAuthentication()).isNotNull(); } @@ -91,7 +87,6 @@ public class HttpSecurityLogoutTests { this.context = new AnnotationConfigWebApplicationContext(); this.context.register(configs); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java index 652e5852aa..ca4ae5ff5b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java @@ -78,135 +78,92 @@ public class HttpSecurityRequestMatchersTests { @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherGetFiltersNoUnsupportedMethodExceptionFromDummyRequest() { loadConfig(MvcMatcherConfig.class); - assertThat(this.springSecurityFilterChain.getFilters("/path")).isNotEmpty(); } @Test public void requestMatchersMvcMatcher() throws Exception { loadConfig(RequestMatchersMvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestMatchersWhenMvcMatcherInLambdaThenPathIsSecured() throws Exception { loadConfig(RequestMatchersMvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestMatchersMvcMatcherServletPath() throws Exception { loadConfig(RequestMatchersMvcMatcherServeltPathConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath(""); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void requestMatcherWhensMvcMatcherServletPathInLambdaThenPathIsSecured() throws Exception { loadConfig(RequestMatchersMvcMatcherServletPathInLambdaConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath(""); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -215,7 +172,6 @@ public class HttpSecurityRequestMatchersTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java index 0f3eefb8ed..bb9e239a48 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java @@ -56,7 +56,6 @@ public class Issue55Tests { TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this"); this.spring.register(WebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class); this.spring.getContext().getBean(FilterChainProxy.class); - FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0); assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT); } @@ -67,10 +66,8 @@ public class Issue55Tests { TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this"); this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class); this.spring.getContext().getBean(FilterChainProxy.class); - FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0); assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT); - FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 1); assertThat(secondFilter.getAuthenticationManager().authenticate(token)) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java index 485689185d..88e80b78bb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java @@ -61,7 +61,6 @@ public class JeeConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eePreAuthenticatedProcessingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(J2eePreAuthenticatedProcessingFilter.class)); } @@ -70,7 +69,6 @@ public class JeeConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class)); } @@ -80,7 +78,6 @@ public class JeeConfigurerTests { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -93,7 +90,6 @@ public class JeeConfigurerTests { this.spring.register(JeeMappableRolesConfig.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -106,7 +102,6 @@ public class JeeConfigurerTests { this.spring.register(JeeMappableAuthoritiesConfig.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -124,7 +119,6 @@ public class JeeConfigurerTests { given(user.getName()).willReturn("user"); given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any())) .willReturn(userDetails); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java index ac8ed76df9..42b88900f7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java @@ -67,7 +67,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypeGetThenHeaderNotPresentt() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(get("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER)); } @@ -76,7 +75,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER)); } @@ -85,7 +83,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypePostAndSecureThenHeaderIsPresent() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java index c6a722e127..45bf708553 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java @@ -91,14 +91,12 @@ public class LogoutConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LogoutFilter.class)); } @Test public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(post("/custom/logout").with(csrf())).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -107,42 +105,36 @@ public class LogoutConfigurerTests { @Test public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(get("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPostRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(post("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPutRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(put("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenDeleteRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPostRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(post("/custom/logout")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -150,14 +142,12 @@ public class LogoutConfigurerTests { @Test public void logoutWhenPutRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(put("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenDeleteRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(delete("/custom/logout")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -165,7 +155,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @@ -186,7 +175,6 @@ public class LogoutConfigurerTests { @Test public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception { this.spring.register(RememberMeNoLogoutHandler.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -194,7 +182,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform( post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE)) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); @@ -204,7 +191,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptApplicationJsonThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isNoContent()); } @@ -213,7 +199,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptAllThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform( post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE)) .andExpect(status().isNoContent()); @@ -223,7 +208,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptFromChromeThenRedirectsToLogin() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); @@ -233,7 +217,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenXMLHttpRequestThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")) .header(HttpHeaders.ACCEPT, "text/html,application/json").header("X-Requested-With", "XMLHttpRequest")) .andExpect(status().isNoContent()); @@ -242,7 +225,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenDisabledThenLogoutUrlNotFound() throws Exception { this.spring.register(LogoutDisabledConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isNotFound()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java index 1d66dfce56..18e2fc89af 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java @@ -65,24 +65,18 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(HttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\"")); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @Test public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception { this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\"")); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @@ -92,7 +86,6 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); } @@ -100,7 +93,6 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); } @@ -111,12 +103,9 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire(); - AuthenticationDetailsSource source = this.spring.getContext() .getBean(AuthenticationDetailsSource.class); - this.mvc.perform(get("/").with(httpBasic("user", "password"))); - verify(source).buildDetails(any(HttpServletRequest.class)); } @@ -124,12 +113,9 @@ public class NamespaceHttpBasicTests { public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - AuthenticationDetailsSource source = this.spring.getContext() .getBean(AuthenticationDetailsSource.class); - this.mvc.perform(get("/").with(httpBasic("user", "password"))); - verify(source).buildDetails(any(HttpServletRequest.class)); } @@ -139,22 +125,16 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception { this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @Test public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java index b080cf6754..074fa8a2ec 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java @@ -63,11 +63,8 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWhenDefaultConfigurationThenMatchesNamespace() throws Exception { this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error")); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/")); } @@ -75,12 +72,9 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login")); - this.mvc.perform(post("/authentication/login/process").with(csrf())) .andExpect(redirectedUrl("/authentication/login?failed")); - this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password") .with(csrf())).andExpect(redirectedUrl("/default")); } @@ -88,12 +82,9 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure")); verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class)); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/custom/targetUrl")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java index eef4ba934a..c9f11e767f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java @@ -50,7 +50,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class NamespaceHttpHeadersTests { static final Map defaultHeaders = new LinkedHashMap<>(); - static { defaultHeaders.put("X-Content-Type-Options", "nosniff"); defaultHeaders.put("X-Frame-Options", "DENY"); @@ -60,7 +59,6 @@ public class NamespaceHttpHeadersTests { defaultHeaders.put("Pragma", "no-cache"); defaultHeaders.put("X-XSS-Protection", "1; mode=block"); } - @Rule public final SpringTestRule spring = new SpringTestRule(); @@ -70,28 +68,24 @@ public class NamespaceHttpHeadersTests { @Test public void secureRequestWhenDefaultConfigThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeadersDefaultConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includesDefaults()); } @Test public void secureRequestWhenCacheControlOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeadersCacheControlConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includes("Cache-Control", "Expires", "Pragma")); } @Test public void secureRequestWhenHstsOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HstsConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includes("Strict-Transport-Security")); } @Test public void requestWhenHstsCustomThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HstsCustomConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000"))); } @@ -99,14 +93,12 @@ public class NamespaceHttpHeadersTests { @Test public void requestWhenFrameOptionsSameOriginThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FrameOptionsSameOriginConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN"))); } @Test public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FrameOptionsAllowFromConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com"))); } @@ -114,28 +106,24 @@ public class NamespaceHttpHeadersTests { @Test public void requestWhenXssOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(XssProtectionConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes("X-XSS-Protection")); } @Test public void requestWhenXssCustomThenBehaviorMatchesNamespace() throws Exception { this.spring.register(XssProtectionCustomConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1"))); } @Test public void requestWhenXContentTypeOptionsOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(ContentTypeOptionsConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes("X-Content-Type-Options")); } @Test public void requestWhenCustomHeaderOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeaderRefConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue"))); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java index e88dd304e4..bd4d5ac0a9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java @@ -60,32 +60,26 @@ public class NamespaceHttpInterceptUrlTests { @Test public void unauthenticatedRequestWhenUrlRequiresAuthenticationThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/users")).andExpect(status().isForbidden()); } @Test public void authenticatedRequestWhenUrlRequiresElevatedPrivilegesThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/users").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden()); } @Test public void authenticatedRequestWhenAuthorizedThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire(); - this.mvc.perform(get("/users").with(authentication(user("ROLE_ADMIN")))).andExpect(status().isOk()).andReturn(); } @Test public void requestWhenMappedByPostInterceptUrlThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire(); - this.mvc.perform(get("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isOk()); - this.mvc.perform(post("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden()); - this.mvc.perform(post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -93,11 +87,8 @@ public class NamespaceHttpInterceptUrlTests { @Test public void requestWhenRequiresChannelThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/login")).andExpect(redirectedUrl("https://localhost/login")); - this.mvc.perform(get("/secured/a")).andExpect(redirectedUrl("https://localhost/secured/a")); - this.mvc.perform(get("https://localhost/user")).andExpect(redirectedUrl("http://localhost/user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java index 96a9287fe8..f83e15ba4a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java @@ -62,10 +62,8 @@ public class NamespaceHttpJeeTests { @Test public void requestWhenJeeUserThenBehaviorDiffersFromNamespaceForRoleNames() throws Exception { this.spring.register(JeeMappableRolesConfig.class, BaseController.class).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - this.mvc.perform(get("/roles").principal(user).with((request) -> { request.addUserRole("ROLE_admin"); request.addUserRole("ROLE_user"); @@ -77,18 +75,13 @@ public class NamespaceHttpJeeTests { @Test public void requestWhenCustomAuthenticatedUserDetailsServiceThenBehaviorMatchesNamespace() throws Exception { this.spring.register(JeeUserServiceRefConfig.class, BaseController.class).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - User result = new User(user.getName(), "N/A", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_user")); - given(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).willReturn(result); - this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk()) .andExpect(content().string("ROLE_user")); - verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java index 3f69893ed9..8b93855cb9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java @@ -72,7 +72,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull)); } @@ -81,7 +80,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception { this.spring.register(HttpLogoutDisabledInLambdaConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound()); } @@ -92,7 +90,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception { this.spring.register(CustomHttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/logout-success")) .andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1)) @@ -103,7 +100,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/logout-success")) .andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1)) @@ -117,7 +113,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception { this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies()) .andExpect(session(Objects::isNull)); @@ -127,7 +122,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies()) .andExpect(session(Objects::isNull)); @@ -224,7 +218,6 @@ public class NamespaceHttpLogoutTests { protected void configure(HttpSecurity http) throws Exception { SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig"); - // @formatter:off http .logout((logout) -> logout.logoutSuccessHandler(logoutSuccessHandler)); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java index 373c29186a..26ad03f0de 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java @@ -104,18 +104,14 @@ public class NamespaceHttpOpenIDLoginTests { given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform(get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://www.google.com/1")) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); @@ -144,25 +140,20 @@ public class NamespaceHttpOpenIDLoginTests { public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception { OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, "identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type"))); - OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class); given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class))) .willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource()); OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class); - this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire(); - given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))) .willThrow(new AuthenticationServiceException("boom")); this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity")) .andExpect(redirectedUrl("/custom/failure")); reset(OpenIDLoginCustomRefsConfig.CONSUMER); - given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).willReturn(token); this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity")) .andExpect(redirectedUrl("/custom/targetUrl")); - verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class)); verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java index 3d4d1a8874..011409d9fb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java @@ -49,12 +49,9 @@ public class NamespaceHttpPortMappingsTests { @Test public void portMappingWhenRequestRequiresChannelThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlWithPortMapperConfig.class).autowire(); - this.mvc.perform(get("http://localhost:9080/login")).andExpect(redirectedUrl("https://localhost:9443/login")); - this.mvc.perform(get("http://localhost:9080/secured/a")) .andExpect(redirectedUrl("https://localhost:9443/secured/a")); - this.mvc.perform(get("https://localhost:9443/user")).andExpect(redirectedUrl("http://localhost:9080/user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java index a67380193c..be604a4b8a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java @@ -68,9 +68,7 @@ public class NamespaceHttpRequestCacheTests { @Test public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception { this.spring.register(DefaultRequestCacheRefConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn(); - HttpSession session = result.getRequest().getSession(false); assertThat(session).isNotNull(); assertThat(session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java index f431f397be..03c12efdb5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java @@ -69,7 +69,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests { @Test public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception { this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden()) .andExpect(forwardedUrl("/AccessDeniedPageConfig")); } @@ -85,9 +84,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests { @Test public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception { this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").with(authentication(user()))); - verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java index e6d6576183..5f30c3c7c8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java @@ -81,10 +81,8 @@ public class NamespaceHttpX509Tests { @Test public void x509AuthenticationWhenHasCustomAuthenticationDetailsSourceThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire(); - X509Certificate certificate = loadCert("rod.cer"); this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod")); - verifyBean(AuthenticationDetailsSource.class).buildDetails(any()); } @@ -183,7 +181,6 @@ public class NamespaceHttpX509Tests { @Bean AuthenticationDetailsSource authenticationDetailsSource() { - return mock(AuthenticationDetailsSource.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java index 949fea0e42..5a5347c334 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java @@ -82,19 +82,15 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(RememberMeConfig.class, SecurityController.class).autowire(); MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); Cookie rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull(); this.mvc.perform(get("/authentication-class").cookie(rememberMe)) .andExpect(content().string(RememberMeAuthenticationToken.class.getName())); - result = this.mvc.perform(post("/logout").with(csrf()).session(session).cookie(rememberMe)) .andExpect(redirectedUrl("/login?logout")).andReturn(); - rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0); - this.mvc.perform(post("/authentication-class").with(csrf()).cookie(rememberMe)) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); } @@ -105,11 +101,9 @@ public class NamespaceRememberMeTests { public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception { RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class); this.spring.register(RememberMeServicesRefConfig.class).autowire(); - this.mvc.perform(get("/")); verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class), any(HttpServletResponse.class)); - this.mvc.perform(post("/login").with(csrf())); verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -119,15 +113,11 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception { AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class); this.spring.register(AuthSuccessConfig.class).autowire(); - MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn(); - verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER); - Cookie rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull(); this.mvc.perform(get("/somewhere").cookie(rememberMe)); - verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); } @@ -137,10 +127,8 @@ public class NamespaceRememberMeTests { this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire(); Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin())) .andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me"); - this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); - Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound()); @@ -148,16 +136,13 @@ public class NamespaceRememberMeTests { // http/remember-me@services-alias is not supported use standard aliasing instead // (i.e. @Bean("alias")) - // http/remember-me@data-source-ref is not supported directly. Instead use // http/remember-me@token-repository-ref example @Test public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception { TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class); this.spring.register(TokenRepositoryRefConfig.class).autowire(); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class)); } @@ -166,7 +151,6 @@ public class NamespaceRememberMeTests { this.spring.register(TokenValiditySecondsConfig.class).autowire(); Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314); } @@ -175,7 +159,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeConfig.class).autowire(); Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S); } @@ -184,7 +167,6 @@ public class NamespaceRememberMeTests { this.spring.register(UseSecureCookieConfig.class).autowire(); Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true); } @@ -193,7 +175,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeConfig.class).autowire(); Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn() .getResponse().getCookie("remember-me"); - assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true); } @@ -202,7 +183,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeParameterConfig.class).autowire(); Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn() .getResponse().getCookie("remember-me"); - assertThat(rememberMe).isNotNull(); } @@ -212,7 +192,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeCookieNameConfig.class).autowire(); Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("rememberMe"); - assertThat(rememberMe).isNotNull(); } @@ -220,9 +199,7 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenGlobalUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception { DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class); this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire(); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user"); } @@ -230,12 +207,9 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception { UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class); this.spring.register(UserServiceRefConfig.class).autowire(); - given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user")) .willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user"); } @@ -363,7 +337,6 @@ public class NamespaceRememberMeTests { protected void configure(HttpSecurity http) throws Exception { // JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl() // tokenRepository.setDataSource(dataSource); - // @formatter:off http .formLogin() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java index 6f08c7290a..8ddd312c45 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java @@ -82,20 +82,16 @@ public class NamespaceSessionManagementTests { public void authenticateWhenDefaultSessionManagementThenMatchesNamespace() throws Exception { this.spring.register(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionIdValid(false); request.setRequestedSessionId("id"); @@ -106,13 +102,11 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingExpiredUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(); SessionInformation sessionInformation = new SessionInformation(new Object(), session.getId(), new Date(0)); sessionInformation.expireNow(); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); given(sessionRegistry.getSessionInformation(session.getId())).willReturn(sessionInformation); - this.mvc.perform(get("/auth").session(session)).andExpect(redirectedUrl("/expired-session")); } @@ -120,9 +114,7 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingMaxSessionsThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/session-auth-error")); } @@ -131,12 +123,10 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingFailureUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpServletRequest mock = spy(MockHttpServletRequest.class); mock.setSession(new MockHttpSession()); given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class); mock.setMethod("GET"); - this.mvc.perform(get("/auth").with((request) -> mock).with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/session-auth-error")); } @@ -145,11 +135,8 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingSessionRegistryThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class)); } @@ -157,13 +144,11 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception { this.spring.register(InvalidSessionStrategyConfig.class).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionIdValid(false); request.setRequestedSessionId("id"); return request; })).andExpect(status().isOk()); - verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -172,9 +157,7 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception { this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -184,13 +167,11 @@ public class NamespaceSessionManagementTests { this.spring .register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isEqualTo(resultingSession.getId()); } @@ -198,15 +179,12 @@ public class NamespaceSessionManagementTests { public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception { this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isEqualTo("value"); } @@ -215,25 +193,20 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception { this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()); - verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class)); } @Test public void authenticateWhenNewSessionFixationProtectionThenMatchesNamespace() throws Exception { this.spring.register(SFPNewSessionSessionManagementConfig.class, UserDetailsServiceConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isNull(); } @@ -465,11 +438,8 @@ public class NamespaceSessionManagementTests { assertThat(result.getRequest().getSession(false)).isNull(); return; } - assertThat(result.getRequest().getSession(false)).isNotNull(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); @@ -478,7 +448,6 @@ public class NamespaceSessionManagementTests { assertThat(session.isInvalid()).isTrue(); } } - if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java index f30939fb0d..ce7a15b331 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java @@ -49,7 +49,6 @@ public class PermitAllSupportTests { @Test public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception { this.spring.register(PermitAllConfig.class).autowire(); - this.mvc.perform(get("/app/xyz").contextPath("/app")).andExpect(status().isNotFound()); this.mvc.perform(get("/app/xyz?def").contextPath("/app")).andExpect(status().isFound()); this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app")).andExpect(status().isNotFound()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java index 6c7f1d59ea..bf21abbd7c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java @@ -47,21 +47,18 @@ public class PortMapperConfigurerTests { @Test public void requestWhenPortMapperTwiceInvokedThenDoesNotOverride() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } @Test public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception { this.spring.register(HttpMapsToInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } @Test public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception { this.spring.register(CustomPortMapperInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java index 8ec6c1b5a7..54bc6ee582 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java @@ -81,7 +81,6 @@ public class RememberMeConfigurerTests { @Test public void postWhenNoUserDetailsServiceThenException() { this.spring.register(NullUserDetailsConfig.class).autowire(); - assertThatThrownBy(() -> this.mvc.perform(post("/login").param("username", "user").param("password", "password") .param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required"); } @@ -89,7 +88,6 @@ public class RememberMeConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RememberMeAuthenticationFilter.class)); } @@ -98,16 +96,13 @@ public class RememberMeConfigurerTests { given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString())) .willReturn(new User("user", "password", Collections.emptyList())); this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true")); - verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user"); } @Test public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")); } @@ -115,11 +110,9 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationToken() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated() .withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class))); } @@ -127,12 +120,10 @@ public class RememberMeConfigurerTests { @Test public void logoutWhenRememberMeCookieThenAuthenticationIsRememberMeCookieExpired() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); HttpSession session = mvcResult.getRequest().getSession(); - this.mvc.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session)) .andExpect(redirectedUrl("/login?logout")).andExpect(cookie().maxAge("remember-me", 0)); } @@ -140,7 +131,6 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieAndLoggedOutThenRedirectsToLogin() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult loginMvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = loginMvcResult.getResponse().getCookie("remember-me"); @@ -149,7 +139,6 @@ public class RememberMeConfigurerTests { .perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session)) .andReturn(); Cookie expiredRememberMeCookie = logoutMvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").with(csrf()).cookie(expiredRememberMeCookie)) .andExpect(redirectedUrl("http://localhost/login")); } @@ -157,7 +146,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception { this.spring.register(RememberMeInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")); } @@ -165,7 +153,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception { this.spring.register(RememberMeCookieDomainConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")) .andExpect(cookie().domain("remember-me", "spring.io")); @@ -174,7 +161,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception { this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")) .andExpect(cookie().domain("remember-me", "spring.io")); @@ -190,11 +176,9 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception { this.spring.register(FallbackRememberMeKeyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated() .withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class))); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java index d769b5869d..5079480e76 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java @@ -69,16 +69,13 @@ public class RequestCacheConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RequestCacheAwareFilter.class)); } @Test public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(InvokeTwiceDoesNotOverrideConfig.requestCache).getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -86,10 +83,8 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // favicon.ico } @@ -97,10 +92,8 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedUrlIsFaviconPngThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // favicon.png } @@ -109,14 +102,11 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsApplicationJsonThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // application/json - // This is desirable since JSON requests are typically not invoked directly from // the browser and we don't want the browser to replay them } @@ -125,13 +115,10 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsXRequestedWithThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header("X-Requested-With", "XMLHttpRequest")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); - // This is desirable since XHR requests are typically not invoked directly from // the browser and we don't want the browser to replay them } @@ -139,14 +126,11 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // text/event-stream - // This is desirable since event-stream requests are typically not invoked // directly from the browser and we don't want the browser to replay them } @@ -154,45 +138,37 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsTextHtmlThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsChromeThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsRequestedWithAndroidThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header("X-Requested-With", "com.android")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @@ -201,9 +177,7 @@ public class RequestCacheConfigurerTests { public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception { this.spring.register(RequestCacheDisabledConfig.class, ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @@ -211,12 +185,9 @@ public class RequestCacheConfigurerTests { @Test public void postWhenRequestIsMultipartThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockMultipartFile aFile = new MockMultipartFile("aFile", "A_FILE".getBytes()); - MockHttpSession session = (MockHttpSession) this.mvc.perform(multipart("/upload").file(aFile)).andReturn() .getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @@ -224,27 +195,21 @@ public class RequestCacheConfigurerTests { public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception { this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @Test public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception { this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob")); } @Test public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception { this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java index e820678b2f..f0c8500cc1 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java @@ -47,7 +47,6 @@ public class RequestMatcherConfigurerTests { @Test public void authorizeRequestsWhenInvokedMultipleTimesThenChainsPaths() throws Exception { this.spring.register(Sec2908Config.class).autowire(); - this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden()); this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden()); } @@ -55,7 +54,6 @@ public class RequestMatcherConfigurerTests { @Test public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception { this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire(); - this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden()); this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java index e3bb13407c..fc99c2772d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java @@ -67,7 +67,6 @@ public class SecurityContextConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextPersistenceFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecurityContextPersistenceFilter.class)); } @@ -75,9 +74,7 @@ public class SecurityContextConfigurerTests { public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).willReturn(mock(SecurityContext.class)); - this.mvc.perform(get("/")); - verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class)); } @@ -85,14 +82,12 @@ public class SecurityContextConfigurerTests { @Test public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception { this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire(); - this.mvc.perform(get("/")); } @Test public void requestWhenSecurityContextWithDefaultsInLambdaThenSessionIsCreated() throws Exception { this.spring.register(SecurityContextWithDefaultsInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNotNull(); @@ -101,7 +96,6 @@ public class SecurityContextConfigurerTests { @Test public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); @@ -110,7 +104,6 @@ public class SecurityContextConfigurerTests { @Test public void requestWhenNullSecurityContextRepositoryInLambdaThenContextNotSavedInSession() throws Exception { this.spring.register(NullSecurityContextRepositoryInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java index 274b156c11..ed71acbf53 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java @@ -88,7 +88,6 @@ public class ServletApiConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextHolderAwareRequestFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(SecurityContextHolderAwareRequestFilter.class)); } @@ -97,14 +96,12 @@ public class ServletApiConfigurerTests { @Test public void configureWhenUsingDefaultsThenAuthenticationManagerIsNotNull() { this.spring.register(ServletApiConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("customAuthenticationManager")).isNotNull(); } @Test public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception { this.spring.register(ServletApiConfig.class).autowire(); - this.mvc.perform(formLogin()).andExpect(status().isFound()); } @@ -112,7 +109,6 @@ public class ServletApiConfigurerTests { @Test public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception { this.spring.register(ServletApiConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")))) .andExpect(status().isOk()); @@ -121,9 +117,7 @@ public class ServletApiConfigurerTests { @Test public void requestWhenCustomAuthenticationEntryPointThenEntryPointUsed() throws Exception { this.spring.register(CustomEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -131,11 +125,9 @@ public class ServletApiConfigurerTests { @Test public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")))) .andExpect(status().isOk()); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -143,16 +135,13 @@ public class ServletApiConfigurerTests { @Test public void configureWhenSharedObjectTrustResolverThenTrustResolverUsed() throws Exception { this.spring.register(SharedTrustResolverConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any()); } @Test public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception { this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -160,11 +149,9 @@ public class ServletApiConfigurerTests { @Test public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception { this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")))) .andExpect(status().isOk()); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -172,18 +159,13 @@ public class ServletApiConfigurerTests { @Test public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() { this.spring.register(ServletApiWithLogoutConfig.class); - SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class); LogoutFilter logoutFilter = getFilter(LogoutFilter.class); - LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler"); assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); - List scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers"); List lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers"); - assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers); - assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java index 10362b3eb7..53f7b0ec8a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java @@ -95,11 +95,8 @@ public class SessionManagementConfigurerServlet31Tests { repository.saveToken(token, request, this.response); request.setParameter(token.getParameterName(), token.getToken()); request.getSession().setAttribute("attribute1", "value1"); - loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1"); } @@ -116,7 +113,6 @@ public class SessionManagementConfigurerServlet31Tests { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response); repo.loadContext(requestResponseHolder); - SecurityContextImpl securityContextImpl = new SecurityContextImpl(); securityContextImpl.setAuthentication(auth); repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java index 11f60b1e9e..d86e005146 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java @@ -47,31 +47,22 @@ public class SessionManagementConfigurerSessionCreationPolicyTests { @Test public void getWhenSharedObjectSessionCreationPolicyConfigurationThenOverrides() throws Exception { - this.spring.register(StatelessCreateSessionSharedObjectConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception { - this.spring.register(StatelessCreateSessionUserConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception { - this.spring.register(DefaultConfig.class, BasicController.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @@ -96,7 +87,6 @@ public class SessionManagementConfigurerSessionCreationPolicyTests { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on - http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java index 095c01d59c..0c66f6da6f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java @@ -83,9 +83,7 @@ public class SessionManagementConfigurerTests { public void sessionManagementWhenConfiguredThenDoesNotOverrideRequestCache() throws Exception { SessionManagementRequestCacheConfig.REQUEST_CACHE = mock(RequestCache.class); this.spring.register(SessionManagementRequestCacheConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SessionManagementRequestCacheConfig.REQUEST_CACHE).getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -96,9 +94,7 @@ public class SessionManagementConfigurerTests { given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO .loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class)); this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO) .saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -106,10 +102,8 @@ public class SessionManagementConfigurerTests { @Test public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -120,25 +114,20 @@ public class SessionManagementConfigurerTests { this.spring.register(DisableSessionFixationEnableConcurrencyControlConfig.class).autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult mvcResult = this.mvc.perform(get("/").with(httpBasic("user", "password")).session(session)) .andExpect(status().isNotFound()).andReturn(); - assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId); } @Test public void authenticateWhenNewSessionFixationProtectionInLambdaThenCreatesNewSession() throws Exception { this.spring.register(SFPNewSessionInLambdaConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isNull(); } @@ -146,9 +135,7 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception { this.spring.register(ConcurrencyControlConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?error")); } @@ -156,13 +143,11 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserSessionExpiredAndMaxSessionsIsOneThenLoggedIn() throws Exception { this.spring.register(ConcurrencyControlConfig.class).autowire(); - MvcResult mvcResult = this.mvc .perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andReturn(); HttpSession authenticatedSession = mvcResult.getRequest().getSession(); this.spring.getContext().publishEvent(new HttpSessionDestroyedEvent(authenticatedSession)); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -170,9 +155,7 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception { this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?error")); } @@ -180,10 +163,8 @@ public class SessionManagementConfigurerTests { @Test public void requestWhenSessionCreationPolicyStateLessInLambdaThenNoSessionCreated() throws Exception { this.spring.register(SessionCreationPolicyStateLessInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -191,7 +172,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSessionManagementFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SessionManagementFilter.class)); } @@ -199,7 +179,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ConcurrentSessionFilter.class)); } @@ -207,7 +186,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionControlAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(ConcurrentSessionControlAuthenticationStrategy.class)); } @@ -216,7 +194,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnCompositeSessionAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(CompositeSessionAuthenticationStrategy.class)); } @@ -225,7 +202,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRegisterSessionAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(RegisterSessionAuthenticationStrategy.class)); } @@ -234,7 +210,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChangeSessionIdAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(ChangeSessionIdAuthenticationStrategy.class)); } @@ -245,9 +220,7 @@ public class SessionManagementConfigurerTests { SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class); given(SharedTrustResolverConfig.TR.isAnonymous(any())).willReturn(false); this.spring.register(SharedTrustResolverConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); - assertThat(mvcResult.getRequest().getSession(false)).isNotNull(); } @@ -255,10 +228,8 @@ public class SessionManagementConfigurerTests { public void whenOneSessionRegistryBeanThenUseIt() throws Exception { SessionRegistryOneBeanConfig.SESSION_REGISTRY = mock(SessionRegistry.class); this.spring.register(SessionRegistryOneBeanConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext()); this.mvc.perform(get("/").session(session)); - verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId()); } @@ -267,10 +238,8 @@ public class SessionManagementConfigurerTests { SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE = mock(SessionRegistry.class); SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO = mock(SessionRegistry.class); this.spring.register(SessionRegistryTwoBeansConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext()); this.mvc.perform(get("/").session(session)); - verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE); verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java index 7323136e1c..c5b5dd2cc5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java @@ -50,7 +50,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception { - this.spring.register(WithTransientAuthenticationConfig.class).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNull(); @@ -58,7 +57,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception { - this.spring.register(AlwaysCreateSessionConfig.class).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java index b9b61ad579..34dcb0f52d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java @@ -78,67 +78,45 @@ public class UrlAuthorizationConfigurerTests { @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -152,7 +130,6 @@ public class UrlAuthorizationConfigurerTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java index 5fe6a6b770..110b468030 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java @@ -61,7 +61,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "ROLE_USER") public void hasAnyAuthorityWhenAuthoritySpecifiedThenMatchesAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user-authority")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-admin-authority")).andExpect(status().isForbidden()); @@ -71,7 +70,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "ROLE_ADMIN") public void hasAnyAuthorityWhenAuthoritiesSpecifiedThenMatchesAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user-admin-authority")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user-admin")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user-authority")).andExpect(status().isForbidden()); @@ -81,7 +79,6 @@ public class UrlAuthorizationsTests { @WithMockUser(roles = "USER") public void hasAnyRoleWhenRoleSpecifiedThenMatchesRole() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden()); } @@ -90,7 +87,6 @@ public class UrlAuthorizationsTests { @WithMockUser(roles = "ADMIN") public void hasAnyRoleWhenRolesSpecifiedThenMatchesRole() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-admin-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user")).andExpect(status().isForbidden()); } @@ -99,7 +95,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "USER") public void hasAnyRoleWhenRoleSpecifiedThenDoesNotMatchAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user")).andExpect(status().isForbidden()); this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden()); } @@ -107,7 +102,6 @@ public class UrlAuthorizationsTests { @Test public void configureWhenNoAccessDecisionManagerThenDefaultsToAffirmativeBased() { this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire(); - FilterSecurityInterceptor interceptor = getFilter(FilterSecurityInterceptor.class); assertThat(interceptor).isNotNull(); assertThat(interceptor).extracting("accessDecisionManager").isInstanceOf(AffirmativeBased.class); @@ -151,7 +145,6 @@ public class UrlAuthorizationsTests { ApplicationContext context = getApplicationContext(); UrlAuthorizationConfigurer.StandardInterceptUrlRegistry registry = http .apply(new UrlAuthorizationConfigurer(context)).getRegistry(); - registry.antMatchers("/a").hasRole("ADMIN").anyRequest().hasRole("USER"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java index 64ca605e85..655ed245be 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java @@ -61,7 +61,6 @@ public class X509ConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnX509AuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(X509AuthenticationFilter.class)); } @@ -69,7 +68,6 @@ public class X509ConfigurerTests { public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); X509Certificate certificate = loadCert("rodatexampledotcom.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } @@ -77,7 +75,6 @@ public class X509ConfigurerTests { public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception { this.spring.register(DefaultsInLambdaConfig.class).autowire(); X509Certificate certificate = loadCert("rod.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } @@ -85,7 +82,6 @@ public class X509ConfigurerTests { public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception { this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire(); X509Certificate certificate = loadCert("rodatexampledotcom.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 7e96a853e8..f9a3df7356 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -120,7 +120,6 @@ public class OAuth2ClientConfigurerTests { authorizedClientService); authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, "/oauth2/authorization"); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build(); accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); @@ -132,7 +131,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenAuthorizationCodeRequestThenRedirectForAuthorization() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) @@ -143,7 +141,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenOauth2ClientInLambdaThenRedirectForAuthorization() throws Exception { this.spring.register(OAuth2ClientInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) @@ -154,7 +151,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - // Setup the Authorization Request in the session Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); @@ -162,21 +158,16 @@ public class OAuth2ClientConfigurerTests { .authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()) .clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state") .attributes(attributes).build(); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); MockHttpServletResponse response = new MockHttpServletResponse(); authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - MockHttpSession session = (MockHttpSession) request.getSession(); - String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code") .param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1")); - OAuth2AuthorizedClient authorizedClient = authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request); assertThat(authorizedClient).isNotNull(); @@ -186,20 +177,17 @@ public class OAuth2ClientConfigurerTests { public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1"))) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); - verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test public void configureWhenRequestCacheProvidedAndClientAuthorizationSucceedsThenRequestCacheUsed() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - // Setup the Authorization Request in the session Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); @@ -207,21 +195,16 @@ public class OAuth2ClientConfigurerTests { .authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()) .clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state") .attributes(attributes).build(); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); MockHttpServletResponse response = new MockHttpServletResponse(); authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - MockHttpSession session = (MockHttpSession) request.getSession(); - String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code") .param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1")); - verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -234,12 +217,9 @@ public class OAuth2ClientConfigurerTests { authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class); given(authorizationRequestResolver.resolve(any())) .willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0))); - this.spring.register(OAuth2ClientConfig.class).autowire(); - this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection()) .andReturn(); - verify(authorizationRequestResolver).resolve(any()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java index 206b1157c2..6845659dce 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java @@ -157,18 +157,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2Login() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -184,9 +180,7 @@ public class OAuth2LoginConfigurerTests { this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); @@ -199,18 +193,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWhenSuccessThenAuthenticationSuccessEventPublished() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions assertThat(OAuth2LoginConfig.EVENTS).isNotEmpty(); assertThat(OAuth2LoginConfig.EVENTS).hasSize(1); @@ -221,18 +211,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -245,18 +231,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -269,18 +251,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithUserServiceBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomUserServiceBeanRegistration.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -294,19 +272,15 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginConfigLoginProcessingUrl() throws Exception { // setup application context loadConfig(OAuth2LoginConfigLoginProcessingUrl.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.request.setServletPath("/login/oauth2/google"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -327,13 +301,10 @@ public class OAuth2LoginConfigurerTests { "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1") .build(); given(resolver.resolve(any())).willReturn(result); - String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1"); } @@ -350,13 +321,10 @@ public class OAuth2LoginConfigurerTests { "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1") .build(); given(resolver.resolve(any())).willReturn(result); - String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1"); } @@ -365,13 +333,10 @@ public class OAuth2LoginConfigurerTests { @Test public void oauth2LoginWithOneClientConfiguredThenRedirectForAuthorization() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google"); } @@ -380,14 +345,11 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/favicon.ico"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.request.addHeader(HttpHeaders.ACCEPT, new MediaType("image", "*").toString()); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); } @@ -395,13 +357,10 @@ public class OAuth2LoginConfigurerTests { @Test public void oauth2LoginWithMultipleClientsConfiguredThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfigMultipleClients.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); } @@ -410,40 +369,31 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.request.addHeader("X-Requested-With", "XMLHttpRequest"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).doesNotMatch("http://localhost/oauth2/authorization/google"); } @Test public void oauth2LoginWithCustomLoginPageThenRedirectCustomLoginPage() throws Exception { loadConfig(OAuth2LoginConfigCustomLoginPage.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login"); } @Test public void requestWhenOauth2LoginWithCustomLoginPageInLambdaThenRedirectCustomLoginPage() throws Exception { loadConfig(OAuth2LoginConfigCustomLoginPageInLambda.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login"); } @@ -451,18 +401,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLogin() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -475,18 +421,14 @@ public class OAuth2LoginConfigurerTests { public void requestWhenOauth2LoginInLambdaAndOidcThenAuthenticationContainsOidcUserAuthority() throws Exception { // setup application context loadConfig(OAuth2LoginInLambdaConfig.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -499,18 +441,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -523,18 +461,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -555,10 +489,8 @@ public class OAuth2LoginConfigurerTests { @Test public void logoutWhenUsingOidcLogoutHandlerThenRedirects() throws Exception { this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire(); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, "registration-id"); - this.mvc.perform(post("/logout").with(authentication(token)).with(csrf())) .andExpect(redirectedUrl("https://logout?id_token_hint=id-token")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java index 407342ba0e..47540c3e06 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java @@ -195,22 +195,18 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @Test public void getWhenUsingDefaultsInLambdaWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultInLambdaConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @@ -220,7 +216,6 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(WebServerConfig.class, JwkSetUriConfig.class, BasicController.class).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @@ -230,90 +225,73 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(WebServerConfig.class, JwkSetUriInLambdaConfig.class, BasicController.class).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @Test public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations("malformed"); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken() throws Exception { - this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire(); this.web.shutdown(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Bearer token is malformed")); } @Test public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("MalformedPayload"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()).andExpect( invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload")); } @Test public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); String token = this.token("Unsigned"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Unsupported algorithm of none")); } @Test public void getWhenUsingDefaultsWithBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); this.mockRestOperations(jwks("Default")); String token = this.token("TooEarly"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/").with(bearerToken("token")).with(bearerToken("token").asParam())) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); @@ -321,22 +299,17 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("access_token", "token1"); params.add("access_token", "token2"); - this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); } @Test public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(post("/") // engage csrf .with(bearerToken("token").asParam())).andExpect(status().isForbidden()) .andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); @@ -344,9 +317,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(post("/").with(bearerToken("token").asParam())).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @@ -357,232 +328,184 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isNotFound()); } @Test public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @Test public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingDefaultsWithInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingDefaultsWithInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingDefaultsAndAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Empty")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsAndAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void getWhenUsingDefaultsAndKeyMatchesByKidThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("Kid"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingMethodSecurityWithValidBearerTokenHavingScpAttributeThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScp"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingMethodSecurityWithInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); - } @Test public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingMethodSecurityWithDenyAllThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/ms-deny").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden()) .andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); } @Test public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated() throws Exception { - this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire(); mockRestOperations(json("Active")); - MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() throws Exception { - this.spring.register(JwkSetUriConfig.class, BasicController.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception { - this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted() throws Exception { - this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); - this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -590,17 +513,13 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted() throws Exception { - this.spring .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); - this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -608,13 +527,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform( post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf())) .andExpect(status().isBadRequest()) @@ -624,14 +540,11 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN)) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -641,16 +554,12 @@ public class OAuth2ResourceServerConfigurerTests { public void getBearerTokenResolverWhenDuplicateResolverBeansAndAnotherOnTheDslThenTheDslOneIsUsed() { BearerTokenResolver resolverBean = mock(BearerTokenResolver.class); BearerTokenResolver resolver = mock(BearerTokenResolver.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("resolverOne", BearerTokenResolver.class, () -> resolverBean); context.registerBean("resolverTwo", BearerTokenResolver.class, () -> resolverBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); - oauth2.bearerTokenResolver(resolver); - assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver); } @@ -665,63 +574,46 @@ public class OAuth2ResourceServerConfigurerTests { public void getBearerTokenResolverWhenResolverBeanAndAnotherOnTheDslThenTheDslOneIsUsed() { BearerTokenResolver resolver = mock(BearerTokenResolver.class); BearerTokenResolver resolverBean = mock(BearerTokenResolver.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(BearerTokenResolver.class, () -> resolverBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); oauth2.bearerTokenResolver(resolver); - assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver); } @Test public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() { ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); - assertThat(oauth2.getBearerTokenResolver()).isInstanceOf(DefaultBearerTokenResolver.class); } @Test public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderOnDsl.class, BasicController.class).autowire(); - CustomJwtDecoderOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderOnDsl.class); JwtDecoder decoder = config.decoder(); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @Test public void requestWhenCustomJwtDecoderInLambdaOnDslThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderInLambdaOnDsl.class, BasicController.class).autowire(); - CustomJwtDecoderInLambdaOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderInLambdaOnDsl.class); JwtDecoder decoder = config.decoder(); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @Test public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -729,107 +621,77 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getJwtDecoderWhenConfiguredWithDecoderAndJwkSetUriThenLastOneWins() { ApplicationContext context = mock(ApplicationContext.class); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - JwtDecoder decoder = mock(JwtDecoder.class); - jwtConfigurer.jwkSetUri(JWK_SET_URI); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); - jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - jwtConfigurer.decoder(decoder); jwtConfigurer.jwkSetUri(JWK_SET_URI); - assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class); - } @Test public void getJwtDecoderWhenConflictingJwtDecodersThenTheDslWiredOneTakesPrecedence() { - JwtDecoder decoderBean = mock(JwtDecoder.class); JwtDecoder decoder = mock(JwtDecoder.class); - ApplicationContext context = mock(ApplicationContext.class); given(context.getBean(JwtDecoder.class)).willReturn(decoderBean); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); } @Test public void getJwtDecoderWhenContextHasBeanAndUserConfiguresJwkSetUriThenJwkSetUriTakesPrecedence() { - JwtDecoder decoder = mock(JwtDecoder.class); ApplicationContext context = mock(ApplicationContext.class); given(context.getBean(JwtDecoder.class)).willReturn(decoder); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - jwtConfigurer.jwkSetUri(JWK_SET_URI); - assertThat(jwtConfigurer.getJwtDecoder()).isNotEqualTo(decoder); assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class); } @Test public void getJwtDecoderWhenTwoJwtDecoderBeansAndAnotherWiredOnDslThenDslWiredOneTakesPrecedence() { - JwtDecoder decoderBean = mock(JwtDecoder.class); JwtDecoder decoder = mock(JwtDecoder.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("decoderOne", JwtDecoder.class, () -> decoderBean); context.registerBean("decoderTwo", JwtDecoder.class, () -> decoderBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); } @Test public void getJwtDecoderWhenTwoJwtDecoderBeansThenThrowsException() { - JwtDecoder decoder = mock(JwtDecoder.class); GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("decoderOne", JwtDecoder.class, () -> decoder); context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder); - this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class); } @Test public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception { - this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); } @Test public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception { - this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped"))) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -851,100 +713,77 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception { - this.spring.register(RestOperationsConfig.class, CustomJwtValidatorConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - OAuth2TokenValidator jwtValidator = this.spring.getContext().getBean(CustomJwtValidatorConfig.class) .getJwtValidator(); - OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri"); - given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error)); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description"))); } @Test public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception { - this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()); } @Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { - this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Jwt expired at")); } @Test public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception { - this.spring.register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class, BasicController.class).autowire(); - Converter jwtAuthenticationConverter = this.spring.getContext() .getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter(); given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN); - JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()); - verify(jwtAuthenticationConverter).convert(JWT); } @Test public void requestWhenJwtAuthenticationConverterCustomizedAuthoritiesThenThoseAuthoritiesArePropagated() throws Exception { - this.spring.register(JwtDecoderConfig.class, CustomAuthorityMappingConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(JWT_TOKEN)).willReturn(JWT); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()); } @Test public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception { - this.spring.register(SingleKeyConfig.class, BasicController.class).autowire(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()); } @Test public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception { - this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongSignature"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("signature")); } @Test public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception { - this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongAlgorithm"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("algorithm")); } @@ -952,11 +791,8 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisher.class).autowire(); - given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem")); - this.mvc.perform(get("/").with(bearerToken("token"))); - verifyBean(AuthenticationEventPublisher.class) .publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class)); } @@ -964,12 +800,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenCustomJwtAuthenticationManagerThenUsed() throws Exception { this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(JWT_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @@ -977,7 +811,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectingThenOk() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @@ -987,7 +820,6 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class) .autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @@ -996,7 +828,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectionFailsThenUnauthorized() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire(); mockRestOperations(json("Inactive")); - this.mvc.perform(get("/").with(bearerToken("token"))).andExpect(status().isUnauthorized()).andExpect( header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active"))); } @@ -1005,7 +836,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire(); mockRestOperations(json("ActiveNoScopes")); - this.mvc.perform(get("/requires-read-scope").with(bearerToken("token"))).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope"))); } @@ -1013,24 +843,20 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenCustomIntrospectionAuthenticationManagerThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @Test public void getWhenCustomIntrospectionAuthenticationManagerInLambdaThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @@ -1043,26 +869,18 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() { ApplicationContext context = mock(ApplicationContext.class); - OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer( context).opaqueToken(); - OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class); - opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI); opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); opaqueTokenConfigurer.introspector(client); - assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client); - opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(context).opaqueToken(); - opaqueTokenConfigurer.introspector(client); opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI); opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); - assertThat(opaqueTokenConfigurer.getIntrospector()).isInstanceOf(NimbusOpaqueTokenIntrospector.class); - } @Test @@ -1070,65 +888,48 @@ public class OAuth2ResourceServerConfigurerTests { GenericApplicationContext context = new GenericApplicationContext(); registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class); registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class); - OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context) .opaqueToken(); opaqueToken.introspectionUri(INTROSPECTION_URI); opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); - assertThat(opaqueToken.getIntrospector()).isNotNull(); } @Test public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception { - this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); } @Test public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { - this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isUnauthorized()) .andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest() throws Exception { - this.spring .register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password"))) .andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); - this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped"))) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); @@ -1136,15 +937,12 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception { - this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password"))) .andExpect(status().isOk()).andExpect(content().string("basic-user")); } @@ -1153,12 +951,10 @@ public class OAuth2ResourceServerConfigurerTests { public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() { ApplicationContext context = mock(ApplicationContext.class); HttpSecurityBuilder http = mock(HttpSecurityBuilder.class); - OAuth2ResourceServerConfigurer oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context); AuthenticationManager authenticationManager = mock(AuthenticationManager.class); oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class)); assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager); - oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context); oauth2ResourceServer.opaqueToken().authenticationManager(authenticationManager) .introspector(mock(OpaqueTokenIntrospector.class)); @@ -1169,7 +965,6 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception { this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire(); - MockWebServer server = this.spring.getContext().getBean(MockWebServer.class); String metadata = "{\n" + " \"issuer\": \"%s\", \n" + " \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}"; @@ -1180,36 +975,28 @@ public class OAuth2ResourceServerConfigurerTests { String jwtOne = jwtFromIssuer(issuerOne); String jwtTwo = jwtFromIssuer(issuerTwo); String jwtThree = jwtFromIssuer(issuerThree); - mockWebServer(String.format(metadata, issuerOne, issuerOne)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - mockWebServer(String.format(metadata, issuerTwo, issuerTwo)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - mockWebServer(String.format(metadata, issuerThree, issuerThree)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Invalid issuer")); } @Test public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() { - assertThatCode(() -> this.spring.register(JwtlessConfig.class).autowire()) .isInstanceOf(BeanCreationException.class).hasMessageContaining("neither was found"); } @Test public void configureWhenMissingJwkSetUriThenWiringException() { - assertThatCode(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire()) .isInstanceOf(BeanCreationException.class).hasMessageContaining("No qualifying bean of type"); } @@ -1230,22 +1017,17 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() { ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class); } @Test public void getJwtAuthenticationConverterWhenConverterBeanSpecified() { JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean); } @@ -1253,14 +1035,11 @@ public class OAuth2ResourceServerConfigurerTests { public void getJwtAuthenticationConverterWhenConverterBeanAndAnotherOnTheDslThenTheDslOneIsUsed() { JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.jwtAuthenticationConverter(converter); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter); } @@ -1268,29 +1047,23 @@ public class OAuth2ResourceServerConfigurerTests { public void getJwtAuthenticationConverterWhenDuplicateConverterBeansAndAnotherOnTheDslThenTheDslOneIsUsed() { JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean); context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.jwtAuthenticationConverter(converter); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter); } @Test public void getJwtAuthenticationConverterWhenDuplicateConverterBeansThenThrowsException() { JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean); context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThatCode(jwtConfigurer::getJwtAuthenticationConverter) .isInstanceOf(NoUniqueBeanDefinitionException.class); } @@ -1947,7 +1720,6 @@ public class OAuth2ResourceServerConfigurerTests { @Override protected void configure(HttpSecurity http) throws Exception { this.jwtDecoder.setJwtValidator(this.jwtValidator); - // @formatter:off http .oauth2ResourceServer() @@ -1973,9 +1745,7 @@ public class OAuth2ResourceServerConfigurerTests { ZoneId.systemDefault()); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1)); jwtValidator.setClock(nearlyAnHourFromTokenExpiry); - this.jwtDecoder.setJwtValidator(jwtValidator); - // @formatter:off http .oauth2ResourceServer() @@ -1997,16 +1767,13 @@ public class OAuth2ResourceServerConfigurerTests { ZoneId.systemDefault()); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1)); jwtValidator.setClock(justOverOneHourAfterExpiry); - this.jwtDecoder.setJwtValidator(jwtValidator); - // @formatter:off http .oauth2ResourceServer() .jwt(); } } - @EnableWebSecurity static class SingleKeyConfig extends WebSecurityConfigurerAdapter { byte[] spec = Base64.getDecoder().decode( @@ -2017,7 +1784,6 @@ public class OAuth2ResourceServerConfigurerTests { "iZCtPzL/IffDUcfhLQteGebhW8A6eUHgpD5A1PQ+JCw/G7UOzZAjjDjtNM2eqm8j" + "+Ms/gqnm4MiCZ4E+9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1Hu" + "QwIDAQAB"); - @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off @@ -2202,7 +1968,6 @@ public class OAuth2ResourceServerConfigurerTests { String issuerTwo = this.web.url("/issuerTwo").toString(); JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( issuerOne, issuerTwo); - // @formatter:off http .oauth2ResourceServer() @@ -2367,7 +2132,6 @@ public class OAuth2ResourceServerConfigurerTests { else { request.addHeader("Authorization", "Bearer " + this.token); } - return request; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java index 66d8cf2701..e4dfd717b0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java @@ -71,7 +71,6 @@ public class OpenIDLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationFilter.class)); } @@ -79,14 +78,12 @@ public class OpenIDLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationProvider() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationProvider.class)); } @Test public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login/custom")); } @@ -94,7 +91,6 @@ public class OpenIDLoginConfigurerTests { @Test public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception { this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login/custom")); } @@ -109,18 +105,14 @@ public class OpenIDLoginConfigurerTests { given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); @@ -147,18 +139,14 @@ public class OpenIDLoginConfigurerTests { given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesNullNameConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java index 601473a3e6..1b3462112e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java @@ -169,7 +169,6 @@ public class Saml2LoginConfigurerTests { @Test public void saml2LoginWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception { this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire(); - Saml2AuthenticationRequestContext context = TestSaml2AuthenticationRequestContexts .authenticationRequestContext().build(); Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver; @@ -181,7 +180,6 @@ public class Saml2LoginConfigurerTests { @Test public void authenticationRequestWhenAuthnRequestConsumerResolverThenUses() throws Exception { this.spring.register(CustomAuthnRequestConsumerResolver.class).autowire(); - MvcResult result = this.mvc.perform(get("/saml2/authenticate/registration-id")).andReturn(); UriComponents components = UriComponentsBuilder.fromHttpUrl(result.getResponse().getRedirectedUrl()).build(); String samlRequest = components.getQueryParams().getFirst("SAMLRequest"); @@ -228,10 +226,8 @@ public class Saml2LoginConfigurerTests { // setup authentication parameters this.request.setParameter("SAMLResponse", Base64.getEncoder().encodeToString("saml2-xml-response-object".getBytes())); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -263,7 +259,6 @@ public class Saml2LoginConfigurerTests { private static AuthenticationManager getAuthenticationManagerMock(String role) { return new AuthenticationManager() { - @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!supports(authentication.getClass())) { @@ -306,7 +301,6 @@ public class Saml2LoginConfigurerTests { return provider; } }; - http.saml2Login().addObjectPostProcessor(processor); super.configure(http); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java index ec88b8feae..5c9908836c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java @@ -62,13 +62,10 @@ public class MessageSecurityMetadataSourceRegistryTests { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll(); - assertThat(getAttribute()).isNull(); - this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -77,13 +74,10 @@ public class MessageSecurityMetadataSourceRegistryTests { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher(".")); - assertThat(getAttribute()).isNull(); - this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher(".")); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -95,7 +89,6 @@ public class MessageSecurityMetadataSourceRegistryTests { @Test public void matchersFalse() { this.messages.matchers(this.matcher).permitAll(); - assertThat(getAttribute()).isNull(); } @@ -103,35 +96,30 @@ public class MessageSecurityMetadataSourceRegistryTests { public void matchersTrue() { given(this.matcher.matches(this.message)).willReturn(true); this.messages.matchers(this.matcher).permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersExact() { this.messages.simpDestMatchers("location").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersMulti() { this.messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersRole() { this.messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')"); } @Test public void simpDestMatchersAnyRole() { this.messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')"); } @@ -139,7 +127,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAuthority() { this.messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage() .fullyAuthenticated(); - assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')"); } @@ -147,7 +134,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAccess() { String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated"; this.messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo(expected); } @@ -155,56 +141,48 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAnyAuthority() { this.messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT") .anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')"); } @Test public void simpDestMatchersRememberMe() { this.messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("rememberMe"); } @Test public void simpDestMatchersAnonymous() { this.messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("anonymous"); } @Test public void simpDestMatchersFullyAuthenticated() { this.messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("fullyAuthenticated"); } @Test public void simpDestMatchersDenyAll() { this.messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpDestMessageMatchersNotMatch() { this.messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMessageMatchersMatch() { this.messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpDestSubscribeMatchersNotMatch() { this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -212,16 +190,13 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestSubscribeMatchersMatch() { this.message = MessageBuilder.fromMessage(this.message) .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build(); - this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void nullDestMatcherNotMatches() { this.messages.nullDestMatcher().denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -229,16 +204,13 @@ public class MessageSecurityMetadataSourceRegistryTests { public void nullDestMatcherMatch() { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build(); - this.messages.nullDestMatcher().denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpTypeMatchersMatch() { this.messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @@ -246,14 +218,12 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpTypeMatchersMatchMulti() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage() .permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpTypeMatchersNotMatch() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -261,7 +231,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpTypeMatchersNotMatchMulti() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage() .permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index f4024587df..683c35f2bd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -90,9 +90,7 @@ public class EnableWebFluxSecurityTests { @Test public void defaultRequiresAuthentication() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); } @@ -100,18 +98,14 @@ public class EnableWebFluxSecurityTests { @Test public void defaultMediaAllThenUnAuthorized() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").accept(MediaType.ALL).exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); } @Test public void authenticateWhenBasicThenNoSession() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - FluxExchangeResult result = client.get().headers((headers) -> headers.setBasicAuth("user", "password")) .exchange().expectStatus().isOk().returnResult(String.class); result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty())); @@ -133,7 +127,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName())); } @@ -148,7 +141,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus() .isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user")); @@ -157,7 +149,6 @@ public class EnableWebFluxSecurityTests { @Test public void requestDataValueProcessor() { this.spring.register(Config.class).autowire(); - ConfigurableApplicationContext context = this.spring.getContext(); CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME, CsrfRequestDataValueProcessor.class); @@ -174,7 +165,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus() .isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user")); @@ -184,9 +174,7 @@ public class EnableWebFluxSecurityTests { public void passwordUpdateManagerUsed() { this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").headers((h) -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk(); - ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class); assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}"); } @@ -198,7 +186,6 @@ public class EnableWebFluxSecurityTests { chain) -> Mono.subscriberContext().flatMap((c) -> c.>get(Authentication.class)).flatMap( (principal) -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - MultiValueMap data = new LinkedMultiValueMap<>(); data.add("username", "user"); data.add("password", "password"); @@ -211,9 +198,7 @@ public class EnableWebFluxSecurityTests { public void multiWorks() { this.spring.register(MultiSecurityHttpConfig.class).autowire(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/api/test").exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); - client.get().uri("/test").exchange().expectStatus().isOk(); } @@ -221,9 +206,7 @@ public class EnableWebFluxSecurityTests { @WithMockUser public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); - WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build(); - client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user"); } @@ -236,20 +219,16 @@ public class EnableWebFluxSecurityTests { @Test public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java index 4a7c033ea2..b791eba328 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java @@ -41,7 +41,6 @@ public class ServerHttpSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); - assertThat(serverHttpSecurity).isNotNull(); } @@ -50,7 +49,6 @@ public class ServerHttpSecurityConfigurationTests { this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); - assertThat(serverHttpSecurity).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java index fed6517951..43fb7fb1da 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java @@ -41,7 +41,6 @@ public class WebFluxSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); - assertThat(webFilterChainProxy).isNotNull(); } @@ -50,7 +49,6 @@ public class WebFluxSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); - assertThat(webFilterChainProxy).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java index 5b38a0668c..de09d8ec07 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java @@ -75,9 +75,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { @Test public void securityMappings() { loadConfig(WebSocketSecurityConfig.class); - clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE)); - try { clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE)); fail("Expected Exception"); @@ -140,7 +138,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { .simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4> .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5> .anyMessage().denyAll(); // <6> - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java index 4aecda3869..37a4687617 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java @@ -107,9 +107,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void simpleRegistryMappings() { loadConfig(SockJsSecurityConfig.class); - clientInboundChannel().send(message("/permitAll")); - try { clientInboundChannel().send(message("/denyAll")); fail("Expected Exception"); @@ -122,7 +120,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void annonymousSupported() { loadConfig(SockJsSecurityConfig.class); - this.messageUser = null; clientInboundChannel().send(message("/permitAll")); } @@ -131,7 +128,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void beanResolver() { loadConfig(SockJsSecurityConfig.class); - this.messageUser = null; clientInboundChannel().send(message("/beanResolver")); } @@ -139,11 +135,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsAuthenticationPrincipalResolver() { loadConfig(SockJsSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); Message message = message("/permitAll/authentication"); messageChannel.send(message); - assertThat(this.context.getBean(MyController.class).authenticationPrincipal) .isEqualTo((String) this.messageUser.getPrincipal()); } @@ -151,11 +145,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsAuthenticationPrincipalResolverWhenNoAuthorization() { loadConfig(NoInboundSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); Message message = message("/permitAll/authentication"); messageChannel.send(message); - assertThat(this.context.getBean(MyController.class).authenticationPrincipal) .isEqualTo((String) this.messageUser.getPrincipal()); } @@ -163,11 +155,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsCsrfProtectionWhenNoAuthorization() { loadConfig(NoInboundSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); - try { messageChannel.send(message); fail("Expected Exception"); @@ -180,11 +170,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void csrfProtectionForConnect() { loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); - try { messageChannel.send(message); fail("Expected Exception"); @@ -197,73 +185,57 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void csrfProtectionDisabledForConnect() { loadConfig(CsrfDisabledSockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/permitAll/connect"); MessageChannel messageChannel = clientInboundChannel(); - messageChannel.send(message); } @Test public void csrfProtectionDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); CsrfChannelInterceptor csrfChannelInterceptor = this.context.getBean(CsrfChannelInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(csrfChannelInterceptor); } @Test public void messagesConnectUseCsrfTokenHandshakeInterceptor() throws Exception { - loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = sockjsHttpRequest("/chat"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void messagesConnectUseCsrfTokenHandshakeInterceptorMultipleMappings() throws Exception { loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = sockjsHttpRequest("/other"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void messagesConnectWebSocketUseCsrfTokenHandshakeInterceptor() throws Exception { loadConfig(WebSocketSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = websocketHttpRequest("/websocket"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void msmsRegistryCustomPatternMatcher() { loadConfig(MsmsRegistryCustomPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a.b")); - try { clientInboundChannel().send(message("/app/a.b.c")); fail("Expected Exception"); @@ -276,9 +248,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void overrideMsmsRegistryCustomPatternMatcher() { loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a/b")); - try { clientInboundChannel().send(message("/app/a/b/c")); fail("Expected Exception"); @@ -291,9 +261,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void defaultPatternMatcher() { loadConfig(DefaultPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a/b")); - try { clientInboundChannel().send(message("/app/a/b/c")); fail("Expected Exception"); @@ -306,9 +274,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void customExpression() { loadConfig(CustomExpressionConfig.class); - clientInboundChannel().send(message("/denyRob")); - this.messageUser = new TestingAuthenticationToken("rob", "password", "ROLE_USER"); try { clientInboundChannel().send(message("/denyRob")); @@ -321,24 +287,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void channelSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() { - loadConfig(SockJsProxylessSecurityConfig.class); - ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class); MessageSecurityMetadataSource messageSecurityMetadataSource = this.context .getBean(MessageSecurityMetadataSource.class); - assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource); } @Test public void securityContextChannelInterceptorDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); SecurityContextChannelInterceptor securityContextChannelInterceptor = this.context .getBean(SecurityContextChannelInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()) .contains(securityContextChannelInterceptor); } @@ -346,10 +307,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void inboundChannelSecurityDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity); } @@ -377,7 +336,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket"); request.setRequestURI(mapping + "/289/tpyx6mde/websocket"); request.getSession().setAttribute(this.sessionAttr, "sessionValue"); - request.setAttribute(CsrfToken.class.getName(), this.token); return request; } @@ -423,7 +381,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -432,7 +389,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.setPathMatcher(new AntPathMatcher(".")); @@ -461,7 +417,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -471,7 +426,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.setPathMatcher(new AntPathMatcher(".")); @@ -499,7 +453,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -508,7 +461,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.enableSimpleBroker("/queue/", "/topic/"); @@ -535,7 +487,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -543,24 +494,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().access("denyRob()"); } // @formatter:on - @Bean static SecurityExpressionHandler> messageSecurityExpressionHandler() { return new DefaultMessageSecurityExpressionHandler() { - @Override protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message invocation) { return new MessageSecurityExpressionRoot(authentication, invocation) { - public boolean denyRob() { Authentication auth = getAuthentication(); return auth != null && !"rob".equals(auth.getName()); } - }; } - }; } @@ -646,7 +592,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS() .setInterceptors(new HttpSessionHandshakeInterceptor()); - registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler()).withSockJS() .setInterceptors(new HttpSessionHandshakeInterceptor()); } @@ -660,7 +605,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.enableSimpleBroker("/queue/", "/topic/"); @@ -703,7 +647,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor()); - registry.addEndpoint("/chat").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor()); } @@ -754,7 +697,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Bean public TestHandshakeHandler testHandshakeHandler() { return new TestHandshakeHandler(); @@ -787,7 +729,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Bean public TestHandshakeHandler testHandshakeHandler() { return new TestHandshakeHandler(); diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java index b688bba746..bdc4383017 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java @@ -69,13 +69,10 @@ public class AuthenticationConfigurationGh3935Tests { String username = "user"; String password = "password"; given(this.uds.loadUserByUsername(username)).willReturn(PasswordEncodedUser.user()); - AuthenticationManager authenticationManager = this.adapter.authenticationManager; assertThat(authenticationManager).isNotNull(); - Authentication auth = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(username, password)); - verify(this.uds).loadUserByUsername(username); assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java index 790bb61c2d..e47536021a 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java @@ -64,12 +64,10 @@ public class AuthenticationManagerBeanDefinitionParserTests { ConfigurableApplicationContext appContext = this.spring.context(CONTEXT).getContext(); AuthListener listener = new AuthListener(); appContext.addApplicationListener(listener); - ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0]; Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher"); assertThat(eventPublisher).isNotNull(); assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue(); - pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword")); assertThat(listener.events).hasSize(1); } @@ -99,7 +97,6 @@ public class AuthenticationManagerBeanDefinitionParserTests { + "" + " " + "" + "") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java index 42d9b70229..bfdf477d64 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java @@ -72,7 +72,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { setContext(" " + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -84,7 +83,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -95,7 +93,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -108,7 +105,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -127,7 +123,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { private AuthenticationProvider getProvider() { List providers = ((ProviderManager) this.appContext .getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders(); - return providers.get(0); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java index cf8c3eaabd..38a41e0730 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java @@ -45,9 +45,8 @@ public class JdbcUserServiceBeanDefinitionParserTests { private static String USER_CACHE_XML = ""; private static String DATA_SOURCE = " " - + " " + " " + - - " " + + " " + " " + + " " + " " + " "; private InMemoryXmlApplicationContext appContext; diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java index 226f633822..8820c19a7f 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java @@ -44,7 +44,6 @@ public class PasswordEncoderParserTests { this.spring.configLocations( "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } @@ -53,7 +52,6 @@ public class PasswordEncoderParserTests { this.spring.configLocations( "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java index 2879c6343f..b86b6f9ed8 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java @@ -120,7 +120,6 @@ public class UserServiceBeanDefinitionParserTests { public void multipleTopLevelUseWithoutIdThrowsException() { setContext("" + ""); - } @Test(expected = FatalBeanException.class) diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java index 14298cf186..49025a33c3 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java @@ -70,7 +70,6 @@ public class GrantedAuthorityDefaultsJcTests { @Before public void setup() { setup("USER"); - this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); @@ -87,22 +86,17 @@ public class GrantedAuthorityDefaultsJcTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void doFilterDenied() throws Exception { setup("DENIED"); - SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -119,14 +113,12 @@ public class GrantedAuthorityDefaultsJcTests { @Test(expected = AccessDeniedException.class) public void messageDenied() { setup("DENIED"); - this.messageService.getMessage(); } @Test(expected = AccessDeniedException.class) public void jsrMessageDenied() { setup("DENIED"); - this.messageService.getJsrMessage(); } @@ -136,9 +128,7 @@ public class GrantedAuthorityDefaultsJcTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { @@ -147,11 +137,8 @@ public class GrantedAuthorityDefaultsJcTests { assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } - }; - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.chain.getRequest()).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java index 6de129cf68..d8dad3d308 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java @@ -63,7 +63,6 @@ public class GrantedAuthorityDefaultsXmlTests { @Before public void setup() { setup("USER"); - this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); @@ -80,22 +79,17 @@ public class GrantedAuthorityDefaultsXmlTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void doFilterDenied() throws Exception { setup("DENIED"); - SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -112,14 +106,12 @@ public class GrantedAuthorityDefaultsXmlTests { @Test(expected = AccessDeniedException.class) public void messageDenied() { setup("DENIED"); - this.messageService.getMessage(); } @Test(expected = AccessDeniedException.class) public void jsrMessageDenied() { setup("DENIED"); - this.messageService.getJsrMessage(); } @@ -129,9 +121,7 @@ public class GrantedAuthorityDefaultsXmlTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { @@ -140,11 +130,8 @@ public class GrantedAuthorityDefaultsXmlTests { assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } - }; - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.chain.getRequest()).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java index 5e476818cb..223f082498 100644 --- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java +++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java @@ -52,7 +52,6 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() { this.factory.setResourceLoader(this.resourceLoader); - assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalArgumentException.class) .hasStackTraceContaining("resource cannot be null if resourceLocation is null"); } @@ -60,23 +59,19 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenPropertiesResourceLocationSingleUserThenThrowsGetsSingleUser() throws Exception { this.factory.setResourceLocation("classpath:users.properties"); - Collection users = this.factory.getObject(); - assertLoaded(); } @Test public void getObjectWhenPropertiesResourceSingleUserThenThrowsGetsSingleUser() throws Exception { this.factory.setResource(new InMemoryResource("user=password,ROLE_USER")); - assertLoaded(); } @Test public void getObjectWhenInvalidUserThenThrowsMeaningfulException() { this.factory.setResource(new InMemoryResource("user=invalidFormatHere")); - assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalStateException.class) .hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere"); } @@ -84,7 +79,6 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenStringSingleUserThenGetsSingleUser() throws Exception { this.factory = UserDetailsResourceFactoryBean.fromString("user=password,ROLE_USER"); - assertLoaded(); } diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java index 4f991d9d11..4d885e2116 100644 --- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java @@ -41,7 +41,6 @@ public class SecurityDebugBeanFactoryPostProcessorTests { this.spring.configLocations( "classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml") .autowire(); - assertThat(this.spring.getContext().getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) .isInstanceOf(DebugFilter.class); assertThat(this.spring.getContext().getBean(BeanIds.FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class); diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java index 6a6bd75181..365bcfb5b9 100644 --- a/config/src/test/java/org/springframework/security/config/doc/Element.java +++ b/config/src/test/java/org/springframework/security/config/doc/Element.java @@ -129,45 +129,33 @@ public class Element { public Collection getIds() { Collection ids = new ArrayList<>(); ids.add(getId()); - this.childElmts.values().forEach((elmt) -> ids.add(elmt.getId())); - this.attrs.forEach((attr) -> ids.add(attr.getId())); - if (!this.childElmts.isEmpty()) { ids.add(getId() + "-children"); } - if (!this.attrs.isEmpty()) { ids.add(getId() + "-attributes"); } - if (!this.parentElmts.isEmpty()) { ids.add(getId() + "-parents"); } - return ids; } public Map getAllChildElmts() { Map result = new HashMap<>(); - this.childElmts.values() .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); - result.putAll(this.childElmts); - return result; } public Map getAllParentElmts() { Map result = new HashMap<>(); - this.parentElmts.values() .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); - result.putAll(this.parentElmts); - return result; } diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java index 1181230cf0..d30bcd0025 100644 --- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java +++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java @@ -60,7 +60,6 @@ public class SpringSecurityXsdParser { */ private Map elements(XmlNode node) { Map elementNameToElement = new HashMap<>(); - node.children().forEach((child) -> { if ("element".equals(child.simpleName())) { Element e = elmt(child); @@ -70,7 +69,6 @@ public class SpringSecurityXsdParser { elementNameToElement.putAll(elements(child)); } }); - return elementNameToElement; } @@ -90,7 +88,6 @@ public class SpringSecurityXsdParser { attrs.addAll(attrs(c)); } }); - return attrs; } @@ -102,7 +99,6 @@ public class SpringSecurityXsdParser { */ private Collection attrgrps(XmlNode element) { Collection attrgrp = new ArrayList<>(); - element.children().forEach((c) -> { if (!"element".equals(c.simpleName())) { if ("attributeGroup".equals(c.simpleName())) { @@ -120,7 +116,6 @@ public class SpringSecurityXsdParser { } } }); - return attrgrp; } @@ -129,7 +124,6 @@ public class SpringSecurityXsdParser { while (!"schema".equals(root.simpleName())) { root = root.parent().get(); } - return expand(root).filter((node) -> name.equals(node.attribute("name"))).findFirst() .orElseThrow(IllegalArgumentException::new); } @@ -185,12 +179,10 @@ public class SpringSecurityXsdParser { name = name.split(":")[1]; n = findNode(n, name); } - if (this.elementNameToElement.containsKey(name)) { return this.elementNameToElement.get(name); } this.attrElmts.add(name); - Element e = new Element(); e.setName(n.attribute("name")); e.setDesc(desc(n)); @@ -199,15 +191,12 @@ public class SpringSecurityXsdParser { e.getAttrs().addAll(attrgrps(n)); e.getAttrs().forEach((attr) -> attr.setElmt(e)); e.getChildElmts().values().forEach((element) -> element.getParentElmts().put(e.getName(), e)); - String subGrpName = n.attribute("substitutionGroup"); if (!StringUtils.isEmpty(subGrpName)) { Element subGrp = elmt(findNode(n, subGrpName.split(":")[1])); subGrp.getSubGrps().add(e); } - this.elementNameToElement.put(name, e); - return e; } diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java index 173efac460..2897c63b1d 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java @@ -45,7 +45,6 @@ public class XmlNode { public Stream children() { NodeList children = this.node.getChildNodes(); - return IntStream.range(0, children.getLength()).mapToObj(children::item).map(XmlNode::new); } diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java index c7b07a8aae..218f6cc5e1 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java @@ -40,7 +40,6 @@ public class XmlParser implements AutoCloseable { try { DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); - return new XmlNode(dBuilder.parse(this.xml)); } catch (IOException | ParserConfigurationException | SAXException ex) { diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java index d83b0f3279..dc6337ec42 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java @@ -33,7 +33,6 @@ public class XmlSupport { public XmlNode parse(String location) throws IOException { ClassPathResource resource = new ClassPathResource(location); this.parser = new XmlParser(resource.getInputStream()); - return this.parser.parse(); } diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java index d07647fda1..e845eb1f89 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java +++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java @@ -68,34 +68,28 @@ public class XsdDocumentedTests { @Test public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException { XmlNode root = this.xml.parse(this.schemaDocumentLocation); - List nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty()) .filter((node) -> "simpleType".equals(node.simpleName()) && "named-security-filter".equals(node.attribute("name"))) .flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value")) .filter(StringUtils::isNotEmpty).collect(Collectors.toList()); - SecurityFiltersAssertions.assertEquals(nodes); } @Test public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException { - List expected = Arrays.asList("FIRST", "CHANNEL_FILTER", "SECURITY_CONTEXT_FILTER", "CONCURRENT_SESSION_FILTER", "LOGOUT_FILTER", "X509_FILTER", "PRE_AUTH_FILTER", "CAS_FILTER", "FORM_LOGIN_FILTER", "OPENID_FILTER", "LOGIN_PAGE_FILTER", "DIGEST_AUTH_FILTER", "BASIC_AUTH_FILTER", "REQUEST_CACHE_FILTER", "SERVLET_API_SUPPORT_FILTER", "JAAS_API_SUPPORT_FILTER", "REMEMBER_ME_FILTER", "ANONYMOUS_FILTER", "SESSION_MANAGEMENT_FILTER", "EXCEPTION_TRANSLATION_FILTER", "FILTER_SECURITY_INTERCEPTOR", "SWITCH_USER_FILTER", "LAST"); - XmlNode root = this.xml.parse(this.schema31xDocumentLocation); - List nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty()) .filter((node) -> "simpleType".equals(node.simpleName()) && "named-security-filter".equals(node.attribute("name"))) .flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value")) .filter(StringUtils::isNotEmpty).collect(Collectors.toList()); - assertThat(nodes).isEqualTo(expected); } @@ -108,11 +102,8 @@ public class XsdDocumentedTests { */ @Test public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws IOException { - ClassPathResource resource = new ClassPathResource(this.schemaDocumentLocation); - String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd")); - assertThat(schemas.length).isEqualTo(16) .withFailMessage("the count is equal to 16, if not then schemaDocument needs updating"); } @@ -125,19 +116,14 @@ public class XsdDocumentedTests { */ @Test public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded() throws IOException { - Map elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation); - List documentIds = Files.lines(Paths.get(this.referenceLocation)) .filter((line) -> line.matches("\\[\\[(nsa-.*)\\]\\]")) .map((line) -> line.substring(2, line.length() - 2)).collect(Collectors.toList()); - Set expectedIds = elementsByElementName.values().stream() .flatMap((element) -> element.getIds().stream()).collect(Collectors.toSet()); - documentIds.removeAll(this.ignoredIds); expectedIds.removeAll(this.ignoredIds); - assertThat(documentIds).containsAll(expectedIds); assertThat(expectedIds).containsAll(documentIds); } @@ -149,18 +135,14 @@ public class XsdDocumentedTests { */ @Test public void countLinksWhenReviewingDocumentationThenParentsAndChildrenAreCorrectlyLinked() throws IOException { - Map> docAttrNameToChildren = new HashMap<>(); Map> docAttrNameToParents = new HashMap<>(); - String docAttrName = null; Map> currentDocAttrNameToElmt = null; - List lines = Files.readAllLines(Paths.get(this.referenceLocation)); for (String line : lines) { if (line.matches("^\\[\\[.*\\]\\]$")) { String id = line.substring(2, line.length() - 2); - if (id.endsWith("-children")) { docAttrName = id.substring(0, id.length() - 9); currentDocAttrNameToElmt = docAttrNameToChildren; @@ -174,7 +156,6 @@ public class XsdDocumentedTests { docAttrName = null; } } - if (docAttrName != null && currentDocAttrNameToElmt != null) { String expression = "^\\* <<(nsa-.*),.*>>$"; if (line.matches(expression)) { @@ -183,25 +164,20 @@ public class XsdDocumentedTests { } } } - Map elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation); - Map> schemaAttrNameToChildren = new HashMap<>(); Map> schemaAttrNameToParents = new HashMap<>(); - elementNameToElement.entrySet().stream().forEach((entry) -> { String key = "nsa-" + entry.getKey(); if (this.ignoredIds.contains(key)) { return; } - List parentIds = entry.getValue().getAllParentElmts().values().stream() .filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId()) .sorted().collect(Collectors.toList()); if (!parentIds.isEmpty()) { schemaAttrNameToParents.put(key, parentIds); } - List childIds = entry.getValue().getAllChildElmts().values().stream() .filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId()) .sorted().collect(Collectors.toList()); @@ -209,7 +185,6 @@ public class XsdDocumentedTests { schemaAttrNameToChildren.put(key, childIds); } }); - assertThat(docAttrNameToChildren).isEqualTo(schemaAttrNameToChildren); assertThat(docAttrNameToParents).isEqualTo(schemaAttrNameToParents); } @@ -220,19 +195,15 @@ public class XsdDocumentedTests { */ @Test public void countWhenReviewingDocumentationThenAllElementsDocumented() throws IOException { - Map elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation); - String notDocElmtIds = elementNameToElement.values().stream() .filter((element) -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId())) .map((element) -> element.getId()).sorted().collect(Collectors.joining("\n")); - String notDocAttrIds = elementNameToElement.values().stream().flatMap((element) -> element.getAttrs().stream()) .filter((element) -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId())) .map((element) -> element.getId()).sorted().collect(Collectors.joining("\n")); - assertThat(notDocElmtIds).isEmpty(); assertThat(notDocAttrIds).isEmpty(); } diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java index f64d56ad3d..3535309aa8 100644 --- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java @@ -59,7 +59,6 @@ public class AccessDeniedConfigTests { @Test public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() { SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash")); - assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanCreationException.class) .hasMessageContaining("errorPage must begin with '/'"); } @@ -67,16 +66,13 @@ public class AccessDeniedConfigTests { @Test @WithMockUser public void configureWhenAccessDeniedHandlerRefThenAutowire() throws Exception { - this.spring.configLocations(this.xml("AccessDeniedHandler")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE_410)); } @Test public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() { SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef")); - assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanDefinitionParsingException.class) .hasMessageContaining("attribute error-page cannot be used together with the 'ref' attribute"); } @@ -90,7 +86,6 @@ public class AccessDeniedConfigTests { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) { - response.setStatus(HttpStatus.GONE_410); } diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java index 0f3bc46d77..f9924f0c3b 100644 --- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java @@ -90,35 +90,30 @@ public class CsrfConfigTests { @Test public void postWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void putWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void invalidWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden()) .andExpect(csrfCreated()); } @@ -126,76 +121,64 @@ public class CsrfConfigTests { @Test public void getWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(get("/csrf")).andExpect(csrfInBody()); } @Test public void headWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity()) .addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true)) .build(); - traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void optionsWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void postWhenCsrfDisabledThenRequestAllowed() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfDisabled")).autowire(); - this.mvc.perform(post("/ok")).andExpect(status().isOk()); - assertThat(getFilter(this.spring, CsrfFilter.class)).isNull(); } @Test public void postWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void putWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void patchWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void invalidWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden()) .andExpect(csrfCreated()); } @@ -203,63 +186,51 @@ public class CsrfConfigTests { @Test public void getWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(get("/csrf")).andExpect(csrfInBody()); } @Test public void headWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void traceWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity()) .addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true)) .build(); - traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void optionsWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void autowireWhenCsrfElementEnabledThenCreatesCsrfRequestDataValueProcessor() { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull(); } @Test public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception { - this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler")) .autowire(); - this.mvc.perform(post("/ok")).andExpect(status().isIAmATeapot()); } @Test public void postWhenHasCsrfTokenButSessionExpiresThenRequestIsCancelledAfterSuccessfulAuthentication() throws Exception { - this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - // simulates a request that has no authentication (e.g. session time-out) MvcResult result = this.mvc.perform(post("/authenticated").with(csrf())) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - // if the request cache is consulted, then it will redirect back to /some-url, // which we don't want this.mvc.perform( @@ -270,15 +241,11 @@ public class CsrfConfigTests { @Test public void getWhenHasCsrfTokenButSessionExpiresThenRequestIsRememeberedAfterSuccessfulAuthentication() throws Exception { - this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - // simulates a request that has no authentication (e.g. session time-out) MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("http://localhost/login")) .andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - // if the request cache is consulted, then it will redirect back to /some-url, // which we do want this.mvc.perform( @@ -292,85 +259,58 @@ public class CsrfConfigTests { @Test public void postWhenUsingCsrfAndCustomSessionManagementAndNoSessionThenStillRedirectsToInvalidSessionUrl() throws Exception { - this.spring.configLocations(this.xml("WithSessionManagement")).autowire(); - MvcResult result = this.mvc.perform(post("/ok").param("_csrf", "abc")) .andExpect(redirectedUrl("/error/sessionError")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/csrf").session(session)).andExpect(status().isForbidden()); } @Test public void requestWhenUsingCustomRequestMatcherConfiguredThenAppliesAccordingly() throws Exception { - SpringTestContext context = this.spring.configLocations(this.xml("shared-controllers"), this.xml("WithRequestMatcher"), this.xml("mock-request-matcher")); - context.autowire(); - RequestMatcher matcher = context.getContext().getBean(RequestMatcher.class); given(matcher.matches(any(HttpServletRequest.class))).willReturn(false); - this.mvc.perform(post("/ok")).andExpect(status().isOk()); - given(matcher.matches(any(HttpServletRequest.class))).willReturn(true); - this.mvc.perform(get("/ok")).andExpect(status().isForbidden()); } @Test public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/ok")).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test @WithMockUser public void postWhenCsrfMismatchesThenForbidden() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/ok")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/ok").session(session).with(csrf().useInvalidToken())).andExpect(status().isForbidden()); } @Test public void loginWhenDefaultConfigurationThenCsrfCleared() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/csrf")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andExpect(status().isFound()); - this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result)); } @Test public void logoutWhenDefaultConfigurationThenCsrfCleared() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/csrf")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/logout").session(session).with(csrf())).andExpect(status().isFound()); - this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result)); } @@ -380,30 +320,24 @@ public class CsrfConfigTests { @Test @WithMockUser public void logoutWhenDefaultConfigurationThenDisabled() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(get("/logout")).andExpect(status().isOk()); // renders form to // log out but // does not // perform a // redirect - // still logged in this.mvc.perform(get("/authenticated")).andExpect(status().isOk()); } private T getFilter(SpringTestContext context, Class type) { FilterChainProxy chain = context.getContext().getBean(FilterChainProxy.class); - List filters = chain.getFilters("/any"); - for (Filter filter : filters) { if (type.isAssignableFrom(filter.getClass())) { return (T) filter; } } - return null; } @@ -469,7 +403,6 @@ public class CsrfConfigTests { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) { - response.setStatus(HttpStatus.IM_A_TEAPOT_418); } diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index 8376784dd6..61895a4994 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -78,7 +78,6 @@ public class DefaultFilterChainValidatorTests { this.fsi); this.fcp = new FilterChainProxy(securityChain); this.validator = new DefaultFilterChainValidator(); - ReflectionTestUtils.setField(this.validator, "logger", this.logger); } @@ -101,9 +100,7 @@ public class DefaultFilterChainValidatorTests { FilterInvocationSecurityMetadataSource customMetaDataSource = mock( FilterInvocationSecurityMetadataSource.class); this.fsi.setSecurityMetadataSource(customMetaDataSource); - this.validator.validate(this.fcp); - verify(customMetaDataSource).getAttributes(any()); } diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java index f6f1cadeb2..ae8f77e96c 100644 --- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java @@ -73,7 +73,6 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { setContext("" + " " + ""); - ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext .getBean("fids"); ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")) @@ -122,9 +121,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.setRequestURI(null); request.setMethod(method); - request.setServletPath(path); - return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain()); } diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java index fcfe8904df..dcde29317a 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java @@ -50,9 +50,7 @@ public class FormLoginBeanDefinitionParserTests { @Test public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -71,23 +69,18 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void getLogoutWhenAutoConfigThenShowsDefaultLogoutPage() throws Exception { - this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(get("/logout")).andExpect(content().string(containsString("action=\"/logout\""))); } @Test public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithCustomAttributes")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -106,17 +99,13 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); - this.mvc.perform(get("/logout")).andExpect(status().is3xxRedirection()); } @Test public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithOpenId")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -142,15 +131,12 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithOpenIdCustomAttributes")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -176,15 +162,12 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationFailureForwardUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "bob").param("password", "invalidpassword")) .andExpect(status().isOk()).andExpect(forwardedUrl("/failure_forward_url")) .andExpect(request().attribute(WebAttributes.AUTHENTICATION_EXCEPTION, not(nullValue()))); @@ -192,9 +175,7 @@ public class FormLoginBeanDefinitionParserTests { @Test public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationSuccessForwardUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isOk()).andExpect(forwardedUrl("/success_forward_url")); } diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java index 7e55dde548..faa60c2bc5 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java @@ -66,66 +66,51 @@ public class FormLoginConfigTests { @Test public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage() throws Exception { - this.spring.configLocations(this.xml("WithAntRequestMatcher")).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); } @Test public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithDefaultTargetUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/default")); } @Test public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly() throws Exception { - this.spring.configLocations(this.xml("UsingSpel")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default")); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure")); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login")); } @Test public void autowireWhenLoginPageIsMisconfiguredThenDetects() { - assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire()) .isInstanceOf(BeanCreationException.class); } @Test public void autowireWhenDefaultTargetUrlIsMisconfiguredThenDetects() { - assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire()) .isInstanceOf(BeanCreationException.class); } @Test public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithSuccessAndFailureHandlers")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isIAmATeapot()); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(status().isIAmATeapot()); } @Test public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds() throws Exception { - this.spring.configLocations(this.xml("WithUsernameAndPasswordParameters")).autowire(); - this.mvc.perform(post("/login").param("xname", "user").param("xpass", "password").with(csrf())) .andExpect(redirectedUrl("/")); } @@ -136,28 +121,21 @@ public class FormLoginConfigTests { @Test public void autowireWhenCustomLoginPageIsSlashLoginThenNoDefaultLoginPageGeneratingFilterIsWired() throws Exception { - this.spring.configLocations(this.xml("ForSec2919")).autowire(); - this.mvc.perform(get("/login")).andExpect(content().string("teapot")); - assertThat(getFilter(this.spring.getContext(), DefaultLoginPageGeneratingFilter.class)).isNull(); } @Test public void authenticateWhenCsrfIsEnabledThenRequiresToken() throws Exception { - this.spring.configLocations(this.xml("WithCsrfEnabled")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isForbidden()); } @Test public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken() throws Exception { - this.spring.configLocations(this.xml("WithCsrfDisabled")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isFound()); } @@ -169,24 +147,19 @@ public class FormLoginConfigTests { @Test public void authenticateWhenLoginPageIsSlashLoginAndAuthenticationFailsThenRedirectContainsErrorParameter() throws Exception { - this.spring.configLocations(this.xml("ForSec3147")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(redirectedUrl("/login?error")); } private Filter getFilter(ApplicationContext context, Class filterClass) { FilterChainProxy filterChain = context.getBean(BeanIds.FILTER_CHAIN_PROXY, FilterChainProxy.class); - List filters = filterChain.getFilters("/any"); - for (Filter filter : filters) { if (filter.getClass() == filterClass) { return filter; } } - return null; } @@ -210,14 +183,12 @@ public class FormLoginConfigTests { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) { - response.setStatus(HttpStatus.I_AM_A_TEAPOT.value()); } @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { - response.setStatus(HttpStatus.I_AM_A_TEAPOT.value()); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java index e0eacfd369..d3de9aab8d 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java @@ -51,25 +51,18 @@ public class HttpConfigTests { @Test public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() throws Exception { - this.spring.configLocations(this.xml("Minimal")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); } @Test public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter() throws Exception { - this.spring.configLocations(this.xml("Minimal")).autowire(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java index 3809b4f5a1..6f3b20db83 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java @@ -66,36 +66,27 @@ public class HttpCorsConfigTests { @Test public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCors")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @Test public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCorsConfigurationSource")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @Test public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCorsFilter")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @@ -115,12 +106,10 @@ public class HttpCorsConfigTests { private RequestPostProcessor cors(boolean preflight) { return (request) -> { request.addHeader(HttpHeaders.ORIGIN, "https://example.com"); - if (preflight) { request.setMethod(HttpMethod.OPTIONS.name()); request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()); } - return request; }; } @@ -149,7 +138,6 @@ public class HttpCorsConfigTests { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name())); - super.registerCorsConfiguration("/**", configuration); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java index ef52dec747..da112ae731 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java @@ -51,7 +51,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class HttpHeadersConfigTests { private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpHeadersConfigTests"; - static final Map defaultHeaders = ImmutableMap.builder() .put("X-Content-Type-Options", "nosniff").put("X-Frame-Options", "DENY") .put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains") @@ -66,39 +65,28 @@ public class HttpHeadersConfigTests { @Test public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("HeadersDisabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.disabled", "true"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.disabled", "false"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception { - System.clearProperty("security.headers.disabled"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @@ -111,28 +99,21 @@ public class HttpHeadersConfigTests { @Test public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("DefaultConfig")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("HeadersEnabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenFrameOptionsConfiguredThenIncludesHeader() throws Exception { - Map headers = new HashMap(defaultHeaders); headers.put("X-Frame-Options", "SAMEORIGIN"); - this.spring.configLocations(this.xml("WithFrameOptions")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers)); } @@ -141,86 +122,63 @@ public class HttpHeadersConfigTests { */ @Test public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithNoOverride")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.defaults.disabled", "true"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders() throws Exception { - System.setProperty("security.headers.defaults.disabled", "false"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders() throws Exception { - System.clearProperty("security.headers.defaults.disabled"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenUsingContentTypeOptionsThenDefaultsToNoSniff() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Content-Type-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithContentTypeOptions")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Content-Type-Options", "nosniff")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsThenDefaultsToDeny() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptions")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsDenyThenRespondsWithDeny() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsDeny")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsSameOriginThenRespondsWithSameOrigin() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsSameOrigin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "SAMEORIGIN")).andExpect(excludes(excludedHeaders)); } @@ -249,12 +207,9 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingFrameOptionsAllowFromThenRespondsWithAllowFrom() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFrom")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org")) .andExpect(excludes(excludedHeaders)); @@ -262,34 +217,26 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingFrameOptionsAllowFromWhitelistThenRespondsWithAllowFrom() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromWhitelist")).autowire(); - this.mvc.perform(get("/").param("from", "https://example.org")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org")) .andExpect(excludes(excludedHeaders)); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeader")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("a", "b")) .andExpect(header().string("c", "d")).andExpect(excludesDefaults()); } @Test public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeaderWriter")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("abc", "def")) .andExpect(excludesDefaults()); } @@ -309,36 +256,27 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingXssProtectionThenDefaultsToModeBlock() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtection")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenEnablingXssProtectionThenDefaultsToModeBlock() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionEnabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenDisablingXssProtectionThenDefaultsToZero() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-XSS-Protection", "0")) .andExpect(excludes(excludedHeaders)); } @@ -353,24 +291,18 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders() throws Exception { - Map includedHeaders = ImmutableMap.builder() .put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0") .put("Pragma", "no-cache").build(); - this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenUsingHstsThenRespondsWithHstsHeader() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("Strict-Transport-Security"); - this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) .andExpect(excludes(excludedHeaders)); @@ -378,20 +310,15 @@ public class HttpHeadersConfigTests { @Test public void insecureRequestWhenUsingHstsThenExcludesHstsHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void insecureRequestWhenUsingCustomHstsRequestMatcherThenIncludesHstsHeader() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("Strict-Transport-Security"); - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHstsRequestMatcher")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("Strict-Transport-Security", "max-age=1")) .andExpect(excludes(excludedHeaders)); @@ -414,7 +341,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpThenIncludesHpkpHeader() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkp")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -424,7 +350,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -434,7 +359,6 @@ public class HttpHeadersConfigTests { @Test public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().doesNotExist("Public-Key-Pins-Report-Only")).andExpect(excludesDefaults()); } @@ -442,7 +366,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpMaxAge")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -452,7 +375,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReport")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -462,7 +384,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpIncludeSubdomains")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string( "Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains")) @@ -472,7 +393,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReportUri")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string( "Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -481,68 +401,51 @@ public class HttpHeadersConfigTests { @Test public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception { - Collection cacheControl = Arrays.asList("Cache-Control", "Expires", "Pragma"); Map allButCacheControl = remove(defaultHeaders, cacheControl); - this.spring.configLocations(this.xml("CacheControlDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButCacheControl)) .andExpect(excludes(cacheControl)); } @Test public void requestWhenContentTypeOptionsDisabledThenExcludesHeader() throws Exception { - Collection contentTypeOptions = Arrays.asList("X-Content-Type-Options"); Map allButContentTypeOptions = remove(defaultHeaders, contentTypeOptions); - this.spring.configLocations(this.xml("ContentTypeOptionsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButContentTypeOptions)) .andExpect(excludes(contentTypeOptions)); } @Test public void requestWhenHstsDisabledThenExcludesHeader() throws Exception { - Collection hsts = Arrays.asList("Strict-Transport-Security"); Map allButHsts = remove(defaultHeaders, hsts); - this.spring.configLocations(this.xml("HstsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButHsts)) .andExpect(excludes(hsts)); } @Test public void requestWhenHpkpDisabledThenExcludesHeader() throws Exception { - this.spring.configLocations(this.xml("HpkpDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenFrameOptionsDisabledThenExcludesHeader() throws Exception { - Collection frameOptions = Arrays.asList("X-Frame-Options"); Map allButFrameOptions = remove(defaultHeaders, frameOptions); - this.spring.configLocations(this.xml("FrameOptionsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButFrameOptions)) .andExpect(excludes(frameOptions)); } @Test public void requestWhenXssProtectionDisabledThenExcludesHeader() throws Exception { - Collection xssProtection = Arrays.asList("X-XSS-Protection"); Map allButXssProtection = remove(defaultHeaders, xssProtection); - this.spring.configLocations(this.xml("XssProtectionDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButXssProtection)) .andExpect(excludes(xssProtection)); } @@ -589,29 +492,22 @@ public class HttpHeadersConfigTests { @Test public void requestWhenContentSecurityPolicyDirectivesConfiguredThenIncludesDirectives() throws Exception { - Map includedHeaders = new HashMap<>(defaultHeaders); includedHeaders.put("Content-Security-Policy", "default-src 'self'"); - this.spring.configLocations(this.xml("ContentSecurityPolicyWithPolicyDirectives")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader() throws Exception { - this.spring.configLocations(this.xml("HeadersDisabledWithContentSecurityPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(excludes("Content-Security-Policy")); } @Test public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithContentSecurityPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Content-Security-Policy", "default-src 'self'")); } @@ -626,30 +522,23 @@ public class HttpHeadersConfigTests { @Test public void requestWhenContentSecurityPolicyConfiguredWithReportOnlyThenIncludesReportOnlyHeader() throws Exception { - Map includedHeaders = new HashMap<>(defaultHeaders); includedHeaders.put("Content-Security-Policy-Report-Only", "default-src https:; report-uri https://example.org/"); - this.spring.configLocations(this.xml("ContentSecurityPolicyWithReportOnly")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Referrer-Policy", "no-referrer")); } @Test public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicySameOrigin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Referrer-Policy", "same-origin")); } @@ -684,11 +573,9 @@ public class HttpHeadersConfigTests { private static Map remove(Map map, Collection keys) { Map copy = new HashMap<>(map); - for (K key : keys) { copy.remove(key); } - return copy; } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java index 614c072d60..671a392dae 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java @@ -48,11 +48,8 @@ public class HttpInterceptUrlTests { @Test public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception { loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml"); - this.mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized()); - this.mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized()); - this.mockMvc.perform(get("/other")).andExpect(status().isOk()); } @@ -65,9 +62,7 @@ public class HttpInterceptUrlTests { context.setServletContext(new MockServletContext()); context.refresh(); this.context = context; - context.getAutowireCapableBeanFactory().autowireBean(this); - Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class); this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain) .build(); diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java index 07b4708f9e..1b7d40c339 100644 --- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java @@ -64,11 +64,8 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority() throws Exception { - this.spring.configLocations(this.xml("Sec2256")).autowire(); - this.mvc.perform(post("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); } @@ -77,24 +74,16 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("PatchMethod")).autowire(); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(patch("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(patch("/path").with(httpBasic("admin", "password"))).andExpect(status().isOk()); - } @Test public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("HasAnyRole")).autowire(); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path").with(httpBasic("admin", "password"))).andExpect(status().isForbidden()); } @@ -103,14 +92,10 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("PathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -119,14 +104,10 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("CamelCasePathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -135,55 +116,37 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("TypeConversionPathVariables")).autowire(); - this.mvc.perform(get("/path/1/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/2/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - } @Test public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchers")).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/path.html")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/path/")).andExpect(status().isUnauthorized()); } @Test public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchersPathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @Test public void requestWhenUsingMvcMatchersAndServletPathThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchersServletPath")).autowire(); - MockServletContext servletContext = mockServletContext("/spring"); ConfigurableWebApplicationContext context = this.spring.getContext(); context.setServletContext(servletContext); - this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/spring/path.html").servletPath("/spring")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/spring/path/").servletPath("/spring")).andExpect(status().isUnauthorized()); - } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java index 56c9106964..1438a39056 100644 --- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java @@ -161,41 +161,29 @@ public class MiscHttpConfigTests { @Test public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk() throws Exception { - this.spring.configLocations(xml("NoSecurityForPattern")).autowire(); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); - this.mvc.perform(get("/nomatch")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("RegexSecurityPattern")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire(); - this.mvc.perform(get("/ProTectEd")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/UnProTectEd")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("CustomRequestMatcher")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); } @@ -204,94 +192,64 @@ public class MiscHttpConfigTests { */ @Test public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints() throws Exception { - this.spring.configLocations(xml("AnonymousEndpoints")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); - assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull(); } @Test public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception { - this.spring.configLocations(xml("AnonymousDisabled")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isUnauthorized()); - assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull(); } @Test public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes() throws Exception { - this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh")); - this.mvc.perform(get("/customKey")).andExpect(status().isOk()) .andExpect(content().string(String.valueOf("myCustomKey".hashCode()))); } @Test public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes() throws Exception { - this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh")); - this.mvc.perform(get("/customKey")).andExpect(status().isOk()) .andExpect(content().string(String.valueOf("myCustomKey".hashCode()))); } @Test public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethod")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(post("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(post("/protected").with(httpBasic("poster", "password"))).andExpect(status().isOk()); - this.mvc.perform(delete("/protected").with(httpBasic("poster", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(delete("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk()); } @Test public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire(); - this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password"))) .andExpect(status().isOk()); } @Test public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire(); - this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password"))) .andExpect(status().isOk()); } @@ -299,20 +257,15 @@ public class MiscHttpConfigTests { @Test public void configureWhenOncePerRequestIsFalseThenFilterSecurityInterceptorExercisedForForwards() { this.spring.configLocations(xml("OncePerRequest")).autowire(); - FilterSecurityInterceptor filterSecurityInterceptor = getFilter(FilterSecurityInterceptor.class); assertThat(filterSecurityInterceptor.isObserveOncePerRequest()).isFalse(); } @Test public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence() throws Exception { - this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire(); - AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class); - this.mvc.perform(get("/protected")).andExpect(status().isOk()); - verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -326,7 +279,6 @@ public class MiscHttpConfigTests { @Test public void getWhenPortsMappedThenRedirectedAccordingly() throws Exception { this.spring.configLocations(xml("PortsMappedInterceptUrlMethodRequiresAny")).autowire(); - this.mvc.perform(get("http://localhost:9080/protected")) .andExpect(redirectedUrl("https://localhost:9443/protected")); } @@ -335,11 +287,8 @@ public class MiscHttpConfigTests { public void configureWhenCustomFiltersThenAddedToChainInCorrectOrder() { System.setProperty("customFilterRef", "userFilter"); this.spring.configLocations(xml("CustomFilters")).autowire(); - List filters = getFilters("/"); - Class userFilterClass = this.spring.getContext().getBean("userFilter").getClass(); - assertThat(filters).extracting((Extractor>) (filter) -> filter.getClass()).containsSubsequence( userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class, userFilterClass); @@ -354,7 +303,6 @@ public class MiscHttpConfigTests { @Test public void configureWhenUsingX509ThenAddsX509FilterCorrectly() { this.spring.configLocations(xml("X509")).autowire(); - assertThat(getFilters("/")).extracting((Extractor>) (filter) -> filter.getClass()) .containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class, ExceptionTranslationFilter.class); @@ -364,7 +312,6 @@ public class MiscHttpConfigTests { public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception { System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)"); this.spring.configLocations(xml("X509")).autowire(); - this.mvc.perform(get("/protected") .with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem"))) .andExpect(status().isOk()); @@ -379,9 +326,7 @@ public class MiscHttpConfigTests { @Test public void logoutWhenSpecifyingCookiesToDeleteThenSetCookieAdded() throws Exception { this.spring.configLocations(xml("DeleteCookies")).autowire(); - MvcResult result = this.mvc.perform(post("/logout").with(csrf())).andReturn(); - List values = result.getResponse().getHeaders("Set-Cookie"); assertThat(values.size()).isEqualTo(2); assertThat(values).extracting((value) -> value.split("=")[0]).contains("JSESSIONID", "mycookie"); @@ -390,29 +335,22 @@ public class MiscHttpConfigTests { @Test public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception { this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/logoutSuccessEndpoint")); } @Test public void getWhenUnauthenticatedThenUsesConfiguredRequestCache() throws Exception { this.spring.configLocations(xml("RequestCache")).autowire(); - RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); - this.mvc.perform(get("/")); - verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test public void getWhenUnauthenticatedThenUsesConfiguredAuthenticationEntryPoint() throws Exception { this.spring.configLocations(xml("EntryPoint")).autowire(); - AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class); - this.mvc.perform(get("/")); - verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -426,38 +364,29 @@ public class MiscHttpConfigTests { @Test public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() { this.spring.configLocations(xml("Sec750")).autowire(); - BeanNameCollectingPostProcessor postProcessor = this.spring.getContext() .getBean(BeanNameCollectingPostProcessor.class); - assertThat(postProcessor.getBeforeInitPostProcessedBeans()).contains("authenticationProvider", "userService"); assertThat(postProcessor.getAfterInitPostProcessedBeans()).contains("authenticationProvider", "userService"); - } /* SEC-934 */ @Test public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception { this.spring.configLocations(xml("Sec934")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isForbidden()); } @Test public void getWhenAuthenticatingThenConsultsCustomSecurityContextRepository() throws Exception { this.spring.configLocations(xml("SecurityContextRepository")).autowire(); - SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class); SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password")); given(repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(context); - MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - verify(repository, atLeastOnce()).saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -465,25 +394,18 @@ public class MiscHttpConfigTests { @Test public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("InterceptUrlExpressions")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - } @Test public void getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("ExpressionHandler")).autowire(); - PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class); given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class))) .willReturn(false); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class)); } @@ -491,26 +413,19 @@ public class MiscHttpConfigTests { public void configureWhenProtectingLoginPageThenWarningLogged() { ByteArrayOutputStream baos = new ByteArrayOutputStream(); redirectLogsTo(baos, DefaultFilterChainValidator.class); - this.spring.configLocations(xml("ProtectedLoginPage")).autowire(); - assertThat(baos.toString()).contains("[WARN]"); } @Test public void configureWhenUsingDisableUrlRewritingThenRedirectIsNotEncodedByResponse() throws IOException, ServletException { - this.spring.configLocations(xml("DisableUrlRewriting")).autowire(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @@ -520,11 +435,9 @@ public class MiscHttpConfigTests { assertThatCode( () -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire()) .isInstanceOf(BeansException.class); - try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) { parent.setConfigLocations(MiscHttpConfigTests.xml("AutoConfig")); parent.refresh(); - try (XmlWebApplicationContext child = new XmlWebApplicationContext()) { child.setParent(parent); child.setConfigLocation(MiscHttpConfigTests.xml("MissingUserDetailsService")); @@ -536,9 +449,7 @@ public class MiscHttpConfigTests { @Test public void loginWhenConfiguredWithNoInternalAuthenticationProvidersThenSuccessfullyAuthenticates() throws Exception { - this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); } @@ -546,16 +457,13 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception { this.spring.configLocations(xml("HttpBasic")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("")); } @Test public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("")); } @@ -565,28 +473,22 @@ public class MiscHttpConfigTests { @Test public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password")); } @Test public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password")); } @Test public void loginWhenJeeFilterThenExtractsRoles() throws Exception { this.spring.configLocations(xml("JeeFilter")).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - this.mvc.perform(get("/roles").principal(user).with((request) -> { request.addUserRole("admin"); request.addUserRole("user"); @@ -598,26 +500,19 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingCustomAuthenticationDetailsSourceRefThenAuthenticationSourcesDetailsAccordingly() throws Exception { - this.spring.configLocations(xml("CustomAuthenticationDetailsSourceRef")).autowire(); - Object details = mock(Object.class); AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class); given(source.buildDetails(any(Object.class))).willReturn(details); - this.mvc.perform(get("/details").with(httpBasic("user", "password"))) .andExpect(content().string(details.getClass().getName())); - this.mvc.perform(get("/details") .with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem"))) .andExpect(content().string(details.getClass().getName())); - MockHttpSession session = (MockHttpSession) this.mvc .perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andReturn().getRequest().getSession(false); - this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName())); - assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class), "authenticationDetailsSource")).isEqualTo(source); } @@ -625,29 +520,24 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingJaasApiProvisionThenJaasSubjectContainsUsername() throws Exception { this.spring.configLocations(xml("Jaas")).autowire(); - AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class); given(granter.grant(any(Principal.class))).willReturn(new HashSet<>(Arrays.asList("USER"))); - this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user")); } @Test public void getWhenUsingCustomHttpFirewallThenFirewallIsInvoked() throws Exception { this.spring.configLocations(xml("HttpFirewall")).autowire(); - FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) { @Override public void reset() { } }; HttpServletResponse response = new MockHttpServletResponse(); - HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class); given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willReturn(request); given(firewall.getFirewalledResponse(any(HttpServletResponse.class))).willReturn(response); this.mvc.perform(get("/unprotected")); - verify(firewall).getFirewalledRequest(any(HttpServletRequest.class)); verify(firewall).getFirewalledResponse(any(HttpServletResponse.class)); } @@ -655,22 +545,18 @@ public class MiscHttpConfigTests { @Test public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception { this.spring.configLocations(xml("RequestRejectedHandler")).autowire(); - HttpServletResponse response = new MockHttpServletResponse(); - RequestRejectedException rejected = new RequestRejectedException("failed"); HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class); RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class); given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected); this.mvc.perform(get("/unprotected")); - verify(requestRejectedHandler).handle(any(), any(), any()); } @Test public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire(); - this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -680,16 +566,13 @@ public class MiscHttpConfigTests { @Test public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception { this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected")) .andExpect(redirectedUrl("https://localhost:9443/login")).andReturn().getRequest().getSession(false); - session = (MockHttpSession) this.mvc .perform(post("/login").param("username", "user").param("password", "password").session(session) .with(csrf())) .andExpect(redirectedUrl("https://localhost:9443/protected")).andReturn().getRequest() .getSession(false); - this.mvc.perform(get("http://localhost:9080/protected").session(session)) .andExpect(redirectedUrl("https://localhost:9443/protected")); } @@ -715,7 +598,6 @@ public class MiscHttpConfigTests { private void assertThatFiltersMatchExpectedAutoConfigList(String url) { Iterator filters = getFilters(url).iterator(); - assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class); assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class); assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class); @@ -768,11 +650,9 @@ public class MiscHttpConfigTests { @GetMapping("/customKey") String customKey() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication != null && authentication instanceof AnonymousAuthenticationToken) { return String.valueOf(((AnonymousAuthenticationToken) authentication).getKeyHash()); } - return null; } diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java index dd3fb990e3..4c19f1d5d2 100644 --- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java @@ -52,12 +52,9 @@ public class MultiHttpBlockConfigTests { @Test public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly() throws Exception { - this.spring.configLocations(this.xml("DistinctHttpElements")).autowire(); - this.mvc.perform(MockMvcRequestBuilders.get("/first").with(httpBasic("user", "password"))) .andExpect(status().isOk()); - this.mvc.perform(post("/second/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -80,11 +77,8 @@ public class MultiHttpBlockConfigTests { @Test public void requestWhenTargettingAuthenticationManagersToCorrespondingHttpElementsThenAuthenticationProceeds() throws Exception { - this.spring.configLocations(this.xml("Sec1937")).autowire(); - this.mvc.perform(get("/first").with(httpBasic("first", "password")).with(csrf())).andExpect(status().isOk()); - this.mvc.perform(post("/second/login").param("username", "second").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/")); } diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java index 028ccf8f6a..166757825d 100644 --- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java +++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java @@ -88,12 +88,9 @@ public class NamespaceHttpBasicTests { " "); // @formatter:on - this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8"))); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -108,9 +105,7 @@ public class NamespaceHttpBasicTests { "\n" + " "); // @formatter:on - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\""); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java index 0b0842641d..a6ade1e729 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java @@ -100,7 +100,6 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenAuthorizeThenRedirect() throws Exception { this.spring.configLocations(xml("Minimal")).autowire(); - MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andReturn(); assertThat(result.getResponse().getRedirectedUrl()).matches( @@ -111,58 +110,46 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception { this.spring.configLocations(xml("CustomClientRegistrationRepository")).autowire(); - ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google") .clientId("google-client-id").clientSecret("google-client-secret") .redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andReturn(); assertThat(result.getResponse().getRedirectedUrl()).matches( "https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&" + "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google"); - verify(this.clientRegistrationRepository).findByRegistrationId(any()); } @Test public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception { this.spring.configLocations(xml("CustomConfiguration")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestResolver.resolve(any())).willReturn(authorizationRequest); - this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?" + "response_type=code&client_id=google-client-id&" + "scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google")); - verify(this.authorizationRequestResolver).resolve(any()); } @Test public void requestWhenAuthorizationResponseMatchThenProcess() throws Exception { this.spring.configLocations(xml("CustomConfiguration")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri())); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(), @@ -176,23 +163,18 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception { this.spring.configLocations(xml("CustomAuthorizedClientService")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri())); - verify(this.authorizedClientService).saveAuthorizedClient(any(), any()); } @@ -200,13 +182,10 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception { this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient); - this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved")); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java index 190fd7e704..50e77f770c 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java @@ -144,9 +144,7 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration")).autowire(); - MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn(); - assertThat(result.getResponse().getContentAsString()) .contains("Google"); assertThat(result.getResponse().getContentAsString()) @@ -157,10 +155,8 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login")); - verify(this.requestCache).saveRequest(any(), any()); } @@ -169,7 +165,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -179,7 +174,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -188,12 +182,10 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenAuthorizationRequestNotFoundThenThrowAuthenticationException() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationFailureHandler")) .autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", "state123"); this.mvc.perform(get("/login/oauth2/code/google").params(params)); - ArgumentCaptor exceptionCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture()); @@ -206,25 +198,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizationResponseValidThenAuthenticate() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -235,25 +222,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizationResponseValidThenAuthenticationSuccessEventPublished() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)); - verify(this.authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class)); } @@ -261,27 +243,22 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenOidcAuthenticationResponseValidThenJwtDecoderFactoryCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler")) .autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse() .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("/")); - verify(this.jwtDecoderFactory).createDecoder(any()); verify(this.requestCache).getRequest(any(), any()); } @@ -290,28 +267,22 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomGrantedAuthoritiesMapperThenCalled() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomGrantedAuthorities")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - given(this.userAuthoritiesMapper.mapAuthorities(any())) .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER")); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -319,25 +290,19 @@ public class OAuth2LoginBeanDefinitionParserTests { assertThat(authentication.getAuthorities()).hasSize(1); assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class) .hasToString("ROLE_OAUTH2_USER"); - // re-setup for OIDC test attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); - given(this.userAuthoritiesMapper.mapAuthorities(any())) .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER")); - this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful()); - authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); @@ -352,25 +317,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomLoginProcessingUrlThenProcessAuthentication() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomLoginProcessingUrl")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -382,9 +342,7 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver")) .autowire(); - this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection()); - verify(this.authorizationRequestResolver).resolve(any()); } @@ -392,7 +350,6 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -400,7 +357,6 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/custom-login")); } @@ -410,7 +366,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndFormLoginConfiguredThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -418,84 +373,66 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomClientRegistrationRepository")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId()); } @Test public void requestWhenCustomAuthorizedClientRepositoryThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomAuthorizedClientRepository")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any()); } @Test public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomAuthorizedClientService")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.authorizedClientService).saveAuthorizedClient(any(), any()); } @@ -503,13 +440,10 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception { this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient); - this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved")); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java index aa233653b1..9ba660ea3a 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java @@ -138,7 +138,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @@ -147,59 +146,48 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void getWhenExpiredBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenBadJwkEndpointThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations("malformed"); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUnavailableJwkEndpointThenInvalidToken() throws Exception { - this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire(); this.web.shutdown(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenMalformedBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/").header("Authorization", "Bearer an\"invalid\"token")) .andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Bearer token is malformed")); } @Test public void getWhenMalformedPayloadThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("MalformedPayload"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect( invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload")); @@ -207,30 +195,24 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenUnsignedBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); String token = this.token("Unsigned"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Unsupported algorithm of none")); } @Test public void getWhenBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); this.mockRestOperations(jwks("Default")); String token = this.token("TooEarly"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenBearerTokenInTwoPlacesThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/").header("Authorization", "Bearer token").param("access_token", "token")) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); @@ -238,22 +220,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenBearerTokenInTwoParametersThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("access_token", "token1"); params.add("access_token", "token2"); - this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); } @Test public void postWhenBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(post("/") // engage csrf .param("access_token", "token")).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different @@ -263,95 +240,77 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenNoBearerTokenThenUnauthorized() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @Test public void getWhenSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void getWhenInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isForbidden()).andExpect(insufficientScopeHeader()); } @Test public void getWhenInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isForbidden()).andExpect(insufficientScopeHeader()); } @Test public void getWhenAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Empty")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void getWhenKeyMatchesByKidThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("Kid"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void postWhenNoBearerTokenThenCsrfDenies() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different // from @@ -360,11 +319,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void postWhenExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); @@ -372,49 +329,37 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenJwtThenSessionIsNotCreated() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenIntrospectionThenSessionIsNotCreated() throws Exception { - this.spring.configLocations(xml("WebServer"), xml("IntrospectionUri")).autowire(); mockWebServer(json("Active")); - MvcResult result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenNoBearerTokenThenSessionIsCreated() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenSessionManagementConfiguredThenUses() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("AlwaysSessionCreation")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @@ -422,15 +367,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenCustomBearerTokenResolverThenUses() throws Exception { this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver")) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode("token")).willReturn(TestJwts.jwt().build()); - BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class); given(bearerTokenResolver.resolve(any(HttpServletRequest.class))).willReturn("token"); - this.mvc.perform(get("/")).andExpect(status().isNotFound()); - verify(decoder).decode("token"); verify(bearerTokenResolver).resolve(any(HttpServletRequest.class)); } @@ -438,41 +379,30 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - this.mvc.perform(post("/authenticated").param("access_token", "token")).andExpect(status().isNotFound()); } @Test public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - this.mvc.perform(get("/authenticated").param("access_token", "token")).andExpect(status().isNotFound()); - verify(decoder, times(2)).decode("token"); } @Test public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire(); - this.mvc.perform(post("/authenticated").param("access_token", "token").header("Authorization", "Bearer token") .with(csrf())).andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -481,9 +411,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire(); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token").param("access_token", "token")) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -493,22 +421,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() { OAuth2ResourceServerBeanDefinitionParser oauth2 = new OAuth2ResourceServerBeanDefinitionParser( mock(BeanReference.class), mock(List.class), mock(Map.class), mock(Map.class), mock(List.class)); - assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class); } @Test public void requestWhenCustomJwtDecoderThenUsed() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("Jwt")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); - given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - verify(decoder).decode("token"); } @@ -520,12 +442,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AuthenticationEntryPoint")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); Mockito.when(decoder.decode(anyString())).thenThrow(JwtException.class); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token")) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -533,12 +452,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped")) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -546,86 +462,66 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception { - this.spring.configLocations(xml("MockJwtValidator"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - OAuth2TokenValidator jwtValidator = this.spring.getContext().getBean(OAuth2TokenValidator.class); - OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri"); - given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error)); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description"))); } @Test public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception { - this.spring.configLocations(xml("UnexpiredJwtClockSkew"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { - this.spring.configLocations(xml("ExpiredJwtClockSkew"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Jwt expired at")); } @Test public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), xml("JwtAuthenticationConverter")).autowire(); - Converter jwtAuthenticationConverter = (Converter) this.spring .getContext().getBean("jwtAuthenticationConverter"); given(jwtAuthenticationConverter.convert(any(Jwt.class))) .willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); - JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound()); - verify(jwtAuthenticationConverter).convert(any(Jwt.class)); } @Test public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("WrongSignature"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(invalidTokenHeader("signature")); } @Test public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("WrongAlgorithm"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(invalidTokenHeader("algorithm")); } @@ -634,7 +530,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectingThenOk() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); } @@ -643,7 +538,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectionFailsThenUnauthorized() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("Inactive")); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isUnauthorized()) .andExpect( header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active"))); @@ -653,7 +547,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("ActiveNoScopes")); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token")) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope"))); @@ -674,21 +567,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenAuthenticationManagerResolverThenUses() throws Exception { this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire(); - AuthenticationManagerResolver authenticationManagerResolver = this.spring.getContext() .getBean(AuthenticationManagerResolver.class); given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn( (authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound()); - verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class)); } @Test public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception { this.spring.configLocations(xml("WebServer"), xml("MultipleIssuers")).autowire(); - MockWebServer server = this.spring.getContext().getBean(MockWebServer.class); String metadata = "{\n" + " \"issuer\": \"%s\", \n" + " \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}"; @@ -699,22 +588,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { String jwtOne = jwtFromIssuer(issuerOne); String jwtTwo = jwtFromIssuer(issuerTwo); String jwtThree = jwtFromIssuer(issuerThree); - mockWebServer(String.format(metadata, issuerOne, issuerOne)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtOne)) .andExpect(status().isNotFound()); - mockWebServer(String.format(metadata, issuerTwo, issuerTwo)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtTwo)) .andExpect(status().isNotFound()); - mockWebServer(String.format(metadata, issuerThree, issuerThree)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtThree)) .andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer")); } @@ -722,18 +605,13 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception { // different from DSL - this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token")) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); @@ -742,32 +620,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { // different from DSL - this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("BasicAndResourceServer")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); - this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @@ -800,11 +669,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { .willReturn(true); Element child = mock(Element.class); ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class)); - parser.validateConfiguration(element, child, null, pc); verify(pc.getReaderContext()).error(anyString(), eq(element)); reset(pc.getReaderContext()); - parser.validateConfiguration(element, null, child, pc); verify(pc.getReaderContext()).error(anyString(), eq(element)); } diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java index fad993004f..7017e60822 100644 --- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java @@ -72,63 +72,47 @@ public class OpenIDConfigTests { @Test public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage() throws Exception { - this.spring.configLocations(this.xml("WithFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); - assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull(); } @Test public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins() throws Exception { - this.spring.configLocations(this.xml("WithFormLoginPage")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/form-page")); } @Test public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins() throws Exception { - this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/openid-page")); } @Test public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException() { - assertThatCode(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire()) .isInstanceOf(BeanDefinitionParsingException.class); } @Test public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp() throws Exception { - this.spring.configLocations(this.xml("WithRememberMe")).autowire(); - OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); - String openIdEndpointUrl = "https://testopenid.com?openid.return_to="; Set returnToUrlParameters = new HashSet<>(); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); openIDFilter.setReturnToUrlParameters(returnToUrlParameters); - OpenIDConsumer consumer = mock(OpenIDConsumer.class); given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString())) .will((invocation) -> openIdEndpointUrl + invocation.getArgument(2)); openIDFilter.setConsumer(consumer); - String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?") .append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(get("/login")).andExpect(status().isOk()) .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); - this.mvc.perform(get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com") .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")).andExpect(status().isFound()) @@ -137,21 +121,16 @@ public class OpenIDConfigTests { @Test public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp() throws Exception { - this.spring.configLocations(this.xml("WithOpenIDAttributes")).autowire(); - OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); OpenID4JavaConsumer consumer = getFieldValue(openIDFilter, "consumer"); ConsumerManager manager = getFieldValue(consumer, "consumerManager"); manager.setMaxAssocAttempts(0); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()) @@ -169,11 +148,8 @@ public class OpenIDConfigTests { @Test public void requestWhenLoginPageConfiguredWithPhraseLoginThenRedirectsOnlyToUserGeneratedLoginPage() throws Exception { - this.spring.configLocations(this.xml("Sec2919")).autowire(); - assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull(); - this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page")); } diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java index e413874758..13478ad795 100644 --- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java @@ -52,11 +52,8 @@ public class PlaceHolderAndELConfigTests { @Test public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() throws Exception { - System.setProperty("pattern.nofilters", "/unsecured"); - this.spring.configLocations(this.xml("UnsecuredPattern")).autowire(); - this.mvc.perform(get("/unsecured")).andExpect(status().isOk()); } @@ -65,27 +62,19 @@ public class PlaceHolderAndELConfigTests { */ @Test public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks() throws Exception { - System.setProperty("secure.Url", "/secured"); System.setProperty("secure.role", "ROLE_NUNYA"); System.setProperty("login.page", "/loginPage"); System.setProperty("default.target", "/defaultTarget"); System.setProperty("auth.failure", "/authFailure"); - this.spring.configLocations(this.xml("InterceptUrlAndFormLogin")).autowire(); - // login-page setting - this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage")); - // login-processing-url setting // default-target-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/defaultTarget")); - // authentication-failure-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong")) .andExpect(redirectedUrl("/authFailure")); } @@ -95,44 +84,31 @@ public class PlaceHolderAndELConfigTests { */ @Test public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks() throws Exception { - System.setProperty("secure.url", "/secured"); System.setProperty("secure.role", "ROLE_NUNYA"); System.setProperty("login.page", "/loginPage"); System.setProperty("default.target", "/defaultTarget"); System.setProperty("auth.failure", "/authFailure"); - this.spring.configLocations(this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire(); - // login-page setting - this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage")); - // login-processing-url setting // default-target-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/defaultTarget")); - // authentication-failure-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong")) .andExpect(redirectedUrl("/authFailure")); - } @Test @WithMockUser public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks() throws Exception { - System.setProperty("http", "9080"); System.setProperty("https", "9443"); - this.spring.configLocations(this.xml("PortMapping")).autowire(); - this.mvc.perform(get("http://localhost:9080/secured")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost:9443/secured")); - this.mvc.perform(get("https://localhost:9443/unsecured")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost:9080/unsecured")); } @@ -140,12 +116,9 @@ public class PlaceHolderAndELConfigTests { @Test @WithMockUser public void requestWhenUsingPlaceholderThenRequiresChannelWorks() throws Exception { - System.setProperty("secure.url", "/secured"); System.setProperty("required.channel", "https"); - this.spring.configLocations(this.xml("RequiresChannel")).autowire(); - this.mvc.perform(get("http://localhost/secured")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost/secured")); } @@ -153,20 +126,15 @@ public class PlaceHolderAndELConfigTests { @Test @WithMockUser public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() throws Exception { - System.setProperty("accessDenied", "/go-away"); - this.spring.configLocations(this.xml("AccessDeniedPage")).autowire(); - this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away")); } @Test @WithMockUser public void requestWhenUsingSpELThenAccessDeniedPageWorks() throws Exception { - this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire(); - this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away")); } diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java index e16b8ec2b1..46fc53c570 100644 --- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java @@ -69,17 +69,12 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithTokenRepository")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - JdbcTemplate template = this.spring.getContext().getBean(JdbcTemplate.class); int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); @@ -87,42 +82,30 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithDataSource")).autowire(); - TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class); JdbcTemplate template = new JdbcTemplate(dataSource); template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); } @Test public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationSuccessHandler")).autowire(); - TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class); JdbcTemplate template = new JdbcTemplate(dataSource); template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(redirectedUrl("/target")); - int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); } @@ -131,16 +114,12 @@ public class RememberMeConfigTests { public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates() throws Exception { // SEC-1281 - using key with external services this.spring.configLocations(this.xml("WithServicesRef")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - // SEC-909 this.mvc.perform(post("/logout").cookie(cookie).with(csrf())) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)) @@ -149,13 +128,9 @@ public class RememberMeConfigTests { @Test public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception { - this.spring.configLocations(this.xml("DefaultConfig")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password").andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(post("/logout").cookie(cookie).with(csrf())) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)); } @@ -163,23 +138,17 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenTokenValidityIsConfiguredThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("TokenValidity")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @Test public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1)); } @@ -193,18 +162,14 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenTokenValidityIsResolvedByPropertyPlaceholderThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("Sec2165")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30)); } @Test public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception { - this.spring.configLocations(this.xml("SecureCookie")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true)); } @@ -214,9 +179,7 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception { - this.spring.configLocations(this.xml("Sec1827")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)); } @@ -232,17 +195,12 @@ public class RememberMeConfigTests { public void requestWithRememberMeWhenUsingCustomUserDetailsServiceThenInvokesThisUserDetailsService() throws Exception { this.spring.configLocations(this.xml("WithUserDetailsService")).autowire(); - UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class); given(userDetailsService.loadUserByUsername("user")) .willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList())); - MvcResult result = this.rememberAuthentication("user", "password").andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - verify(userDetailsService, atLeastOnce()).loadUserByUsername("user"); } @@ -251,14 +209,10 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates() throws Exception { - this.spring.configLocations(this.xml("Sec742")).autowire(); - MvcResult result = this.mvc.perform(login("user", "password").param("remember-me", "true").with(csrf())) .andExpect(redirectedUrl("/messageList.html")).andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @@ -267,15 +221,11 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithRememberMeParameter")).autowire(); - MvcResult result = this.mvc .perform(login("user", "password").param("custom-remember-me-parameter", "true").with(csrf())) .andExpect(redirectedUrl("/")).andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @@ -290,9 +240,7 @@ public class RememberMeConfigTests { */ @Test public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception { - this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire(); - this.rememberAuthentication("user", "password").andExpect(cookie().exists("custom-remember-me-cookie")); } @@ -309,7 +257,6 @@ public class RememberMeConfigTests { } private ResultActions rememberAuthentication(String username, String password) throws Exception { - return this.mvc.perform( login(username, password).param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true").with(csrf())) .andExpect(redirectedUrl("/")); diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java index ddb27b5cf5..d0ecc45474 100644 --- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java @@ -66,132 +66,89 @@ public class SecurityContextHolderAwareRequestConfigTests { @Test public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user")); } @Test public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @Test public void servletLogoutWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNull(); } @Test public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("HttpBasic")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("discworld"))); } @Test public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("FormLogin")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @Test public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user")); - this.mvc.perform(get("/v2/good-login")).andExpect(status().isOk()).andExpect(content().string("user2")); } @Test public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(get("/v2/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login2")); - } @Test public void servletLogoutWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/v2/good-login")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/v2/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNull(); } @Test public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Logout")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/signin")); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andExpect(cookie().maxAge("JSESSIONID", 0)).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); } @@ -201,9 +158,7 @@ public class SecurityContextHolderAwareRequestConfigTests { @Test @WithMockUser public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/role")).andExpect(content().string("true")); } @@ -216,33 +171,26 @@ public class SecurityContextHolderAwareRequestConfigTests { @GetMapping("/v2/good-login") public String v2Login(HttpServletRequest request) throws ServletException { - request.login("user2", "password2"); - return this.principal(); } @GetMapping("/good-login") public String login(HttpServletRequest request) throws ServletException { - request.login("user", "password"); - return this.principal(); } @GetMapping("/v2/authenticate") public String v2Authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - return this.authenticate(request, response); } @GetMapping("/authenticate") public String authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - request.authenticate(response); - return this.principal(); } @@ -254,7 +202,6 @@ public class SecurityContextHolderAwareRequestConfigTests { @GetMapping("/do-logout") public String logout(HttpServletRequest request) throws ServletException { request.logout(); - return this.principal(); } diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java index 6575395228..7995b13de2 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java @@ -90,40 +90,29 @@ public class SessionManagementConfigServlet31Tests { request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); - request.getSession().setAttribute("attribute1", "value1"); - String id = request.getSession().getId(); - loadContext("\n" + " \n" + " \n" + " \n" + " " + XML_AUTHENTICATION_MANAGER); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1"); } @Test public void changeSessionId() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.getSession(); request.setServletPath("/login"); request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); - String id = request.getSession().getId(); - loadContext("\n" + " \n" + " \n" + " \n" + " " + XML_AUTHENTICATION_MANAGER); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); - } private void loadContext(String context) { @@ -135,7 +124,6 @@ public class SessionManagementConfigServlet31Tests { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response); repo.loadContext(requestResponseHolder); - SecurityContextImpl securityContextImpl = new SecurityContextImpl(); securityContextImpl.setAuthentication(auth); repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse()); diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java index f7bd58f0b0..cdd74a6916 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java @@ -92,52 +92,41 @@ public class SessionManagementConfigTests { @Test public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession() throws Exception { this.spring.configLocations(this.xml("CreateSessionAlways")).autowire(); - MockHttpServletRequest request = get("/").buildRequest(this.servletContext()); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK); assertThat(request.getSession(false)).isNotNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = get("/auth").buildRequest(this.servletContext()); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession(false) @@ -146,72 +135,56 @@ public class SessionManagementConfigTests { @Test public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - this.mvc.perform(get("/auth")).andExpect(status().isFound()).andExpect(session().exists(false)); } @Test public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isFound()).andExpect(session().exists(false)); } @Test public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - MvcResult result = this.mvc .perform(post("/login").param("username", "user").param("password", "password") .session(new MockHttpSession()).with(csrf())) .andExpect(status().isFound()).andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false) .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = get("/").buildRequest(servletContext); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = get("/auth").buildRequest(servletContext); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(servletContext); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); } @@ -221,12 +194,9 @@ public class SessionManagementConfigTests { */ @Test public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession() throws Exception { - this.spring.configLocations(this.xml("Sec1208")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()) .andExpect(session()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isUnauthorized()) .andExpect(session().exists(false)); } @@ -237,9 +207,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenSessionFixationProtectionDisabledAndConcurrencyControlEnabledThenSessionNotInvalidated() throws Exception { - this.spring.configLocations(this.xml("Sec2137")).autowire(); - MockHttpSession session = new MockHttpSession(); this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))).andExpect(status().isOk()) .andExpect(session().id(session.getId())); @@ -248,15 +216,12 @@ public class SessionManagementConfigTests { @Test public void autowireWhenExportingSessionRegistryBeanThenAvailableForWiring() { this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire(); - this.sessionRegistryIsValid(); } @Test public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlExpiredUrl")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/expired")).andExpect(session().exists(false)); } @@ -264,9 +229,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenConcurrencyControlAndCustomLogoutHandlersAreSetThenAllAreInvokedWhenSessionExpires() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andExpect(cookie().maxAge("testCookie", 0)) .andExpect(cookie().exists("rememberMeCookie")).andExpect(session().valid(true)); @@ -274,9 +237,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andExpect(cookie().exists("rememberMeCookie")) .andExpect(session().exists(false)); @@ -287,25 +248,18 @@ public class SessionManagementConfigTests { */ @Test public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire(); - MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session()) .andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); sessionRegistry.getSessionInformation(session.getId()).expireNow(); - this.mvc.perform(get("/auth").session(session)).andExpect(header().string("X-Username", "user")); } @Test public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(content().string("This session has been expired (possibly due to multiple concurrent " + "logins being attempted as the same user).")); @@ -313,71 +267,53 @@ public class SessionManagementConfigTests { @Test public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication() throws Exception { - this.spring.configLocations(this.xml("SessionAuthenticationStrategyRef")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isIAmATeapot()); } @Test public void autowireWhenSessionRegistryRefIsSetThenAvailableForWiring() { this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryRef")).autowire(); - this.sessionRegistryIsValid(); } @Test public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlMaxSessions")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(redirectedUrl("/max-exceeded")); } @Test public void autowireWhenSessionFixationProtectionIsNoneAndCsrfDisabledThenSessionManagementFilterIsNotWired() { - this.spring.configLocations(this.xml("NoSessionManagementFilter")).autowire(); - assertThat(this.getFilter(SessionManagementFilter.class)).isNull(); } @Test public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session().id(sessionId)); } @Test public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void requestWhenSessionFixationProtectionIsNoneAndInvalidSessionUrlIsSetThenStillRedirectsOnInvalidSession() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionId("1"); request.setRequestedSessionIdValid(false); @@ -387,9 +323,7 @@ public class SessionManagementConfigTests { private void sessionRegistryIsValid() { SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class); - assertThat(sessionRegistry).isNotNull(); - assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry, this::extractSessionRegistry); assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry, @@ -433,37 +367,26 @@ public class SessionManagementConfigTests { */ @Test public void checkConcurrencyAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() { - this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire(); - ConcurrentSessionFilter concurrentSessionFilter = getFilter(ConcurrentSessionFilter.class); LogoutFilter logoutFilter = getFilter(LogoutFilter.class); - LogoutHandler csfLogoutHandler = getFieldValue(concurrentSessionFilter, "handlers"); LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler"); - assertThat(csfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); - List csfLogoutHandlers = getFieldValue(csfLogoutHandler, "logoutHandlers"); List lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers"); - assertThat(csfLogoutHandlers).hasSameSizeAs(lfLogoutHandlers); - assertThat(csfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); } private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context) throws IOException, ServletException { - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = context.getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - return response; } @@ -481,7 +404,6 @@ public class SessionManagementConfigTests { private List getFilters() { FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - return proxy.getFilters("/"); } @@ -499,7 +421,6 @@ public class SessionManagementConfigTests { @Override public void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response) throws SessionAuthenticationException { - response.setStatus(org.springframework.http.HttpStatus.I_AM_A_TEAPOT.value()); } @@ -514,13 +435,11 @@ public class SessionManagementConfigTests { @Override public void loginFail(HttpServletRequest request, HttpServletResponse response) { - } @Override public void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { - } @Override @@ -574,11 +493,8 @@ public class SessionManagementConfigTests { assertThat(result.getRequest().getSession(false)).isNull(); return; } - assertThat(result.getRequest().getSession(false)).isNotNull(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); @@ -587,7 +503,6 @@ public class SessionManagementConfigTests { assertThat(session.isInvalid()).isTrue(); } } - if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java index aa9ab7a33f..8e2df3e6e9 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java @@ -47,7 +47,6 @@ public class SessionManagementConfigTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception { - this.spring.configLocations(this.xml("WithTransientAuthentication")).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNull(); @@ -55,7 +54,6 @@ public class SessionManagementConfigTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception { - this.spring.configLocations(this.xml("CreateSessionAlwaysWithTransientAuthentication")).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java index 9f715ddce9..9b770c28ae 100644 --- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java @@ -75,11 +75,8 @@ public class CustomHttpSecurityConfigurerTests { @Test public void customConfiguerPermitAll() throws Exception { loadContext(Config.class); - this.request.setPathInfo("/public/something"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -87,9 +84,7 @@ public class CustomHttpSecurityConfigurerTests { public void customConfiguerFormLogin() throws Exception { loadContext(Config.class); this.request.setPathInfo("/requires-authentication"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).endsWith("/custom"); } @@ -98,9 +93,7 @@ public class CustomHttpSecurityConfigurerTests { loadContext(ConfigCustomize.class); this.request.setPathInfo("/public/something"); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -108,9 +101,7 @@ public class CustomHttpSecurityConfigurerTests { public void customConfiguerCustomizeFormLogin() throws Exception { loadContext(ConfigCustomize.class); this.request.setPathInfo("/requires-authentication"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).endsWith("/other"); } @@ -136,7 +127,6 @@ public class CustomHttpSecurityConfigurerTests { // Typically externalize this as a properties file Properties properties = new Properties(); properties.setProperty("permitAllPattern", "/public/**"); - PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer(); propertyPlaceholderConfigurer.setProperties(properties); return propertyPlaceholderConfigurer; @@ -164,7 +154,6 @@ public class CustomHttpSecurityConfigurerTests { // Typically externalize this as a properties file Properties properties = new Properties(); properties.setProperty("permitAllPattern", "/public/**"); - PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer(); propertyPlaceholderConfigurer.setProperties(properties); return propertyPlaceholderConfigurer; diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java index 3e0088b38a..f4f2fe7f62 100644 --- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java @@ -96,7 +96,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { @Test(expected = AuthenticationCredentialsNotFoundException.class) public void targetShouldPreventProtectedMethodInvocationWithNoContext() { loadContext(); - this.target.someUserMethod1(); } @@ -105,9 +104,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { loadContext(); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); - // SEC-1213. Check the order Advisor[] advisors = ((Advised) this.target).getAdvisors(); assertThat(advisors).hasSize(1); @@ -119,9 +116,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { loadContext(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE"); token.setAuthenticated(true); - SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -132,10 +127,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + "" + "" + " " + "" + ""); - PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext .getBean("myUserService"); - assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!"); } @@ -147,12 +140,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + "" + "" + "" + " " + ""); - UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService"); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - service.loadUserByUsername("notused"); } @@ -169,7 +160,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { // someOther(int) should not be matched by someOther(String), but should require // ROLE_USER this.target.someOther(0); - try { // String version should required admin role this.target.someOther("somestring"); @@ -190,7 +180,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { this.target = (BusinessService) this.appContext.getBean("target"); // String method should not be protected this.target.someOther("somestring"); - // All others should require ROLE_USER try { this.target.someOther(0); @@ -198,7 +187,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { } catch (AuthenticationCredentialsNotFoundException expected) { } - SecurityContextHolder.getContext() .setAuthentication(new UsernamePasswordAuthenticationToken("user", "password")); this.target.someOther(0); @@ -217,7 +205,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + " " + " " + "" + ConfigTestUtils.AUTH_PROVIDER_XML); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); @@ -226,7 +213,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { } // Expression configuration tests - @SuppressWarnings("unchecked") @Test public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception { @@ -341,7 +327,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { props.addPropertyValue("key", "blah"); parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props); parent.refresh(); - setContext("" + ConfigTestUtils.AUTH_PROVIDER_XML, parent); RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr"); diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index 4771006d75..0316daf0fe 100644 --- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -74,7 +74,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application assertThat(this.appContext.getBeansOfType(ApplicationListener.class)).hasSize(1); assertThat(this.appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1); this.appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", ""))); - assertThat(this.target).isInstanceOf(ApplicationListener.class); } @@ -93,7 +92,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.doSomething(); } @@ -102,7 +100,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.doSomething(); } diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java index 20b5183888..46ca86f261 100644 --- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java @@ -64,7 +64,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someOther(0); } @@ -73,7 +72,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); } @@ -82,7 +80,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -91,7 +88,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.rolesAllowedUser(); } diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java index 083b3c2b7f..7814a7f7d6 100644 --- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java +++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java @@ -38,7 +38,6 @@ public class Sec2196Tests { public void genericMethodsProtected() { loadContext("" + ""); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER")); Service service = this.context.getBean(Service.class); @@ -49,7 +48,6 @@ public class Sec2196Tests { public void genericMethodsAllowed() { loadContext("" + ""); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers")); Service service = this.context.getBean(Service.class); diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java index 3d46358d09..c7f1cc54a2 100644 --- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java @@ -73,7 +73,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); } @@ -82,7 +81,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -101,7 +99,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { catch (AuthenticationCredentialsNotFoundException expected) { } SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A")); - BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target); chompedTarget.someAdminMethod(); } @@ -113,11 +110,9 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { oos.flush(); baos.flush(); byte[] bytes = baos.toByteArray(); - ByteArrayInputStream is = new ByteArrayInputStream(bytes); ObjectInputStream ois = new ObjectInputStream(is); Object o2 = ois.readObject(); - return o2; } diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java index a78f32bf76..4951e56206 100644 --- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java +++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java @@ -32,7 +32,6 @@ public class Sec2136Tests { @Test public void configurationLoads() { - } } diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java index 2c593e80dc..c20e3c7b59 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java @@ -100,15 +100,11 @@ public class ClientRegistrationsBeanDefinitionParserTests { this.server = new MockWebServer(); this.server.start(); String serverUrl = this.server.url("/").toString(); - String discoveryResponse = OIDC_DISCOVERY_RESPONSE.replace("${issuer-uri}", serverUrl); this.server.enqueue(jsonResponse(discoveryResponse)); - String contextConfig = ISSUER_URI_XML_CONFIG.replace("${issuer-uri}", serverUrl); this.spring.context(contextConfig).autowire(); - assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class); - ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); assertThat(googleRegistration).isNotNull(); assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login"); @@ -120,7 +116,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl); - ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails(); assertThat(googleProviderDetails).isNotNull(); assertThat(googleProviderDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth"); @@ -138,9 +133,7 @@ public class ClientRegistrationsBeanDefinitionParserTests { public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() { this.spring.configLocations(ClientRegistrationsBeanDefinitionParserTests.xml("MultiClientRegistration")) .autowire(); - assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class); - ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); assertThat(googleRegistration).isNotNull(); assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login"); @@ -152,7 +145,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(googleRegistration.getClientName()).isEqualTo("Google"); - ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails(); assertThat(googleProviderDetails).isNotNull(); assertThat(googleProviderDetails.getAuthorizationUri()) @@ -165,7 +157,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub"); assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(googleProviderDetails.getIssuerUri()).isEqualTo("https://accounts.google.com"); - ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId("github-login"); assertThat(githubRegistration).isNotNull(); assertThat(githubRegistration.getRegistrationId()).isEqualTo("github-login"); @@ -177,7 +168,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(githubRegistration.getClientName()).isEqualTo("Github"); - ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails(); assertThat(githubProviderDetails).isNotNull(); assertThat(githubProviderDetails.getAuthorizationUri()).isEqualTo("https://github.com/login/oauth/authorize"); diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java index 9da52a47c7..dba5ac9173 100644 --- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java +++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java @@ -128,13 +128,11 @@ public class SpringTestContext implements Closeable { this.context.setServletContext(new MockServletContext()); this.context.setServletConfig(new MockServletConfig()); this.context.refresh(); - if (this.context.containsBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .apply(new AddFilter()).build(); this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc); } - AutowiredAnnotationBeanPostProcessor bpp = new AutowiredAnnotationBeanPostProcessor(); bpp.setBeanFactory(this.context.getBeanFactory()); bpp.processInjection(this.test); diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java index 5ba707036e..865462456d 100644 --- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java +++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java @@ -42,7 +42,6 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext + "http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-2.5.xsd\n" + "http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-"; static final String BEANS_CLOSE = "\n"; - static final String SPRING_SECURITY_VERSION = "5.4"; Resource inMemoryXml; diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java index 1fec30b4fc..22e87bbe62 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java @@ -35,30 +35,20 @@ public class AuthorizeExchangeSpecTests { public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() { this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange() .permitAll(); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isOk(); - client.get().uri("/b").exchange().expectStatus().isOk(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } @Test public void antMatchersWhenPatternsThenAnyMethod() { this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll(); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isUnauthorized(); - client.get().uri("/b").exchange().expectStatus().isUnauthorized(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } @@ -66,15 +56,10 @@ public class AuthorizeExchangeSpecTests { public void antMatchersWhenPatternsInLambdaThenAnyMethod() { this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange( (exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll()); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isUnauthorized(); - client.get().uri("/b").exchange().expectStatus().isUnauthorized(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java index 33e1d2e9c0..7499e9c240 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java @@ -105,9 +105,7 @@ public class CorsSpecTests { WebTestClient client = buildClient(); FluxExchangeResult response = client.get().uri("https://example.com/") .headers((h) -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class); - Map> responseHeaders = response.getResponseHeaders(); - if (!this.expectedHeaders.isEmpty()) { assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java index 470536e558..4b3ffae2ce 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java @@ -42,9 +42,7 @@ public class ExceptionHandlingSpecTests { public void defaultAuthenticationEntryPoint() { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange() .authenticated().and().exceptionHandling().and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches("WWW-Authenticate", "Basic.*"); } @@ -54,9 +52,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) .exceptionHandling(withDefaults()).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches("WWW-Authenticate", "Basic.*"); } @@ -66,9 +62,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange() .authenticated().and().exceptionHandling() .authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*"); } @@ -79,9 +73,7 @@ public class ExceptionHandlingSpecTests { .exceptionHandling((exceptionHandling) -> exceptionHandling .authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))) .build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*"); } @@ -89,9 +81,7 @@ public class ExceptionHandlingSpecTests { public void defaultAccessDeniedHandler() { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange() .anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isForbidden(); } @@ -101,9 +91,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults()) .authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN")) .exceptionHandling(withDefaults()).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isForbidden(); } @@ -113,9 +101,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange() .anyExchange().hasRole("ADMIN").and().exceptionHandling() .accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isBadRequest(); } @@ -127,9 +113,7 @@ public class ExceptionHandlingSpecTests { .exceptionHandling((exceptionHandling) -> exceptionHandling .accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))) .build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isBadRequest(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java index 791d064c70..cf96b628a1 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java @@ -70,22 +70,14 @@ public class FormLoginTests { public void defaultLoginPage() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class) .assertError(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - loginPage = DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -94,22 +86,14 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults()) .build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class) .assertError(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - loginPage = DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -117,17 +101,12 @@ public class FormLoginTests { public void customLoginPage() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll() .anyExchange().authenticated().and().formLogin().loginPage("/login").and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); } @@ -137,17 +116,12 @@ public class FormLoginTests { .authorizeExchange( (exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated()) .formLogin((formLogin) -> formLogin.loginPage("/login")).build(); - WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); } @@ -156,15 +130,10 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure") .permitAll().anyExchange().authenticated().and().formLogin() .authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class); - assertThat(driver.getCurrentUrl()).endsWith("/failure"); } @@ -173,13 +142,9 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/sign-in") .permitAll().anyExchange().authenticated().and().formLogin() .requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/sign-in"); - assertThat(driver.getCurrentUrl()).endsWith("/login?error"); } @@ -188,15 +153,10 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")) .and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - assertThat(driver.getCurrentUrl()).endsWith("/custom"); } @@ -204,25 +164,17 @@ public class FormLoginTests { public void customAuthenticationManager() { ReactiveAuthenticationManager defaultAuthenticationManager = mock(ReactiveAuthenticationManager.class); ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); - given(defaultAuthenticationManager.authenticate(any())) .willThrow(new RuntimeException("should not interact with default auth manager")); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityWebFilter = this.http.authenticationManager(defaultAuthenticationManager) .formLogin().authenticationManager(customAuthenticationManager).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - verifyZeroInteractions(defaultAuthenticationManager); } @@ -230,28 +182,19 @@ public class FormLoginTests { public void formLoginSecurityContextRepository() { ServerSecurityContextRepository defaultSecContextRepository = mock(ServerSecurityContextRepository.class); ServerSecurityContextRepository formLoginSecContextRepository = mock(ServerSecurityContextRepository.class); - TestingAuthenticationToken token = new TestingAuthenticationToken("rob", "rob", "ROLE_USER"); - given(defaultSecContextRepository.save(any(), any())).willReturn(Mono.empty()); given(defaultSecContextRepository.load(any())).willReturn(authentication(token)); given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty()); given(formLoginSecContextRepository.load(any())).willReturn(authentication(token)); - SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .securityContextRepository(defaultSecContextRepository).formLogin() .securityContextRepository(formLoginSecContextRepository).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - verify(defaultSecContextRepository, atLeastOnce()).load(any()); verify(formLoginSecContextRepository).save(any(), any()); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java index a168b477f7..5efabbd93e 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java @@ -77,39 +77,32 @@ public class HeaderSpecTests { @Test public void headersWhenDisableThenNoSecurityHeaders() { new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent); - this.http.headers().disable(); - assertHeaders(); } @Test public void headersWhenDisableInLambdaThenNoSecurityHeaders() { new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent); - this.http.headers((headers) -> headers.disable()); - assertHeaders(); } @Test public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() { this.http.headers().disable().headers(); - assertHeaders(); } @Test public void headersWhenDefaultsThenAllDefaultsWritten() { this.http.headers(); - assertHeaders(); } @Test public void headersWhenDefaultsInLambdaThenAllDefaultsWritten() { this.http.headers(withDefaults()); - assertHeaders(); } @@ -117,7 +110,6 @@ public class HeaderSpecTests { public void headersWhenCacheDisableThenCacheNotWritten() { expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES); this.http.headers().cache().disable(); - assertHeaders(); } @@ -125,7 +117,6 @@ public class HeaderSpecTests { public void headersWhenCacheDisableInLambdaThenCacheNotWritten() { expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES); this.http.headers((headers) -> headers.cache((cache) -> cache.disable())); - assertHeaders(); } @@ -133,7 +124,6 @@ public class HeaderSpecTests { public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() { expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS); this.http.headers().contentTypeOptions().disable(); - assertHeaders(); } @@ -142,7 +132,6 @@ public class HeaderSpecTests { expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS); this.http .headers((headers) -> headers.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())); - assertHeaders(); } @@ -150,7 +139,6 @@ public class HeaderSpecTests { public void headersWhenHstsDisableThenHstsNotWritten() { expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY); this.http.headers().hsts().disable(); - assertHeaders(); } @@ -158,7 +146,6 @@ public class HeaderSpecTests { public void headersWhenHstsDisableInLambdaThenHstsNotWritten() { expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY); this.http.headers((headers) -> headers.hsts((hsts) -> hsts.disable())); - assertHeaders(); } @@ -168,7 +155,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60"); this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).includeSubdomains(false); - assertHeaders(); } @@ -179,7 +165,6 @@ public class HeaderSpecTests { "max-age=60"); this.http.headers( (headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false))); - assertHeaders(); } @@ -189,7 +174,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload"); this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).preload(true); - assertHeaders(); } @@ -199,7 +183,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload"); this.http.headers((headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).preload(true))); - assertHeaders(); } @@ -207,7 +190,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() { expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS); this.http.headers().frameOptions().disable(); - assertHeaders(); } @@ -215,7 +197,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() { expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS); this.http.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable())); - assertHeaders(); } @@ -223,7 +204,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() { this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN"); this.http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN); - assertHeaders(); } @@ -232,7 +212,6 @@ public class HeaderSpecTests { this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN"); this.http.headers((headers) -> headers.frameOptions( (frameOptions) -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN))); - assertHeaders(); } @@ -240,7 +219,6 @@ public class HeaderSpecTests { public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() { expectHeaderNamesNotPresent("X-Xss-Protection"); this.http.headers().xssProtection().disable(); - assertHeaders(); } @@ -248,7 +226,6 @@ public class HeaderSpecTests { public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() { expectHeaderNamesNotPresent("X-Xss-Protection"); this.http.headers((headers) -> headers.xssProtection((xssProtection) -> xssProtection.disable())); - assertHeaders(); } @@ -256,9 +233,7 @@ public class HeaderSpecTests { public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() { String policyDirectives = "Feature-Policy"; this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, policyDirectives); - this.http.headers().featurePolicy(policyDirectives); - assertHeaders(); } @@ -267,9 +242,7 @@ public class HeaderSpecTests { String policyDirectives = "default-src 'self'"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, policyDirectives); - this.http.headers().contentSecurityPolicy(policyDirectives); - assertHeaders(); } @@ -278,9 +251,7 @@ public class HeaderSpecTests { String expectedPolicyDirectives = "default-src 'self'"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, expectedPolicyDirectives); - this.http.headers((headers) -> headers.contentSecurityPolicy(withDefaults())); - assertHeaders(); } @@ -289,10 +260,8 @@ public class HeaderSpecTests { String policyDirectives = "default-src 'self' *.trusted.com"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, policyDirectives); - this.http.headers((headers) -> headers.contentSecurityPolicy( (contentSecurityPolicy) -> contentSecurityPolicy.policyDirectives(policyDirectives))); - assertHeaders(); } @@ -301,7 +270,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER.getPolicy()); this.http.headers().referrerPolicy(); - assertHeaders(); } @@ -310,7 +278,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER.getPolicy()); this.http.headers((headers) -> headers.referrerPolicy(withDefaults())); - assertHeaders(); } @@ -319,7 +286,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy()); this.http.headers().referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE); - assertHeaders(); } @@ -329,7 +295,6 @@ public class HeaderSpecTests { ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy()); this.http.headers((headers) -> headers .referrerPolicy((referrerPolicy) -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE))); - assertHeaders(); } @@ -337,10 +302,7 @@ public class HeaderSpecTests { public void headersWhenCustomHeadersWriter() { this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE); this.http.headers((headers) -> headers.writer((exchange) -> Mono.just(exchange) - .doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then() - - )); - + .doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then())); assertHeaders(); } @@ -355,9 +317,7 @@ public class HeaderSpecTests { WebTestClient client = buildClient(); FluxExchangeResult response = client.get().uri("https://example.com/").exchange() .returnResult(String.class); - Map> responseHeaders = response.getResponseHeaders(); - if (!this.expectedHeaders.isEmpty()) { assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java index f31818b22b..9df6cc1c16 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java @@ -55,14 +55,12 @@ public class HttpsRedirectSpecTests { @Test public void getWhenSecureThenDoesNotRedirect() { this.spring.register(RedirectToHttpConfig.class).autowire(); - this.client.get().uri("https://localhost").exchange().expectStatus().isNotFound(); } @Test public void getWhenInsecureThenRespondsWithRedirectToSecure() { this.spring.register(RedirectToHttpConfig.class).autowire(); - this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost"); } @@ -70,7 +68,6 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndRedirectConfiguredInLambdaThenRespondsWithRedirectToSecure() { this.spring.register(RedirectToHttpsInLambdaConfig.class).autowire(); - this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost"); } @@ -78,9 +75,7 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndPathRequiresTransportSecurityThenRedirects() { this.spring.register(SometimesRedirectToHttpsConfig.class).autowire(); - this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound(); - this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure"); } @@ -88,9 +83,7 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndPathRequiresTransportSecurityInLambdaThenRedirects() { this.spring.register(SometimesRedirectToHttpsInLambdaConfig.class).autowire(); - this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound(); - this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure"); } @@ -98,10 +91,8 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndUsingCustomPortMapperThenRespondsWithRedirectToSecurePort() { this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire(); - PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class); given(portMapper.lookupHttpsPort(4080)).willReturn(4443); - this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:4443"); } @@ -109,10 +100,8 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndUsingCustomPortMapperInLambdaThenRespondsWithRedirectToSecurePort() { this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire(); - PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class); given(portMapper.lookupHttpsPort(4080)).willReturn(4443); - this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:4443"); } @@ -127,7 +116,6 @@ public class HttpsRedirectSpecTests { http .redirectToHttps(); // @formatter:on - return http.build(); } @@ -143,7 +131,6 @@ public class HttpsRedirectSpecTests { http .redirectToHttps(withDefaults()); // @formatter:on - return http.build(); } @@ -160,7 +147,6 @@ public class HttpsRedirectSpecTests { .redirectToHttps() .httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure")); // @formatter:on - return http.build(); } @@ -179,7 +165,6 @@ public class HttpsRedirectSpecTests { .httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure")) ); // @formatter:on - return http.build(); } @@ -196,7 +181,6 @@ public class HttpsRedirectSpecTests { .redirectToHttps() .portMapper(portMapper()); // @formatter:on - return http.build(); } @@ -220,7 +204,6 @@ public class HttpsRedirectSpecTests { .portMapper(portMapper()) ); // @formatter:on - return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java index 7f4b247184..bd8822247d 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java @@ -41,24 +41,16 @@ public class LogoutSpecTests { public void defaultLogout() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - loginPage = FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -67,24 +59,16 @@ public class LogoutSpecTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")) .and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - driver.get("http://localhost/custom-logout"); - FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout(); } @@ -95,24 +79,16 @@ public class LogoutSpecTests { .formLogin(withDefaults()) .logout((logout) -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))) .build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - driver.get("http://localhost/custom-logout"); - FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout(); } @@ -120,21 +96,14 @@ public class LogoutSpecTests { public void logoutWhenDisabledThenPostToLogoutDoesNothing() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().logout().disable().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - homePage.assertAt(); } @@ -144,21 +113,14 @@ public class LogoutSpecTests { repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR"); SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange() .anyExchange().authenticated().and().formLogin().and().logout().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java index 6000f4da54..b4f5599fad 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java @@ -96,7 +96,6 @@ public class OAuth2ClientSpecTests { given(repository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); } @@ -110,7 +109,6 @@ public class OAuth2ClientSpecTests { given(repository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); } @@ -118,14 +116,11 @@ public class OAuth2ClientSpecTests { public void oauth2ClientWhenCustomObjectsThenUsed() { this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire(); - OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri("/authorize/oauth2/code/registration-id").build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() @@ -133,22 +128,18 @@ public class OAuth2ClientSpecTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); - given(authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); - this.client.get() .uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id") .queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state") .build()) .exchange().expectStatus().is3xxRedirection(); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(requestCache).getRedirectUri(any()); @@ -158,15 +149,12 @@ public class OAuth2ClientSpecTests { public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() { this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire(); - OAuth2ClientInLambdaCustomConfig config = this.spring.getContext() .getBean(OAuth2ClientInLambdaCustomConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri("/authorize/oauth2/code/registration-id").build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() @@ -174,22 +162,18 @@ public class OAuth2ClientSpecTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); - given(authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); - this.client.get() .uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id") .queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state") .build()) .exchange().expectStatus().is3xxRedirection(); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(requestCache).getRedirectUri(any()); diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java index c6809ca45b..94256acd27 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java @@ -141,11 +141,8 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithMultipleClientRegistrationsThenLinks() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login() .assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and(); @@ -154,14 +151,10 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithSingleClientRegistrationThenRedirect() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(new GitHubWebFilter(), this.springSecurity) .build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/"); - assertThat(driver.getCurrentUrl()).startsWith("https://github.com/login/oauth/authorize"); } @@ -169,7 +162,6 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithSingleClientRegistrationAndXhrRequestThenDoesNotRedirectForAuthorization() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, WebFluxConfig.class).autowire(); - this.client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus() .is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login"); } @@ -178,21 +170,16 @@ public class OAuth2LoginTests { public void oauth2AuthorizeWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class, AuthorizedClientController.class).autowire(); - OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext() .getBean(OAuth2AuthorizeWithMockObjectsConfig.class); - ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty()); given(requestCache.saveRequest(any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); - verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any()); verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any()); verify(requestCache).saveRequest(any()); @@ -202,11 +189,8 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -214,14 +198,11 @@ public class OAuth2LoginTests { ServerWebExchangeMatcher matcher = config.matcher; ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; - OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); OAuth2User user = TestOAuth2Users.create(); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken); - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); @@ -229,14 +210,11 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", redirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -248,12 +226,9 @@ public class OAuth2LoginTests { public void oauth2LoginFailsWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; String failureRedirectLocation = "/failure-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -262,7 +237,6 @@ public class OAuth2LoginTests { ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; ServerAuthenticationFailureHandler failureHandler = config.failureHandler; - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message"))); @@ -271,21 +245,17 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); AuthenticationException authenticationException = invocation.getArgument(1); - return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation) .onAuthenticationFailure(webFilterExchange, authenticationException); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", failureRedirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -297,11 +267,8 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -309,14 +276,11 @@ public class OAuth2LoginTests { ServerWebExchangeMatcher matcher = config.matcher; ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; - OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); OAuth2User user = TestOAuth2Users.create(); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken); - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); @@ -324,14 +288,11 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", redirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -343,26 +304,20 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomBeansThenUsed() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(token)); - ServerSecurityContextRepository securityContextRepository = config.securityContextRepository; given(securityContextRepository.save(any(), any())).willReturn(Mono.empty()); given(securityContextRepository.load(any())).willReturn(authentication(token)); - Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) @@ -370,13 +325,10 @@ public class OAuth2LoginTests { .additionalParameters(additionalParameters).build(); ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OidcUser user = TestOidcUsers.create(); ReactiveOAuth2UserService userService = config.userService; given(userService.loadUser(any())).willReturn(Mono.just(user)); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection(); - verify(config.jwtDecoderFactory).createDecoder(any()); verify(tokenResponseClient).getTokenResponse(any()); verify(securityContextRepository).save(any(), any()); @@ -387,26 +339,20 @@ public class OAuth2LoginTests { public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken( google, exchange, accessToken); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(authenticationToken)); - ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null); given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error)); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } @@ -416,22 +362,17 @@ public class OAuth2LoginTests { public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken( google, exchange, accessToken); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(authenticationToken)); - Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) @@ -439,12 +380,10 @@ public class OAuth2LoginTests { .additionalParameters(additionalParameters).build(); ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - ReactiveJwtDecoderFactory jwtDecoderFactory = config.jwtDecoderFactory; OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null); given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono .error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error)))); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } @@ -452,13 +391,10 @@ public class OAuth2LoginTests { @Test public void logoutWhenUsingOidcLogoutHandlerThenRedirects() { this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire(); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId()); - ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class); given(repository.load(any())).willReturn(authentication(token)); - this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token"); } @@ -467,9 +403,7 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java index 019ced220c..301644ccd1 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java @@ -134,7 +134,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidThenReturnsOk() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -142,7 +141,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenExpiredThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -151,7 +149,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUnsignedThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -160,7 +157,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenEmptyBearerTokenThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.add("Authorization", "Bearer ")).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -169,7 +165,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() { this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -177,7 +172,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() { this.spring.register(PublicKeyInLambdaConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -186,7 +180,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidUsingPlaceholderThenReturnsOk() { this.spring.register(PlaceholderConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -194,22 +187,17 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenCustomDecoderThenAuthenticatesAccordingly() { this.spring.register(CustomDecoderConfig.class, RootController.class).autowire(); - ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt)); - this.client.get().headers((headers) -> headers.setBearerAuth("token")).exchange().expectStatus().isOk(); - verify(jwtDecoder).decode(anyString()); } @Test public void getWhenUsingJwkSetUriThenConsultsAccordingly() { this.spring.register(JwkSetUriConfig.class, RootController.class).autowire(); - MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class); mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange() .expectStatus().isOk(); } @@ -217,10 +205,8 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingJwkSetUriInLambdaThenConsultsAccordingly() { this.spring.register(JwkSetUriInLambdaConfig.class, RootController.class).autowire(); - MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class); mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange() .expectStatus().isOk(); } @@ -228,12 +214,10 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerConfig.class).autowire(); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -242,12 +226,10 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerInLambdaConfig.class).autowire(); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -256,18 +238,14 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire(); - ReactiveAuthenticationManagerResolver authenticationManagerResolver = this.spring .getContext().getBean(ReactiveAuthenticationManagerResolver.class); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); - given(authenticationManagerResolver.resolve(any(ServerWebExchange.class))) .willReturn(Mono.just(authenticationManager)); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -276,7 +254,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void postWhenSignedThenReturnsOk() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.post().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -284,7 +261,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() { this.spring.register(DenyAllConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isForbidden().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\"")); @@ -293,21 +269,18 @@ public class OAuth2ResourceServerSpecTests { @Test public void postWhenMissingTokenThenReturnsForbidden() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.post().exchange().expectStatus().isForbidden(); } @Test public void getWhenCustomBearerTokenServerAuthenticationConverterThenResponds() { this.spring.register(CustomBearerTokenServerAuthenticationConverter.class, RootController.class).autowire(); - this.client.get().cookie("TOKEN", this.messageReadToken).exchange().expectStatus().isOk(); } @Test public void getWhenSignedAndCustomConverterThenConverts() { this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -315,14 +288,12 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenCustomBearerTokenEntryPointThenResponds() { this.spring.register(CustomErrorHandlingConfig.class).autowire(); - this.client.get().uri("/authenticated").exchange().expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT); } @Test public void getWhenCustomBearerTokenDeniedHandlerThenResponds() { this.spring.register(CustomErrorHandlingConfig.class).autowire(); - this.client.get().uri("/unobtainable").headers((headers) -> headers.setBearerAuth(this.messageReadToken)) .exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED); } @@ -332,14 +303,11 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean(ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); - assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); } @@ -348,15 +316,12 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); - assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); } @@ -365,13 +330,10 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); - assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class); } @@ -380,9 +342,7 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); - assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoSuchBeanDefinitionException.class); } @@ -391,7 +351,6 @@ public class OAuth2ResourceServerSpecTests { this.spring.register(IntrospectionConfig.class, RootController.class).autowire(); this.spring.getContext().getBean(MockWebServer.class) .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -401,7 +360,6 @@ public class OAuth2ResourceServerSpecTests { this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire(); this.spring.getContext().getBean(MockWebServer.class) .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -440,7 +398,6 @@ public class OAuth2ResourceServerSpecTests { private static RSAPublicKey publicKey() { String modulus = "26323220897278656456354815752829448539647589990395639665273015355787577386000316054335559633864476469390247312823732994485311378484154955583861993455004584140858982659817218753831620205191028763754231454775026027780771426040997832758235764611119743390612035457533732596799927628476322029280486807310749948064176545712270582940917249337311592011920620009965129181413510845780806191965771671528886508636605814099711121026468495328702234901200169245493126030184941412539949521815665744267183140084667383643755535107759061065656273783542590997725982989978433493861515415520051342321336460543070448417126615154138673620797"; String exponent = "65537"; - RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent)); RSAPublicKey rsaPublicKey = null; try { @@ -537,14 +494,12 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString(); - // @formatter:off http .oauth2ResourceServer() .jwt() .jwkSetUri(jwkSetUri); // @formatter:on - return http.build(); } @@ -569,7 +524,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString(); - // @formatter:off http .oauth2ResourceServer((oauth2ResourceServer) -> @@ -580,7 +534,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -609,7 +562,6 @@ public class OAuth2ResourceServerSpecTests { .oauth2ResourceServer() .jwt(); // @formatter:on - return http.build(); } @@ -635,7 +587,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -653,7 +604,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .authenticationManager(authenticationManager()); // @formatter:on - return http.build(); } @@ -680,7 +630,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -705,7 +654,6 @@ public class OAuth2ResourceServerSpecTests { .oauth2ResourceServer() .authenticationManagerResolver(authenticationManagerResolver()); // @formatter:on - return http.build(); } @@ -737,7 +685,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -765,19 +712,16 @@ public class OAuth2ResourceServerSpecTests { .jwtAuthenticationConverter(jwtAuthenticationConverter()) .publicKey(publicKey()); // @formatter:on - return http.build(); } @Bean Converter> jwtAuthenticationConverter() { - JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); converter.setJwtGrantedAuthoritiesConverter((jwt) -> { String[] claims = ((String) jwt.getClaims().get("scope")).split(" "); return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList()); }); - return new ReactiveJwtAuthenticationConverterAdapter(converter); } @@ -801,7 +745,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -816,7 +759,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String introspectionUri = mockWebServer().url("/introspect").toString(); - // @formatter:off http .oauth2ResourceServer() @@ -824,7 +766,6 @@ public class OAuth2ResourceServerSpecTests { .introspectionUri(introspectionUri) .introspectionClientCredentials("client", "secret"); // @formatter:on - return http.build(); } @@ -849,7 +790,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String introspectionUri = mockWebServer().url("/introspect").toString(); - // @formatter:off http .oauth2ResourceServer((oauth2ResourceServer) -> @@ -861,7 +801,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -892,7 +831,6 @@ public class OAuth2ResourceServerSpecTests { .authenticationManagerResolver(mock(ReactiveAuthenticationManagerResolver.class)) .opaqueToken(); // @formatter:on - return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java index cccf0f0df9..a9331c95e2 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java @@ -49,17 +49,12 @@ public class RequestCacheTests { public void defaultFormLoginRequestCache() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class); - securedPage.assertAt(); } @@ -67,17 +62,12 @@ public class RequestCacheTests { public void requestCacheNoOp() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - securedPage.assertAt(); } @@ -88,17 +78,12 @@ public class RequestCacheTests { .formLogin(withDefaults()) .requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance())) .build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - securedPage.assertAt(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java index a23964ceec..521b17c3ee 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java @@ -109,12 +109,9 @@ public class ServerHttpSecurityTests { TestPublisher securityContext = TestPublisher.create(); given(this.contextRepository.load(any())).willReturn(securityContext.mono()); this.http.securityContextRepository(this.contextRepository); - WebTestClient client = buildClient(); - FluxExchangeResult result = client.get().uri("/").exchange().expectHeader() .valueMatches(HttpHeaders.CACHE_CONTROL, ".+").returnResult(String.class); - assertThat(result.getResponseCookies()).isEmpty(); // there is no need to try and load the SecurityContext by default securityContext.assertWasNotSubscribed(); @@ -124,19 +121,15 @@ public class ServerHttpSecurityTests { public void basic() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -144,27 +137,22 @@ public class ServerHttpSecurityTests { public void basicWithGlobalWebSessionServerSecurityContextRepository() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.securityContextRepository(new WebSessionServerSecurityContextRepository()); this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull(); } @Test public void basicWhenNoCredentialsThenUnauthorized() { this.http.authorizeExchange().anyExchange().authenticated(); - WebTestClient client = buildClient(); client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty(); @@ -173,23 +161,18 @@ public class ServerHttpSecurityTests { @Test public void buildWhenServerWebExchangeFromContextThenFound() { SecurityWebFilterChain filter = this.http.build(); - WebTestClient client = WebTestClient.bindToController(new SubscriberContextController()) .webFilter(new WebFilterChainProxy(filter)).build(); - client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar"); } @Test public void csrfServerLogoutHandlerNotAppliedIfCsrfIsntEnabled() { SecurityWebFilterChain securityWebFilterChain = this.http.csrf().disable().build(); - assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent(); - Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler")); - assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class); } @@ -197,15 +180,12 @@ public class ServerHttpSecurityTests { public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() { SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository) .and().build(); - assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get() .extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository")) .isEqualTo(this.csrfTokenRepository); - Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler")); - assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) .extracting((delegatingLogoutHandler) -> ((List) ReflectionTestUtils .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() @@ -220,10 +200,8 @@ public class ServerHttpSecurityTests { .addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) .build(); List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block(); - assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class); - } @Test @@ -233,10 +211,8 @@ public class ServerHttpSecurityTests { .addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) .build(); List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block(); - assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class); - } @Test @@ -244,9 +220,7 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build(); WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters( AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); - } @Test @@ -254,7 +228,6 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build(); WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters( AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); } @@ -262,19 +235,15 @@ public class ServerHttpSecurityTests { public void basicWithAnonymous() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.httpBasic().and().anonymous(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().hasAuthority("ROLE_ADMIN"); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -287,13 +256,10 @@ public class ServerHttpSecurityTests { this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isUnauthorized() .expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")) .expectBody(String.class).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -306,13 +272,10 @@ public class ServerHttpSecurityTests { this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isUnauthorized() .expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")) .expectBody(String.class).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -321,15 +284,12 @@ public class ServerHttpSecurityTests { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityFilterChain = this.http.httpBasic() .authenticationManager(customAuthenticationManager).and().build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")); - verifyZeroInteractions(this.authenticationManager); } @@ -338,15 +298,12 @@ public class ServerHttpSecurityTests { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityFilterChain = this.http .httpBasic((httpBasic) -> httpBasic.authenticationManager(customAuthenticationManager)).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")); - verifyZeroInteractions(this.authenticationManager); verify(customAuthenticationManager).authenticate(any(Authentication.class)); } @@ -356,12 +313,9 @@ public class ServerHttpSecurityTests { public void addsX509FilterWhenX509AuthenticationIsConfigured() { X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class); ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class); - this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and(); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @@ -369,33 +323,26 @@ public class ServerHttpSecurityTests { public void x509WhenCustomizedThenAddsX509Filter() { X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class); ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class); - this.http.x509( (x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager)); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @Test public void addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults() { this.http.x509(); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @Test public void x509WhenDefaultsThenAddsX509Filter() { this.http.x509(withDefaults()); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @@ -404,7 +351,6 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.disable()).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.post().uri("/").exchange().expectStatus().isOk(); } @@ -416,9 +362,7 @@ public class ServerHttpSecurityTests { .csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.post().uri("/").exchange().expectStatus().isForbidden(); - verify(customServerCsrfTokenRepository).loadToken(any()); } @@ -427,17 +371,14 @@ public class ServerHttpSecurityTests { ServerRequestCache requestCache = spy(new WebSessionServerRequestCache()); ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); - SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() .clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange() .authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/test").exchange(); ArgumentCaptor captor = ArgumentCaptor.forClass(ServerWebExchange.class); verify(requestCache).saveRequest(captor.capture()); assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test"); - OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get(); Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler"); @@ -450,19 +391,14 @@ public class ServerHttpSecurityTests { ServerAuthorizationRequestRepository.class); ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build(); - given(authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); - SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() .clientRegistrationRepository(clientRegistrationRepository) .authorizationRequestRepository(authorizationRequestRepository).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/login/oauth2/code/registration-id").exchange(); - verify(authorizationRequestRepository).removeAuthorizationRequest(any()); } diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java index 4bd2d1e9f3..8d760858d5 100644 --- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java @@ -102,9 +102,7 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenNoIdSpecifiedThenIntegratesWithClientInboundChannel() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - this.clientInboundChannel.send(message("/permitAll")); - assertThatThrownBy(() -> this.clientInboundChannel.send(message("/denyAll"))) .hasCauseInstanceOf(AccessDeniedException.class); } @@ -112,214 +110,165 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenAnonymousMessageWithConnectMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken()); - assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers))).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithConnectAckMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.CONNECT_ACK); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithDisconnectMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.DISCONNECT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithDisconnectAckMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.DISCONNECT_ACK); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithHeartbeatMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.HEARTBEAT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithMessageMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.MESSAGE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithOtherMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.OTHER); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithSubscribeMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.SUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithUnsubscribeMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenConnectWithoutCsrfTokenThenDenied() { this.spring.configLocations(xml("SyncConfig")).autowire(); - Message message = message("/message", SimpMessageType.CONNECT); - assertThatThrownBy(send(message)).hasCauseInstanceOf(InvalidCsrfTokenException.class); } @Test public void sendWhenConnectWithSameOriginDisabledThenCsrfTokenNotRequired() { this.spring.configLocations(xml("SyncSameOriginDisabledConfig")).autowire(); - Message message = message("/message", SimpMessageType.CONNECT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenInterceptWiredForMessageTypeThenDeniesOnTypeMismatch() { this.spring.configLocations(xml("MessageInterceptTypeConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.MESSAGE); - assertThatCode(send(message)).doesNotThrowAnyException(); - message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/anyOther", SimpMessageType.MESSAGE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void sendWhenInterceptWiredForSubscribeTypeThenDeniesOnTypeMismatch() { this.spring.configLocations(xml("SubscribeInterceptTypeConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.SUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); - message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/anyOther", SimpMessageType.SUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void configureWhenUsingConnectMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingOtherMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void sendWhenNoIdMessageThenAuthenticationPrincipalResolved() { this.spring.configLocations(xml("SyncConfig")).autowire(); - this.clientInboundChannel.send(message("/message")); - assertThat(this.messageController.username).isEqualTo("anonymous"); } @Test public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception { this.spring.configLocations(xml("SyncConfig")).autowire(); - WebApplicationContext context = this.spring.getContext(); MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); - String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token) .sessionAttr(customAttributeName, "attributeValue")).andReturn(); - CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); - assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); - assertThat(handshakeValue).isEqualTo(sessionValue) .withFailMessage("Explicitly listed session variables are not overridden"); } @@ -327,22 +276,16 @@ public class WebSocketMessageBrokerConfigTests { @Test public void requestWhenConnectMessageAndUsingSockJsThenUsesCsrfTokenHandshakeInterceptor() throws Exception { this.spring.configLocations(xml("SyncSockJsConfig")).autowire(); - WebApplicationContext context = this.spring.getContext(); MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); - String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket").requestAttr(csrfAttributeName, this.token) .sessionAttr(customAttributeName, "attributeValue")).andReturn(); - CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); - assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); - assertThat(handshakeValue).isEqualTo(sessionValue) .withFailMessage("Explicitly listed session variables are not overridden"); } @@ -350,31 +293,23 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenNoIdSpecifiedThenCustomArgumentResolversAreNotOverridden() { this.spring.configLocations(xml("SyncCustomArgumentResolverConfig")).autowire(); - this.clientInboundChannel.send(message("/message-with-argument")); - assertThat(this.messageWithArgumentController.messageArgument).isNotNull(); } @Test public void sendWhenUsingCustomPathMatcherThenSecurityAppliesIt() { this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire(); - Message message = message("/denyAll.a"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/denyAll.a.b"); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenIdSpecifiedThenSecurityDoesNotIntegrateWithClientInboundChannel() { this.spring.configLocations(xml("IdConfig")).autowire(); - Message message = message("/denyAll"); - assertThatCode(send(message)).doesNotThrowAnyException(); } @@ -382,18 +317,14 @@ public class WebSocketMessageBrokerConfigTests { @WithMockUser public void sendWhenIdSpecifiedAndExplicitlyIntegratedWhenBrokerUsesClientInboundChannel() { this.spring.configLocations(xml("IdIntegratedConfig")).autowire(); - Message message = message("/denyAll"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void sendWhenNoIdSpecifiedThenSecurityDoesntOverrideCustomInterceptors() { this.spring.configLocations(xml("CustomInterceptorConfig")).autowire(); - Message message = message("/throwAll"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(UnsupportedOperationException.class); } @@ -401,9 +332,7 @@ public class WebSocketMessageBrokerConfigTests { @WithMockUser(username = "nile") public void sendWhenCustomExpressionHandlerThenAuthorizesAccordingly() { this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire(); - Message message = message("/denyNile"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @@ -428,13 +357,10 @@ public class WebSocketMessageBrokerConfigTests { headers.setSessionId("123"); headers.setSessionAttributes(new HashMap<>()); headers.setDestination(destination); - if (SecurityContextHolder.getContext().getAuthentication() != null) { headers.setUser(SecurityContextHolder.getContext().getAuthentication()); } - headers.getSessionAttributes().put(CsrfToken.class.getName(), this.token); - return new GenericMessage<>("hi", headers.getMessageHeaders()); } @@ -491,9 +417,7 @@ public class WebSocketMessageBrokerConfigTests { public boolean doHandshake(ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler, Map attributes) throws HandshakeFailureException { - this.attributes = attributes; - return true; } @@ -510,7 +434,6 @@ public class WebSocketMessageBrokerConfigTests { @Override public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { - } } @@ -529,14 +452,11 @@ public class WebSocketMessageBrokerConfigTests { @Override protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message invocation) { - return new MessageSecurityExpressionRoot(authentication, invocation) { - public boolean denyNile() { Authentication auth = getAuthentication(); return auth != null && !"nile".equals(auth.getName()); } - }; } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java index 4f673aa2ef..9ac5684868 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java @@ -63,7 +63,6 @@ final class HtmlUnitWebTestClient { contentType(request, webRequest); cookies(request, webRequest); headers(request, webRequest); - return content(request, webRequest).exchange().returnResult(String.class); } @@ -109,7 +108,6 @@ final class HtmlUnitWebTestClient { request.cookie(cookieName, cookieValue); } } - Set managedCookies = this.webClient.getCookies(webRequest.getUrl()); for (com.gargoylesoftware.htmlunit.util.Cookie cookie : managedCookies) { request.cookie(cookie.getName(), cookie.getValue()); @@ -156,10 +154,8 @@ final class HtmlUnitWebTestClient { .headers((headers) -> headers.addAll(request.headers())) .cookies((cookies) -> cookies.addAll(request.cookies())) .attributes((attributes) -> attributes.putAll(request.attributes())).build(); - return next.exchange(redirect).flatMap((r) -> redirectIfNecessary(request, next, r)); } - return Mono.just(response); } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java index 7f509d7f1a..1c734077a8 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java @@ -46,9 +46,7 @@ public class WebTestClientHtmlUnitDriverBuilderTests { public void helloWorld() { WebTestClient webTestClient = WebTestClient.bindToController(new HelloWorldController()).build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/"); - assertThat(driver.getPageSource()).contains("Hello World"); } @@ -56,13 +54,9 @@ public class WebTestClientHtmlUnitDriverBuilderTests { public void cookies() { WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/cookie"); - assertThat(driver.getPageSource()).contains("theCookie"); - driver.get("http://localhost/cookie/delete"); - assertThat(driver.getPageSource()).contains("null"); } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java index f7dd640175..a2fed90d58 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java @@ -50,7 +50,6 @@ public class WebTestClientWebConnection implements WebConnection { Assert.notNull(webTestClient, "MockMvc must not be null"); Assert.notNull(webClient, "WebClient must not be null"); validateContextPath(contextPath); - this.webClient = webClient; this.webTestClient = webTestClient; this.contextPath = contextPath; @@ -82,7 +81,6 @@ public class WebTestClientWebConnection implements WebConnection { @Override public WebResponse getResponse(WebRequest webRequest) throws IOException { long startTime = System.currentTimeMillis(); - FluxExchangeResult exchangeResult = this.requestBuilder.getResponse(webRequest); webRequest.setUrl(exchangeResult.getUrl().toURL()); return new MockWebResponseBuilder(startTime, webRequest, exchangeResult).build(); diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java index dd8575d432..2710091266 100644 --- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java +++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java @@ -41,12 +41,10 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + " " + " " + ""; - static final String ACCESS_MANAGER_XML = "" + " " + " " + " " + ""; - static final String TARGET_BEAN_AND_INTERCEPTOR = "" + "" + " " + " " @@ -77,9 +75,7 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + "" + TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML); - ITargetObject target = (ITargetObject) this.appContext.getBean("target"); - // Check both against interface and class try { target.makeLowerCase("TEST"); @@ -87,7 +83,6 @@ public class MethodSecurityInterceptorWithAopConfigTests { } catch (AuthenticationCredentialsNotFoundException expected) { } - target.makeUpperCase("test"); } @@ -101,18 +96,14 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + " " + "" + TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML); - ITargetObject target = (ITargetObject) this.appContext.getBean("target"); - try { target.makeLowerCase("TEST"); fail("AuthenticationCredentialsNotFoundException expected"); } catch (AuthenticationCredentialsNotFoundException expected) { } - target.makeUpperCase("test"); - } private void setContext(String context) { diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java index f450a2bb76..2ff999577a 100644 --- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java +++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java @@ -37,14 +37,12 @@ public final class PopulatedDatabase { if (dataSource == null) { setupDataSource(); } - return dataSource; } private static void setupDataSource() { dataSource = new TestDataSource("springsecuritytest"); JdbcTemplate template = new JdbcTemplate(dataSource); - template.execute( "CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL)"); template.execute( @@ -77,18 +75,15 @@ public final class PopulatedDatabase { "INSERT INTO acl_object_identity VALUES (5, 'org.springframework.security.acl.DomainObject:5', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');"); template.execute( "INSERT INTO acl_object_identity VALUES (6, 'org.springframework.security.acl.DomainObject:6', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');"); - // ----- BEGIN deviation from normal sample data load script ----- template.execute( "INSERT INTO acl_object_identity VALUES (7, 'org.springframework.security.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');"); - // ----- FINISH deviation from normal sample data load script ----- template.execute("INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);"); template.execute("INSERT INTO acl_permission VALUES (null, 2, 'ROLE_SUPERVISOR', 0);"); template.execute("INSERT INTO acl_permission VALUES (null, 2, 'rod', 2);"); template.execute("INSERT INTO acl_permission VALUES (null, 3, 'scott', 14);"); template.execute("INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);"); - createGroupTables(template); insertGroupData(template); } @@ -106,13 +101,11 @@ public final class PopulatedDatabase { public static void insertGroupData(JdbcTemplate template) { template.execute("INSERT INTO USERS VALUES('jerry','password',TRUE)"); template.execute("INSERT INTO USERS VALUES('tom','password',TRUE)"); - template.execute("INSERT INTO GROUPS VALUES (0, 'GROUP_0')"); template.execute("INSERT INTO GROUPS VALUES (1, 'GROUP_1')"); template.execute("INSERT INTO GROUPS VALUES (2, 'GROUP_2')"); // Group 3 isn't used template.execute("INSERT INTO GROUPS VALUES (3, 'GROUP_3')"); - template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (0, 'ROLE_A')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_B')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_C')"); @@ -121,7 +114,6 @@ public final class PopulatedDatabase { template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (2, 'ROLE_C')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_D')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_E')"); - template.execute("INSERT INTO GROUP_MEMBERS VALUES (0, 'jerry', 0)"); template.execute("INSERT INTO GROUP_MEMBERS VALUES (1, 'jerry', 1)"); // tom has groups with overlapping roles diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java index 5f98437350..b936d69043 100644 --- a/core/src/test/java/org/springframework/security/TargetObject.java +++ b/core/src/test/java/org/springframework/security/TargetObject.java @@ -47,7 +47,6 @@ public class TargetObject implements ITargetObject { @Override public String makeLowerCase(String input) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth == null) { return input.toLowerCase() + " Authentication empty"; } @@ -67,7 +66,6 @@ public class TargetObject implements ITargetObject { @Override public String makeUpperCase(String input) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated(); } diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java index 94de0f1f15..9b6fee171e 100644 --- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java +++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java @@ -37,7 +37,6 @@ public class AuthorizedEventTests { @Test(expected = IllegalArgumentException.class) public void testRejectsNulls2() { - new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar")); } diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java index 40c2165865..7cc22aff20 100644 --- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java +++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java @@ -53,23 +53,17 @@ public class SecurityConfigTests { SecurityConfig security1 = new SecurityConfig("TEST"); SecurityConfig security2 = new SecurityConfig("TEST"); assertThat(security2).isEqualTo(security1); - // SEC-311: Must observe symmetry requirement of Object.equals(Object) contract String securityString1 = "TEST"; assertThat(securityString1).isNotSameAs(security1); - String securityString2 = "NOT_EQUAL"; assertThat(!security1.equals(securityString2)).isTrue(); - SecurityConfig security3 = new SecurityConfig("NOT_EQUAL"); assertThat(!security1.equals(security3)).isTrue(); - MockConfigAttribute mock1 = new MockConfigAttribute("TEST"); assertThat(security1).isEqualTo(mock1); - MockConfigAttribute mock2 = new MockConfigAttribute("NOT_EQUAL"); assertThat(security1).isNotEqualTo(mock2); - Integer int1 = 987; assertThat(security1).isNotEqualTo(int1); } diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java index 705632467e..0e732bf480 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java @@ -75,7 +75,6 @@ public class BusinessServiceImpl implements BusinessService { @Override public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java index eec3144daa..9d1b066d01 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java @@ -71,12 +71,10 @@ public class ExpressionProtectedBusinessServiceImpl implements BusinessService { @PreAuthorize("#x == 'x' and @number.intValue() == 1294 ") public void methodWithBeanNamePropertyAccessExpression(String x) { - } @Override public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java index 3472f49f1c..09aa5ae48c 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java @@ -76,7 +76,6 @@ public class Jsr250BusinessServiceImpl implements BusinessService { @Override @RolesAllowed({ "USER" }) public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java index e072ee4b4c..642674a887 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java @@ -91,7 +91,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void customDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix("CUSTOMPREFIX_"); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("CUSTOMPREFIX_ADMIN"); @@ -100,7 +99,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void emptyDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix(""); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN"); @@ -109,7 +107,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void nullDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix(null); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN"); @@ -123,7 +120,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { } // JSR-250 Spec Tests - /** * Class-level annotations only affect the class they annotate and their members, that * is, its methods and fields. They never affect a member declared by a superclass, @@ -134,7 +130,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isNull(); } @@ -143,7 +138,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -153,7 +147,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsImpactMemberLevel() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "defaults"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -163,7 +156,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "explicitMethod"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_EXPLICIT"); @@ -178,7 +170,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void interfacesNeverContributeAnnotationsMethodLevel() throws Exception { Parent target = new Parent(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "interfaceMethod"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isEmpty(); } @@ -187,7 +178,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void interfacesNeverContributeAnnotationsClassLevel() throws Exception { Parent target = new Parent(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isEmpty(); } @@ -196,7 +186,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void annotationsOnOverriddenMemberIgnored() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overridenIgnored"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -234,7 +223,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { } // JSR-250 Spec - @RolesAllowed("IPARENT") interface IParent { diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java index 8e7f5536fc..412d2fe93f 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java @@ -38,21 +38,17 @@ public class Jsr250VoterTests { public void supportsMultipleRolesCorrectly() { List attrs = new ArrayList<>(); Jsr250Voter voter = new Jsr250Voter(); - attrs.add(new Jsr250SecurityConfig("A")); attrs.add(new Jsr250SecurityConfig("B")); attrs.add(new Jsr250SecurityConfig("C")); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); } diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java index 842aa93485..a607b56874 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java @@ -54,39 +54,29 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Test public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() { Method method = null; - try { method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class }); } catch (NoSuchMethodException unexpected) { fail("Should be a superMethod called 'someUserMethod3' on class!"); } - Collection attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class); - assertThat(attrs).isNotNull(); - // expect 1 attribute assertThat(attrs.size() == 1).as("Did not find 1 attribute").isTrue(); - // should have 1 SecurityConfig for (ConfigAttribute sc : attrs) { assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN"); } - Method superMethod = null; - try { superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class }); } catch (NoSuchMethodException unexpected) { fail("Should be a superMethod called 'someUserMethod3' on class!"); } - Collection superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class); - assertThat(superAttrs).isNotNull(); - // This part of the test relates to SEC-274 // expect 1 attribute assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1); @@ -99,41 +89,31 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Test public void classLevelAttributesAreFound() { Collection attrs = this.mds.findAttributes(BusinessService.class); - assertThat(attrs).isNotNull(); - // expect 1 annotation assertThat(attrs).hasSize(1); - // should have 1 SecurityConfig SecurityConfig sc = (SecurityConfig) attrs.toArray()[0]; - assertThat(sc.getAttribute()).isEqualTo("ROLE_USER"); } @Test public void methodLevelAttributesAreFound() { Method method = null; - try { method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {}); } catch (NoSuchMethodException unexpected) { fail("Should be a method called 'someUserAndAdminMethod' on class!"); } - Collection attrs = this.mds.findAttributes(method, BusinessService.class); - // expect 2 attributes assertThat(attrs).hasSize(2); - boolean user = false; boolean admin = false; - // should have 2 SecurityConfigs for (ConfigAttribute sc : attrs) { assertThat(sc).isInstanceOf(SecurityConfig.class); - if (sc.getAttribute().equals("ROLE_USER")) { user = true; } @@ -141,7 +121,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { admin = true; } } - // expect to have ROLE_USER and ROLE_ADMIN assertThat(user).isEqualTo(admin).isTrue(); } @@ -159,9 +138,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests { public void annotatedAnnotationAtClassLevelIsDetected() throws Exception { MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(new AnnotatedAnnotationAtClassLevel(), ReturnVoid.class, "doSomething", List.class); - ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -170,9 +147,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests { public void annotatedAnnotationAtInterfaceLevelIsDetected() throws Exception { MockMethodInvocation annotatedAtInterfaceLevel = new MockMethodInvocation( new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething", List.class); - ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -182,7 +157,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(new AnnotatedAnnotationAtMethodLevel(), ReturnVoid.class, "doSomething", List.class); ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -223,7 +197,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { } // SEC-1491 Related classes. PoC for custom annotation with enum value. - @CustomSecurityAnnotation(SecurityEnum.ADMIN) interface CustomAnnotatedService { @@ -262,7 +235,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Override public Collection extractAttributes(CustomSecurityAnnotation securityAnnotation) { SecurityEnum[] values = securityAnnotation.value(); - return EnumSet.copyOf(Arrays.asList(values)); } diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java index c9522feca6..f8c6b653a2 100644 --- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java @@ -51,7 +51,6 @@ public class AbstractSecurityExpressionHandlerTests { @Test public void beanNamesAreCorrectlyResolved() { this.handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class)); - Expression expression = this.handler.getExpressionParser() .parseExpression("@number10.compareTo(@number20) < 0"); assertThat(expression.getValue(this.handler.createEvaluationContext(mock(Authentication.class), new Object()))) diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java index c1e953f363..9cb6564f61 100644 --- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java @@ -64,7 +64,6 @@ public class SecurityExpressionRootTests { @Test public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() { this.root.setRoleHierarchy((authorities) -> AuthorityUtils.createAuthorityList("ROLE_C")); - assertThat(this.root.hasRole("C")).isTrue(); assertThat(this.root.hasAuthority("ROLE_C")).isTrue(); assertThat(this.root.hasRole("A")).isFalse(); @@ -98,7 +97,6 @@ public class SecurityExpressionRootTests { public void hasRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles() { SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) { }; - assertThat(root.hasRole("ROLE_A")).isTrue(); assertThat(root.hasRole("ROLE_NO")).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java index f2f1047f61..0cc3343ca5 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java @@ -77,11 +77,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { @Test public void createEvaluationContextCustomTrustResolver() { this.handler.setTrustResolver(this.trustResolver); - Expression expression = this.handler.getExpressionParser().parseExpression("anonymous"); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); expression.getValue(context, Boolean.class); - verify(this.trustResolver).isAnonymous(this.authentication); } @@ -92,13 +90,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 1); @@ -113,13 +107,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 1); @@ -134,14 +124,10 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser() .parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 2); @@ -153,13 +139,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { @SuppressWarnings("unchecked") public void filterWhenUsingStreamThenFiltersStream() { final Stream stream = Stream.of("1", "2", "3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject ne '2'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(stream, expression, context); - assertThat(filtered).isInstanceOf(Stream.class); List list = ((Stream) filtered).collect(Collectors.toList()); assertThat(list).containsExactly("1", "3"); @@ -169,11 +151,8 @@ public class DefaultMethodSecurityExpressionHandlerTests { public void filterStreamWhenClosedThenUpstreamGetsClosed() { final Stream upstream = mock(Stream.class); doReturn(Stream.empty()).when(upstream).filter(any()); - Expression expression = this.handler.getExpressionParser().parseExpression("true"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - ((Stream) this.handler.filter(upstream, expression, context)).close(); verify(upstream).close(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java index d60ef97c45..d409c4054d 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java @@ -113,9 +113,8 @@ public class MethodExpressionVoterTests { @Test public void ruleDefinedInAClassMethodIsApplied() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe"); - assertThat( - - this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, + assertThat(this.am.vote(this.joe, mi, + createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)")))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java index 43ee1027ad..e6c8910fd8 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java @@ -64,7 +64,6 @@ public class MethodSecurityExpressionRootTests { public void canCallMethodsOnVariables() { this.ctx.setVariable("var", "somestring"); Expression e = this.parser.parseExpression("#var.length() == 10"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } @@ -87,9 +86,7 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse(); - } @Test @@ -99,7 +96,6 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue(); } @@ -110,7 +106,6 @@ public class MethodSecurityExpressionRootTests { final PermissionEvaluator pe = mock(PermissionEvaluator.class); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false); - Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)"); // evaluator returns true assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); @@ -135,12 +130,10 @@ public class MethodSecurityExpressionRootTests { this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false); given(pe.hasPermission(this.user, "x", i)).willReturn(true); - Expression e = this.parser.parseExpression("hasPermission(this, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); e = this.parser.parseExpression("hasPermission(this, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); - e = this.parser.parseExpression("hasPermission(this.x, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java index bf024683f3..c7e19fbf89 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java @@ -88,7 +88,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -100,7 +99,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void mixedClassAndMethodPreAnnotationsAreBothIncluded() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl2).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -112,7 +110,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void methodWithPreFilterOnlyIsAllowed() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl3).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -124,7 +121,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void methodWithPostFilterOnlyIsAllowed() { ConfigAttribute[] attrs = this.mds.getAttributes(this.listImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(2); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); assertThat(attrs[1] instanceof PostInvocationExpressionAttribute).isTrue(); @@ -138,7 +134,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void interfaceAttributesAreIncluded() { ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -151,7 +146,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void classAttributesTakesPrecedeceOverInterfaceAttributes() { ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl2).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -164,7 +158,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void customAnnotationAtClassLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtClassLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } @@ -172,14 +165,12 @@ public class PrePostAnnotationSecurityMetadataSourceTests { public void customAnnotationAtInterfaceLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtInterfaceLevel) .toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } @Test public void customAnnotationAtMethodLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtMethodLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java index 8d2a9fdff3..b8df1e837e 100755 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java @@ -36,7 +36,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities1 == null && authorities2 == null) { return true; } - if (authorities1 == null || authorities2 == null) { return false; } @@ -48,7 +47,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities1 == null && authorities2 == null) { return true; } - if (authorities1 == null || authorities2 == null) { return false; } @@ -60,7 +58,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities == null) { return null; } - List result = new ArrayList<>(authorities.size()); for (GrantedAuthority authority : authorities) { result.add(authority.getAuthority()); @@ -70,12 +67,10 @@ public abstract class HierarchicalRolesTestHelper { public static List createAuthorityList(final String... roles) { List authorities = new ArrayList<>(roles.length); - for (final String role : roles) { // Use non SimpleGrantedAuthority (SEC-863) authorities.add((GrantedAuthority) () -> role); } - return authorities; } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java index 0d373bf9d9..58beb183f3 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java @@ -35,16 +35,11 @@ public class RoleHierarchyAuthoritiesMapperTests { RoleHierarchyImpl rh = new RoleHierarchyImpl(); rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh); - Collection authorities = mapper .mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); - assertThat(authorities).hasSize(4); - mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy()); - authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); - assertThat(authorities).hasSize(2); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java index 7f337dac51..0bd68d1955 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java @@ -38,27 +38,21 @@ public class RoleHierarchyImplTests { public void testRoleHierarchyWithNullOrEmptyAuthorities() { List authorities0 = null; List authorities1 = new ArrayList<>(); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isNotNull(); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty(); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isNotNull(); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty(); } @Test public void testSimpleRoleHierarchy() { - List authorities0 = AuthorityUtils.createAuthorityList("ROLE_0"); List authorities1 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( @@ -73,13 +67,10 @@ public class RoleHierarchyImplTests { List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C"); List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C", "ROLE_D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); - roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); @@ -96,10 +87,8 @@ public class RoleHierarchyImplTests { List authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C", "ROLE_D"); List authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D"); List authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( @@ -113,28 +102,24 @@ public class RoleHierarchyImplTests { @Test public void testCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B"); @@ -142,7 +127,6 @@ public class RoleHierarchyImplTests { } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B"); fail("Cycle in role hierarchy was not detected!"); @@ -154,7 +138,6 @@ public class RoleHierarchyImplTests { @Test public void testNoCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); } @@ -166,14 +149,11 @@ public class RoleHierarchyImplTests { // SEC-863 @Test public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() { - List authorities0 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_0"); List authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A"); List authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( @@ -188,13 +168,10 @@ public class RoleHierarchyImplTests { List authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C"); List authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C", "ROLE D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); - roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); @@ -209,7 +186,6 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } @@ -223,7 +199,6 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl .setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } @@ -236,7 +211,6 @@ public class RoleHierarchyImplTests { "ROLE_LOW", "ROLE_LOWER"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java index 6684a2e9d7..ae08fd1249 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java @@ -44,14 +44,11 @@ public class RoleHierarchyUtilsTests { "ROLE_B > ROLE_D" + EOL + "ROLE_C > ROLE_D" + EOL; // @formatter:on - Map> roleHierarchyMap = new TreeMap<>(); roleHierarchyMap.put("ROLE_A", Arrays.asList("ROLE_B", "ROLE_C")); roleHierarchyMap.put("ROLE_B", Arrays.asList("ROLE_D")); roleHierarchyMap.put("ROLE_C", Arrays.asList("ROLE_D")); - String roleHierarchy = RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); - assertThat(roleHierarchy).isEqualTo(expectedRoleHierarchy); } @@ -69,7 +66,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenRoleNullThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C")); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -77,7 +73,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenRoleEmptyThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C")); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -85,7 +80,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenImpliedRolesNullThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", null); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -93,7 +87,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenImpliedRolesEmptyThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", Collections.emptyList()); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java index 54570c4759..111b94b8f5 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java @@ -42,12 +42,10 @@ public class TestHelperTests { List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); List authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue(); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse(); @@ -65,42 +63,32 @@ public class TestHelperTests { Collection authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); Collection authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); Collection authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - List authoritiesStrings1 = new ArrayList<>(); authoritiesStrings1.add("ROLE_A"); authoritiesStrings1.add("ROLE_B"); - List authoritiesStrings2 = new ArrayList<>(); authoritiesStrings2.add("ROLE_B"); authoritiesStrings2.add("ROLE_A"); - List authoritiesStrings3 = new ArrayList<>(); authoritiesStrings3.add("ROLE_A"); authoritiesStrings3.add("ROLE_C"); - List authoritiesStrings4 = new ArrayList<>(); authoritiesStrings4.add("ROLE_A"); - List authoritiesStrings5 = new ArrayList<>(); authoritiesStrings5.add("ROLE_A"); authoritiesStrings5.add("ROLE_A"); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1), authoritiesStrings1)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2), authoritiesStrings2)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3), authoritiesStrings3)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4), authoritiesStrings4)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5), authoritiesStrings5)) .isTrue(); @@ -114,12 +102,10 @@ public class TestHelperTests { List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); List authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue(); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse(); @@ -144,7 +130,6 @@ public class TestHelperTests { List authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A"); assertThat(authorities1).hasSize(1); assertThat(authorities1.get(0).getAuthority()).isEqualTo("ROLE_A"); - List authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_C"); assertThat(authorities2).hasSize(2); assertThat(authorities2.get(0).getAuthority()).isEqualTo("ROLE_A"); diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java index 67f6e1aa86..6a4047cbae 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java @@ -36,7 +36,6 @@ public class AbstractSecurityInterceptorTests { @Test(expected = IllegalArgumentException.class) public void detectsIfInvocationPassedIncompatibleSecureObject() { MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings(); - si.setRunAsManager(mock(RunAsManager.class)); si.setAuthenticationManager(mock(AuthenticationManager.class)); si.setAfterInvocationManager(mock(AfterInvocationManager.class)); diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java index 6244ad3a4f..f6fc8ec922 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java @@ -51,25 +51,19 @@ public class AfterInvocationProviderManagerTests { manager.setProviders(list); assertThat(manager.getProviders()).isEqualTo(list); manager.afterPropertiesSet(); - List attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" }); List attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" }); List attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" }); List attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" }); List attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" }); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")) .isEqualTo("swap1"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")) .isEqualTo("swap2"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")) .isEqualTo("swap3"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")) .isEqualTo("content-before-swapping"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")) .isEqualTo("swap3"); } @@ -78,7 +72,6 @@ public class AfterInvocationProviderManagerTests { public void testRejectsEmptyProvidersList() { AfterInvocationProviderManager manager = new AfterInvocationProviderManager(); List list = new Vector(); - try { manager.setProviders(list); fail("Should have thrown IllegalArgumentException"); @@ -95,7 +88,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1"))); list.add(45); list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); - try { manager.setProviders(list); fail("Should have thrown IllegalArgumentException"); @@ -108,7 +100,6 @@ public class AfterInvocationProviderManagerTests { @Test public void testRejectsNullProvidersList() throws Exception { AfterInvocationProviderManager manager = new AfterInvocationProviderManager(); - try { manager.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -127,7 +118,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); manager.setProviders(list); manager.afterPropertiesSet(); - assertThat(manager.supports(new SecurityConfig("UNKNOWN_ATTRIB"))).isFalse(); assertThat(manager.supports(new SecurityConfig("GIVE_ME_SWAP2"))).isTrue(); } @@ -141,7 +131,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); manager.setProviders(list); manager.afterPropertiesSet(); - // assertFalse(manager.supports(FilterInvocation.class)); assertThat(manager.supports(MethodInvocation.class)).isTrue(); } @@ -171,7 +160,6 @@ public class AfterInvocationProviderManagerTests { if (config.contains(this.configAttribute)) { return this.forceReturnObject; } - return returnedObject; } diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java index f745614c0f..eb6947816a 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java @@ -42,7 +42,6 @@ public class InterceptorStatusTokenTests { MethodInvocation mi = new SimpleMethodInvocation(); SecurityContext ctx = SecurityContextHolder.createEmptyContext(); InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi); - assertThat(token.isContextHolderRefreshRequired()).isTrue(); assertThat(token.getAttributes()).isEqualTo(attr); assertThat(token.getSecureObject()).isEqualTo(mi); diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java index b19767152a..620806f5ff 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java @@ -38,7 +38,6 @@ public class RunAsImplAuthenticationProviderTests { AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("hello_world"); - provider.authenticate(token); } @@ -48,11 +47,8 @@ public class RunAsImplAuthenticationProviderTests { AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("my_password"); - Authentication result = provider.authenticate(token); - Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -60,7 +56,6 @@ public class RunAsImplAuthenticationProviderTests { @Test(expected = IllegalArgumentException.class) public void testStartupFailsIfNoKey() throws Exception { RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); - provider.afterPropertiesSet(); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java index c58c4a193f..31503300c3 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java @@ -45,10 +45,8 @@ public class RunAsManagerImplTests { public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); - Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE")); assertThat(resultingToken).isNull(); @@ -58,23 +56,18 @@ public class RunAsManagerImplTests { public void testRespectsRolePrefix() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ONE", "TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); runAs.setRolePrefix("FOOBAR_"); - Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); - assertThat(result instanceof RunAsUserToken).withFailMessage("Should have returned a RunAsUserToken").isTrue(); assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); Set authorities = AuthorityUtils.authorityListToSet(result.getAuthorities()); - assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ONE")).isTrue(); assertThat(authorities.contains("TWO")).isTrue(); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -83,25 +76,19 @@ public class RunAsManagerImplTests { public void testReturnsAdditionalGrantedAuthorities() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); - Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); - if (!(result instanceof RunAsUserToken)) { fail("Should have returned a RunAsUserToken"); } - assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); - Set authorities = AuthorityUtils.authorityListToSet(result.getAuthorities()); assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ROLE_ONE")).isTrue(); assertThat(authorities.contains("ROLE_TWO")).isTrue(); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -109,13 +96,11 @@ public class RunAsManagerImplTests { @Test public void testStartupDetectsMissingKey() throws Exception { RunAsManagerImpl runAs = new RunAsManagerImpl(); - try { runAs.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java index 50d5fd3d70..b8b151b27a 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java @@ -53,7 +53,6 @@ public class RunAsUserTokenTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = RunAsUserToken.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java index b510aeb697..aa8ff61359 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java @@ -198,7 +198,6 @@ public class MethodSecurityInterceptorTests { given(this.adm.supports(MethodInvocation.class)).willReturn(true); given(this.mds.supports(MethodInvocation.class)).willReturn(true); given(this.mds.getAllConfigAttributes()).willReturn(null); - this.interceptor.setValidateConfigAttributes(true); this.interceptor.afterPropertiesSet(); verify(this.adm, never()).supports(any(ConfigAttribute.class)); @@ -224,10 +223,8 @@ public class MethodSecurityInterceptorTests { public void callIsntMadeWhenAuthenticationManagerRejectsAuthentication() { final TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password"); SecurityContextHolder.getContext().setAuthentication(token); - mdsReturnsUserRole(); given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected")); - this.advisedTarget.makeLowerCase("HELLO"); } @@ -237,9 +234,7 @@ public class MethodSecurityInterceptorTests { this.interceptor.setPublishAuthorizationSuccess(true); SecurityContextHolder.getContext().setAuthentication(this.token); mdsReturnsUserRole(); - String result = this.advisedTarget.makeLowerCase("HELLO"); - // Note we check the isAuthenticated remained true in following line assertThat(result) .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true"); @@ -256,7 +251,6 @@ public class MethodSecurityInterceptorTests { given(this.authman.authenticate(this.token)).willReturn(this.token); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(any(Authentication.class), any(MethodInvocation.class), any(List.class)); - try { this.advisedTarget.makeUpperCase("HELLO"); fail("Expected Exception"); @@ -282,7 +276,6 @@ public class MethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); - String result = this.advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back @@ -304,14 +297,12 @@ public class MethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); - try { this.advisedTarget.makeUpperCase("hello"); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); @@ -329,19 +320,15 @@ public class MethodSecurityInterceptorTests { this.token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(this.token); mdsReturnsUserRole(); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - given(mi.proceed()).willThrow(new Throwable()); - try { this.interceptor.invoke(mi); fail("Expected exception"); } catch (Throwable expected) { } - verifyZeroInteractions(aim); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java index d9ea3b8857..297705c6e5 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java @@ -39,7 +39,6 @@ public class MethodSecurityMetadataSourceAdvisorTests { public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception { Class clazz = TargetObject.class; Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class }); - MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); given(mds.getAttributes(method, clazz)).willReturn(null); MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, ""); @@ -50,7 +49,6 @@ public class MethodSecurityMetadataSourceAdvisorTests { public void testAdvisorReturnsTrueWhenMethodInvocationIsDefined() throws Exception { Class clazz = TargetObject.class; Method method = clazz.getMethod("countLength", new Class[] { String.class }); - MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); given(mds.getAttributes(method, clazz)).willReturn(SecurityConfig.createList("ROLE_A")); MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, ""); diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java index f156277895..6ea44ac332 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java @@ -114,7 +114,6 @@ public class AspectJMethodSecurityInterceptorTests { SecurityContextHolder.getContext().setAuthentication(this.token); this.interceptor.invoke(this.joinPoint, this.aspectJCallback); verify(this.aspectJCallback).proceedWithObject(); - // Just try the other method too this.interceptor.invoke(this.joinPoint); } @@ -123,7 +122,6 @@ public class AspectJMethodSecurityInterceptorTests { @Test public void callbackIsNotInvokedWhenPermissionDenied() { willThrow(new AccessDeniedException("denied")).given(this.adm).decide(any(), any(), any()); - SecurityContextHolder.getContext().setAuthentication(this.token); try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); @@ -138,7 +136,6 @@ public class AspectJMethodSecurityInterceptorTests { public void adapterHoldsCorrectData() { TargetObject to = new TargetObject(); Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class }); - given(this.joinPoint.getTarget()).willReturn(to); given(this.joinPoint.getArgs()).willReturn(new Object[] { "Hi" }); MethodInvocationAdapter mia = new MethodInvocationAdapter(this.joinPoint); @@ -152,19 +149,15 @@ public class AspectJMethodSecurityInterceptorTests { public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() { this.token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(this.token); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); fail("Expected exception"); } catch (RuntimeException expected) { } - verifyZeroInteractions(aim); } @@ -181,14 +174,12 @@ public class AspectJMethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); @@ -207,14 +198,12 @@ public class AspectJMethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); given(this.joinPoint.proceed()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java index 9236bb38d8..ae3c44b91e 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java @@ -64,7 +64,6 @@ public class MapBasedMethodSecurityMetadataSourceTests { public void methodsWithDifferentArgumentsAreMatchedCorrectly() { this.mds.addSecureMethod(MockService.class, this.someMethodInteger, this.ROLE_A); this.mds.addSecureMethod(MockService.class, this.someMethodString, this.ROLE_B); - assertThat(this.mds.getAttributes(this.someMethodInteger, MockService.class)).isEqualTo(this.ROLE_A); assertThat(this.mds.getAttributes(this.someMethodString, MockService.class)).isEqualTo(this.ROLE_B); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java index bd0a55037d..a9e89fa1e5 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java @@ -78,13 +78,10 @@ public class MethodInvocationPrivilegeEvaluatorTests { public void allowsAccessUsingCreate() throws Exception { Object object = new TargetObject(); final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar"); - MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); given(this.mds.getAttributes(mi)).willReturn(this.role); - mipe.setSecurityInterceptor(this.interceptor); mipe.afterPropertiesSet(); - assertThat(mipe.isAllowed(mi, this.token)).isTrue(); } @@ -95,7 +92,6 @@ public class MethodInvocationPrivilegeEvaluatorTests { MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); - assertThat(mipe.isAllowed(mi, this.token)).isTrue(); } @@ -107,7 +103,6 @@ public class MethodInvocationPrivilegeEvaluatorTests { mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role); - assertThat(mipe.isAllowed(mi, this.token)).isFalse(); } @@ -115,12 +110,10 @@ public class MethodInvocationPrivilegeEvaluatorTests { public void declinesAccessUsingCreateFromClass() { final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" }); - MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role); - assertThat(mipe.isAllowed(mi, this.token)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java index 46e5985dab..b0cfe45d60 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java @@ -54,9 +54,7 @@ public class AbstractAccessDecisionManagerTests { List list = new Vector(); list.add(new DenyVoter()); list.add(new MockStringOnlyVoter()); - MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list); - assertThat(mock.supports(String.class)).isTrue(); assertThat(!mock.supports(Integer.class)).isTrue(); } @@ -68,12 +66,9 @@ public class AbstractAccessDecisionManagerTests { DenyAgainVoter denyVoter = new DenyAgainVoter(); list.add(voter); list.add(denyVoter); - MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list); - ConfigAttribute attr = new SecurityConfig("DENY_AGAIN_FOR_SURE"); assertThat(mock.supports(attr)).isTrue(); - ConfigAttribute badAttr = new SecurityConfig("WE_DONT_SUPPORT_THIS"); assertThat(!mock.supports(badAttr)).isTrue(); } @@ -92,13 +87,11 @@ public class AbstractAccessDecisionManagerTests { @Test public void testRejectsEmptyList() { List list = new Vector(); - try { new MockDecisionManagerImpl(list); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -109,7 +102,6 @@ public class AbstractAccessDecisionManagerTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -126,7 +118,6 @@ public class AbstractAccessDecisionManagerTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java index e03cbc3cb9..d11135de93 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java @@ -56,11 +56,9 @@ public class AffirmativeBasedTests { @Before @SuppressWarnings("unchecked") public void setup() { - this.grant = mock(AccessDecisionVoter.class); this.abstain = mock(AccessDecisionVoter.class); this.deny = mock(AccessDecisionVoter.class); - given(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class))) .willReturn(AccessDecisionVoter.ACCESS_GRANTED); given(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class))) @@ -71,7 +69,6 @@ public class AffirmativeBasedTests { @Test public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception { - this.mgr = new AffirmativeBased( Arrays.>asList(this.grant, this.deny, this.abstain)); this.mgr.afterPropertiesSet(); @@ -104,7 +101,6 @@ public class AffirmativeBasedTests { this.mgr = new AffirmativeBased( Arrays.>asList(this.abstain, this.abstain, this.abstain)); assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - this.mgr.decide(this.user, new Object(), this.attrs); } @@ -114,7 +110,6 @@ public class AffirmativeBasedTests { Arrays.>asList(this.abstain, this.abstain, this.abstain)); this.mgr.setAllowIfAllAbstainDecisions(true); assertThat(this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - this.mgr.decide(this.user, new Object(), this.attrs); } diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java index 4cc37d0c70..595bd55fc9 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java @@ -82,13 +82,11 @@ public class AuthenticatedVoterTests { @Test public void testSetterRejectsNull() { AuthenticatedVoter voter = new AuthenticatedVoter(); - try { voter.setAuthenticationTrustResolver(null); fail("Expected IAE"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java index 0392e921c1..647387d2aa 100644 --- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java @@ -43,9 +43,7 @@ public class ConsensusBasedTests { ConsensusBased mgr = makeDecisionManager(); mgr.setAllowIfEqualGrantedDeniedDecisions(false); assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check changed - List config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE"); - mgr.decide(auth, new Object(), config); } @@ -53,29 +51,22 @@ public class ConsensusBasedTests { public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - assertThat(mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check default - List config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE"); - mgr.decide(auth, new Object(), config); - } @Test public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2")); - } @Test(expected = AccessDeniedException.class) public void testOneDenyVoteTwoAbstainVotesDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE")); fail("Should have thrown AccessDeniedException"); } @@ -84,9 +75,7 @@ public class ConsensusBasedTests { public void testThreeAbstainVotesDeniesAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL")); } @@ -96,7 +85,6 @@ public class ConsensusBasedTests { ConsensusBased mgr = makeDecisionManager(); mgr.setAllowIfAllAbstainDecisions(true); assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL")); } @@ -104,7 +92,6 @@ public class ConsensusBasedTests { public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2")); } @@ -116,7 +103,6 @@ public class ConsensusBasedTests { voters.add(roleVoter); voters.add(denyForSureVoter); voters.add(denyAgainForSureVoter); - return new ConsensusBased(voters); } diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java index f6e2977982..4d59a0173b 100644 --- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java +++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java @@ -48,15 +48,12 @@ public class DenyAgainVoter implements AccessDecisionVoter { @Override public int vote(Authentication authentication, Object object, Collection attributes) { Iterator iter = attributes.iterator(); - while (iter.hasNext()) { ConfigAttribute attribute = iter.next(); - if (this.supports(attribute)) { return ACCESS_DENIED; } } - return ACCESS_ABSTAIN; } diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java index ae548752f1..b20964b020 100644 --- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java +++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java @@ -50,15 +50,12 @@ public class DenyVoter implements AccessDecisionVoter { @Override public int vote(Authentication authentication, Object object, Collection attributes) { Iterator iter = attributes.iterator(); - while (iter.hasNext()) { ConfigAttribute attribute = iter.next(); - if (this.supports(attribute)) { return ACCESS_DENIED; } } - return ACCESS_ABSTAIN; } diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java index 9dd3cc940d..806ec7416b 100644 --- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java @@ -31,11 +31,9 @@ public class RoleHierarchyVoterTests { public void hierarchicalRoleIsIncludedInDecision() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - // User has role A, role B is required TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A"); RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl); - assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java index 2c204ea270..943d31da0a 100644 --- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java @@ -51,7 +51,6 @@ public class UnanimousBasedTests { private UnanimousBased makeDecisionManagerWithFooBarPrefix() { RoleVoter roleVoter = new RoleVoter(); roleVoter.setRolePrefix("FOOBAR_"); - DenyVoter denyForSureVoter = new DenyVoter(); DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter(); List> voters = new Vector<>(); @@ -73,9 +72,7 @@ public class UnanimousBasedTests { public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList(new String[] { "ROLE_1", "DENY_FOR_SURE" }); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -88,9 +85,7 @@ public class UnanimousBasedTests { public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList("ROLE_2"); - mgr.decide(auth, new Object(), config); } @@ -98,9 +93,7 @@ public class UnanimousBasedTests { public void testOneDenyVoteTwoAbstainVotesDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -113,9 +106,7 @@ public class UnanimousBasedTests { public void testRoleVoterPrefixObserved() { TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix(); UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix(); - List config = SecurityConfig.createList(new String[] { "FOOBAR_1", "FOOBAR_2" }); - mgr.decide(auth, new Object(), config); } @@ -123,11 +114,8 @@ public class UnanimousBasedTests { public void testThreeAbstainVotesDeniesAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - List config = SecurityConfig.createList("IGNORED_BY_ALL"); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -142,9 +130,7 @@ public class UnanimousBasedTests { UnanimousBased mgr = makeDecisionManager(); mgr.setAllowIfAllAbstainDecisions(true); assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - List config = SecurityConfig.createList("IGNORED_BY_ALL"); - mgr.decide(auth, new Object(), config); } @@ -152,9 +138,7 @@ public class UnanimousBasedTests { public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList(new String[] { "ROLE_1", "ROLE_2" }); - mgr.decide(auth, new Object(), config); } diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java index fa7219294a..90c0f82f4a 100644 --- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java @@ -51,7 +51,6 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities); List gotAuthorities = (List) token.getAuthorities(); assertThat(gotAuthorities).isNotSameAs(this.authorities); - gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER")); } @@ -70,9 +69,7 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES); assertThat(token2.hashCode()).isEqualTo(token1.hashCode()); assertThat(token1.hashCode() != token3.hashCode()).isTrue(); - token2.setAuthenticated(true); - assertThat(token1.hashCode() != token2.hashCode()).isTrue(); } @@ -81,25 +78,19 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", this.authorities); MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", this.authorities); assertThat(token2).isEqualTo(token1); - MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", this.authorities); assertThat(!token1.equals(token3)).isTrue(); - MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", this.authorities); assertThat(!token1.equals(token4)).isTrue(); - MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO_CHANGED")); assertThat(!token1.equals(token5)).isTrue(); - MockAuthenticationImpl token6 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE")); assertThat(!token1.equals(token6)).isTrue(); - MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password", null); assertThat(!token1.equals(token7)).isTrue(); assertThat(!token7.equals(token1)).isTrue(); - assertThat(!token1.equals(100)).isTrue(); } @@ -126,10 +117,8 @@ public class AbstractAuthenticationTokenTests { @Test public void testGetNameWhenPrincipalIsAuthenticatedPrincipal() { String principalName = "test"; - AuthenticatedPrincipal principal = mock(AuthenticatedPrincipal.class); given(principal.getName()).willReturn(principalName); - MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", this.authorities); assertThat(token.getName()).isEqualTo(principalName); verify(principal, times(1)).getName(); diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java index 63010817d8..fa476f0738 100644 --- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java @@ -55,11 +55,9 @@ public class AuthenticationTrustResolverImplTests { @Test public void testGettersSetters() { AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl(); - assertThat(AnonymousAuthenticationToken.class).isEqualTo(trustResolver.getAnonymousClass()); trustResolver.setAnonymousClass(TestingAuthenticationToken.class); assertThat(trustResolver.getAnonymousClass()).isEqualTo(TestingAuthenticationToken.class); - assertThat(RememberMeAuthenticationToken.class).isEqualTo(trustResolver.getRememberMeClass()); trustResolver.setRememberMeClass(TestingAuthenticationToken.class); assertThat(trustResolver.getRememberMeClass()).isEqualTo(TestingAuthenticationToken.class); diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java index 111e33cb3b..6a7ac10f3e 100644 --- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java @@ -57,7 +57,6 @@ public class DefaultAuthenticationEventPublisherTests { ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); this.publisher.setApplicationEventPublisher(appPublisher); Authentication a = mock(Authentication.class); - Exception cause = new Exception(); Object extraInfo = new Object(); this.publisher.publishAuthenticationFailure(new BadCredentialsException(""), a); @@ -94,7 +93,6 @@ public class DefaultAuthenticationEventPublisherTests { this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationSuccess(mock(Authentication.class)); verify(appPublisher).publishEvent(isA(AuthenticationSuccessEvent.class)); - this.publisher.setApplicationEventPublisher(null); // Should be ignored with null app publisher this.publisher.publishAuthenticationSuccess(mock(Authentication.class)); @@ -107,7 +105,6 @@ public class DefaultAuthenticationEventPublisherTests { p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName()); this.publisher.setAdditionalExceptionMappings(p); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class)); @@ -129,7 +126,6 @@ public class DefaultAuthenticationEventPublisherTests { p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName()); this.publisher.setAdditionalExceptionMappings(p); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new AuthenticationException("") { }, mock(Authentication.class)); @@ -166,7 +162,6 @@ public class DefaultAuthenticationEventPublisherTests { mappings.put(MockAuthenticationException.class, AuthenticationFailureDisabledEvent.class); this.publisher.setAdditionalExceptionMappings(mappings); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class)); @@ -184,7 +179,6 @@ public class DefaultAuthenticationEventPublisherTests { this.publisher = new DefaultAuthenticationEventPublisher(); this.publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureBadCredentialsEvent.class); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new AuthenticationException("") { }, mock(Authentication.class)); diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java index 23394aef94..71e73e044c 100644 --- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java @@ -51,10 +51,8 @@ public class DelegatingReactiveAuthenticationManagerTests { public void authenticateWhenEmptyAndNotThenReturnsNotEmpty() { given(this.delegate1.authenticate(any())).willReturn(Mono.empty()); given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication)); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication); } @@ -64,20 +62,16 @@ public class DelegatingReactiveAuthenticationManagerTests { // flatMap) given(this.delegate1.authenticate(any())) .willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100))); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete(); } @Test public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() { given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test"))); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - StepVerifier.create(manager.authenticate(this.authentication)).expectError(BadCredentialsException.class) .verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java index 711ffccfac..b75f9dcf8c 100644 --- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java @@ -69,7 +69,6 @@ public class ProviderManagerTests { ProviderManager mgr = makeProviderManager(); Authentication result = mgr.authenticate(token); assertThat(result.getCredentials()).isNull(); - mgr.setEraseCredentialsAfterAuthentication(false); token = new UsernamePasswordAuthenticationToken("Test", "Password"); result = mgr.authenticate(token); @@ -82,7 +81,6 @@ public class ProviderManagerTests { ProviderManager mgr = new ProviderManager(createProviderWhichReturns(a)); AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); mgr.setAuthenticationEventPublisher(publisher); - Authentication result = mgr.authenticate(a); assertThat(result).isEqualTo(a); verify(publisher).publishAuthenticationSuccess(result); @@ -95,7 +93,6 @@ public class ProviderManagerTests { Arrays.asList(createProviderWhichReturns(null), createProviderWhichReturns(a))); AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); mgr.setAuthenticationEventPublisher(publisher); - Authentication result = mgr.authenticate(a); assertThat(result).isSameAs(a); verify(publisher).publishAuthenticationSuccess(result); @@ -130,7 +127,6 @@ public class ProviderManagerTests { public void detailsAreNotSetOnAuthenticationTokenIfAlreadySetByProvider() { Object requestDetails = "(Request Details)"; final Object resultDetails = "(Result Details)"; - // A provider which sets the details object AuthenticationProvider provider = new AuthenticationProvider() { @Override @@ -144,12 +140,9 @@ public class ProviderManagerTests { return true; } }; - ProviderManager authMgr = new ProviderManager(provider); - TestingAuthenticationToken request = createAuthenticationToken(); request.setDetails(requestDetails); - Authentication result = authMgr.authenticate(request); assertThat(result.getDetails()).isEqualTo(resultDetails); } @@ -158,10 +151,8 @@ public class ProviderManagerTests { public void detailsAreSetOnAuthenticationTokenIfNotAlreadySetByProvider() { Object details = new Object(); ProviderManager authMgr = makeProviderManager(); - TestingAuthenticationToken request = createAuthenticationToken(); request.setDetails(details); - Authentication result = authMgr.authenticate(request); assertThat(result.getCredentials()).isNotNull(); assertThat(result.getDetails()).isSameAs(details); @@ -178,7 +169,6 @@ public class ProviderManagerTests { @Test public void authenticationExceptionIsRethrownIfNoLaterProviderAuthenticates() { - ProviderManager mgr = new ProviderManager(Arrays .asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null))); try { @@ -195,9 +185,7 @@ public class ProviderManagerTests { AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException("") { }); AuthenticationProvider otherProvider = mock(AuthenticationProvider.class); - ProviderManager authMgr = new ProviderManager(Arrays.asList(iThrowAccountStatusException, otherProvider)); - try { authMgr.authenticate(mock(Authentication.class)); fail("Expected AccountStatusException"); @@ -239,13 +227,11 @@ public class ProviderManagerTests { AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); AuthenticationManager parent = mock(AuthenticationManager.class); given(parent.authenticate(authReq)).willThrow(new ProviderNotFoundException("")); - // Set a provider that throws an exception - this is the exception we expect to be // propagated ProviderManager mgr = new ProviderManager( Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent); mgr.setAuthenticationEventPublisher(publisher); - try { mgr.authenticate(authReq); fail("Expected exception"); @@ -302,7 +288,6 @@ public class ProviderManagerTests { ProviderManager mgr = new ProviderManager(Arrays.asList(createProviderWhichThrows(expected), createProviderWhichThrows(new BadCredentialsException("Oops"))), null); final Authentication authReq = mock(Authentication.class); - try { mgr.authenticate(authReq); fail("Expected Exception"); @@ -318,13 +303,10 @@ public class ProviderManagerTests { ProviderManager parentMgr = new ProviderManager(createProviderWhichThrows(badCredentialsExParent)); ProviderManager childMgr = new ProviderManager(Collections.singletonList( createProviderWhichThrows(new BadCredentialsException("Bad Credentials in child"))), parentMgr); - AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); parentMgr.setAuthenticationEventPublisher(publisher); childMgr.setAuthenticationEventPublisher(publisher); - final Authentication authReq = mock(Authentication.class); - try { childMgr.authenticate(authReq); fail("Expected exception"); @@ -341,7 +323,6 @@ public class ProviderManagerTests { AuthenticationProvider provider = mock(AuthenticationProvider.class); given(provider.supports(any(Class.class))).willReturn(true); given(provider.authenticate(any(Authentication.class))).willThrow(ex); - return provider; } @@ -349,7 +330,6 @@ public class ProviderManagerTests { AuthenticationProvider provider = mock(AuthenticationProvider.class); given(provider.supports(any(Class.class))).willReturn(true); given(provider.authenticate(any(Authentication.class))).willReturn(a); - return provider; } diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java index 99cb38c3d3..7a4bbb3740 100644 --- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java @@ -64,27 +64,21 @@ public class ReactiveAuthenticationManagerAdapterTests { public void authenticateWhenSuccessThenSuccess() { given(this.delegate.authenticate(any())).willReturn(this.authentication); given(this.authentication.isAuthenticated()).willReturn(true); - Authentication result = this.manager.authenticate(this.authentication).block(); - assertThat(result).isEqualTo(this.authentication); } @Test public void authenticateWhenReturnNotAuthenticatedThenError() { given(this.delegate.authenticate(any())).willReturn(this.authentication); - Authentication result = this.manager.authenticate(this.authentication).block(); - assertThat(result).isNull(); } @Test public void authenticateWhenBadCredentialsThenError() { given(this.delegate.authenticate(any())).willThrow(new BadCredentialsException("Failed")); - Mono result = this.manager.authenticate(this.authentication); - StepVerifier.create(result).expectError(BadCredentialsException.class).verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java index d6fd522756..1887df9bb3 100644 --- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java @@ -71,11 +71,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { @Test public void authenticateWhenUserNotFoundThenBadCredentials() { given(this.repository.findByUsername(this.username)).willReturn(Mono.empty()); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } @@ -88,11 +86,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { .build(); // @formatter:on given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password + "INVALID"); Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } @@ -105,11 +101,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { .build(); // @formatter:on given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isEqualTo(authentication); } @@ -119,11 +113,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { given(this.passwordEncoder.matches(any(), any())).willReturn(true); User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")); given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isEqualTo(authentication); } @@ -133,12 +125,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { given(this.passwordEncoder.matches(any(), any())).willReturn(false); User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")); given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); - Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java index ec2a84e921..1435300fc8 100644 --- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java @@ -35,9 +35,7 @@ public class TestingAuthenticationProviderTests { TestingAuthenticationProvider provider = new TestingAuthenticationProvider(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_ONE", "ROLE_TWO"); Authentication result = provider.authenticate(token); - assertThat(result instanceof TestingAuthenticationToken).isTrue(); - TestingAuthenticationToken castResult = (TestingAuthenticationToken) result; assertThat(castResult.getPrincipal()).isEqualTo("Test"); assertThat(castResult.getCredentials()).isEqualTo("Password"); diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java index 35ec2095b7..8b7c6f4617 100644 --- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java @@ -32,7 +32,6 @@ public class TestingAuthenticationTokenTests { @Test public void constructorWhenNoAuthoritiesThenUnauthenticated() { TestingAuthenticationToken unauthenticated = new TestingAuthenticationToken("principal", "credentials"); - assertThat(unauthenticated.isAuthenticated()).isFalse(); } @@ -40,7 +39,6 @@ public class TestingAuthenticationTokenTests { public void constructorWhenArityAuthoritiesThenAuthenticated() { TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials", "authority"); - assertThat(authenticated.isAuthenticated()).isTrue(); } @@ -48,7 +46,6 @@ public class TestingAuthenticationTokenTests { public void constructorWhenCollectionAuthoritiesThenAuthenticated() { TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials", Arrays.asList(new SimpleGrantedAuthority("authority"))); - assertThat(authenticated.isAuthenticated()).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java index 1718a05da4..8c6362b14e 100644 --- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java @@ -72,7 +72,6 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .roles("USER") .build(); // @formatter:on - private UserDetailsRepositoryReactiveAuthenticationManager manager; @Before @@ -97,9 +96,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verify(this.scheduler).schedule(any()); } @@ -115,9 +112,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verify(this.encoder).encode(this.user.getPassword()); verify(this.userDetailsPasswordService).updatePassword(eq(this.user), eq(encodedPassword)); } @@ -130,9 +125,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(BadCredentialsException.class); - verifyZeroInteractions(this.userDetailsPasswordService); } @@ -145,9 +138,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verifyZeroInteractions(this.userDetailsPasswordService); } @@ -158,11 +149,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { given(this.encoder.matches(any(), any())).willReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); - assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager .authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block()) .withMessage("account is locked"); - verify(this.postAuthenticationChecks).check(eq(this.user)); } @@ -171,12 +160,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user)); given(this.encoder.matches(any(), any())).willReturn(true); this.manager.setPasswordEncoder(this.encoder); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - this.manager.authenticate(token).block(); - verifyZeroInteractions(this.postAuthenticationChecks); } @@ -191,10 +177,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(expiredUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser, expiredUser.getPassword()); - this.manager.authenticate(token).block(); } @@ -209,17 +193,14 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(lockedUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser, lockedUser.getPassword()); - this.manager.authenticate(token).block(); } @Test(expected = DisabledException.class) public void authenticateWhenAccountDisabledThenException() { this.manager.setPasswordEncoder(this.encoder); - // @formatter:off UserDetails disabledUser = User.withUsername("user") .password("password") @@ -228,10 +209,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(disabledUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser, disabledUser.getPassword()); - this.manager.authenticate(token).block(); } diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java index 7ea4eaab20..61cd51ecef 100644 --- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java @@ -34,26 +34,20 @@ public class UsernamePasswordAuthenticationTokenTests { public void authenticatedPropertyContractIsSatisfied() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.NO_AUTHORITIES); - // check default given we passed some GrantedAuthorty[]s (well, we passed empty // list) assertThat(token.isAuthenticated()).isTrue(); - // check explicit set to untrusted (we can safely go from trusted to untrusted, // but not the reverse) token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); - // Now let's create a UsernamePasswordAuthenticationToken without any // GrantedAuthorty[]s (different constructor) token = new UsernamePasswordAuthenticationToken("Test", "Password"); - assertThat(!token.isAuthenticated()).isTrue(); - // check we're allowed to still set it to untrusted token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); - // check denied changing it to trusted try { token.setAuthenticated(true); diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java index 81745b88c2..808cb36347 100644 --- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java @@ -38,10 +38,8 @@ public class AnonymousAuthenticationProviderTests { @Test public void testDetectsAnInvalidKey() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("WRONG_KEY", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - try { aap.authenticate(token); fail("Should have thrown BadCredentialsException"); @@ -57,7 +55,6 @@ public class AnonymousAuthenticationProviderTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -70,10 +67,8 @@ public class AnonymousAuthenticationProviderTests { @Test public void testIgnoresClassesItDoesNotSupport() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(aap.authenticate(token)).isNull(); } @@ -81,12 +76,9 @@ public class AnonymousAuthenticationProviderTests { @Test public void testNormalOperation() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - Authentication result = aap.authenticate(token); - assertThat(token).isEqualTo(result); } diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java index 05fd37fb78..298a43e633 100644 --- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java @@ -46,21 +46,18 @@ public class AnonymousAuthenticationTokenTests { } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", null, ROLES_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", "Test", null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES); fail("Should have thrown IllegalArgumentException"); @@ -73,14 +70,12 @@ public class AnonymousAuthenticationTokenTests { public void testEqualsWhenEqual() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - assertThat(token2).isEqualTo(token1); } @Test public void testGetters() { AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - assertThat(token.getKeyHash()).isEqualTo("key".hashCode()); assertThat(token.getPrincipal()).isEqualTo("Test"); assertThat(token.getCredentials()).isEqualTo(""); @@ -91,7 +86,6 @@ public class AnonymousAuthenticationTokenTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = AnonymousAuthenticationToken.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); @@ -104,7 +98,6 @@ public class AnonymousAuthenticationTokenTests { public void testNotEqualsDueToAbstractParentEqualsCheck() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -113,16 +106,13 @@ public class AnonymousAuthenticationTokenTests { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @Test public void testNotEqualsDueToKey() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index ca50e2d215..8429503319 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -74,17 +74,14 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticateFailsForIncorrectPasswordCase() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "KOala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @@ -94,105 +91,86 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null); try { provider.authenticate(authenticationToken); fail("Expected BadCredenialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsIfAccountExpired() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountExpired()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown AccountExpiredException"); } catch (AccountExpiredException expected) { - } } @Test public void testAuthenticateFailsIfAccountLocked() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountLocked()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown LockedException"); } catch (LockedException expected) { - } } @Test public void testAuthenticateFailsIfCredentialsExpired() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterCredentialsExpired()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown CredentialsExpiredException"); } catch (CredentialsExpiredException expected) { - } - // Check that wrong password causes BadCredentialsException, rather than // CredentialsExpiredException token = new UsernamePasswordAuthenticationToken("peter", "wrong_password"); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsIfUserDisabled() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeter()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown DisabledException"); } catch (DisabledException expected) { - } } @Test public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown InternalAuthenticationServiceException"); @@ -204,116 +182,95 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticateFailsWithEmptyUsername() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidPassword() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "INVALID_PASSWORD"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionFalse() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setHideUserNotFoundExceptions(false); // we want // UsernameNotFoundExceptions provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionsWithDefaultOfTrue() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); assertThat(provider.isHideUserNotFoundExceptions()).isTrue(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndChangePasswordEncoder() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); assertThat(provider.isHideUserNotFoundExceptions()).isTrue(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } - provider.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("RoD", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @@ -321,17 +278,13 @@ public class DaoAuthenticationProviderTests { public void testAuthenticates() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); token.setDetails("192.168.0.1"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertThat(castResult.getPrincipal().getClass()).isEqualTo(User.class); assertThat(castResult.getCredentials()).isEqualTo("koala"); @@ -342,42 +295,32 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticatesASecondTime() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - // Now try to authenticate with the previous result (with its UserDetails) Authentication result2 = provider.authenticate(result); - if (!(result2 instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - assertThat(result2.getCredentials()).isEqualTo(result.getCredentials()); } @Test public void testAuthenticatesWithForcePrincipalAsString() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); provider.setForcePrincipalAsString(true); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertThat(castResult.getPrincipal().getClass()).isEqualTo(String.class); assertThat(castResult.getPrincipal()).isEqualTo("rod"); @@ -388,7 +331,6 @@ public class DaoAuthenticationProviderTests { String password = "password"; String encodedPassword = "encoded"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", password); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -396,16 +338,13 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(true); given(encoder.upgradeEncoding(any())).willReturn(true); given(encoder.encode(any())).willReturn(encodedPassword); given(userDetailsService.loadUserByUsername(any())).willReturn(user); given(passwordManager.updatePassword(any(), any())).willReturn(user); - Authentication result = provider.authenticate(token); - verify(encoder).encode(password); verify(passwordManager).updatePassword(eq(user), eq(encodedPassword)); } @@ -413,7 +352,6 @@ public class DaoAuthenticationProviderTests { @Test public void authenticateWhenBadCredentialsAndPasswordManagerThenNoUpdate() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -421,20 +359,16 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(false); given(userDetailsService.loadUserByUsername(any())).willReturn(user); - assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class); - verifyZeroInteractions(passwordManager); } @Test public void authenticateWhenNotUpgradeAndPasswordManagerThenNoUpdate() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -442,24 +376,19 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(true); given(encoder.upgradeEncoding(any())).willReturn(false); given(userDetailsService.loadUserByUsername(any())).willReturn(user); - Authentication result = provider.authenticate(token); - verifyZeroInteractions(passwordManager); } @Test public void testDetectsNullBeingReturnedFromAuthenticationDao() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull()); - try { provider.authenticate(token); fail("Should have thrown AuthenticationServiceException"); @@ -475,10 +404,8 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setPasswordEncoder(new BCryptPasswordEncoder()); assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(BCryptPasswordEncoder.class); - provider.setUserCache(new EhCacheBasedUserCache()); assertThat(provider.getUserCache().getClass()).isEqualTo(EhCacheBasedUserCache.class); - assertThat(provider.isForcePrincipalAsString()).isFalse(); provider.setForcePrincipalAsString(true); assertThat(provider.isForcePrincipalAsString()).isTrue(); @@ -487,26 +414,20 @@ public class DaoAuthenticationProviderTests { @Test public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - MockUserDetailsServiceUserRod authenticationDao = new MockUserDetailsServiceUserRod(); MockUserCache cache = new MockUserCache(); DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(authenticationDao); provider.setUserCache(cache); - // This will work, as password still "koala" provider.authenticate(token); - // Check "rod = koala" ended up in the cache assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("koala"); - // Now change the password the AuthenticationDao will return authenticationDao.setPassword("easternLongNeckTurtle"); - // Now try authentication again, with the new password token = new UsernamePasswordAuthenticationToken("rod", "easternLongNeckTurtle"); provider.authenticate(token); - // To get this far, the new password was accepted // Check the cache was updated assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("easternLongNeckTurtle"); @@ -515,13 +436,11 @@ public class DaoAuthenticationProviderTests { @Test public void testStartupFailsIfNoAuthenticationDao() throws Exception { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -531,13 +450,11 @@ public class DaoAuthenticationProviderTests { provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); assertThat(provider.getUserCache().getClass()).isEqualTo(NullUserCache.class); provider.setUserCache(null); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -549,7 +466,6 @@ public class DaoAuthenticationProviderTests { provider.setUserCache(new MockUserCache()); assertThat(provider.getUserDetailsService()).isEqualTo(userDetailsService); provider.afterPropertiesSet(); - } @Test @@ -576,7 +492,6 @@ public class DaoAuthenticationProviderTests { } catch (UsernameNotFoundException success) { } - // ensure encoder invoked w/ non-null strings since PasswordEncoder impls may fail // if encoded password is null verify(encoder).matches(isA(String.class), isA(String.class)); @@ -629,16 +544,13 @@ public class DaoAuthenticationProviderTests { MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod(); userDetailsService.password = encoder.encode((CharSequence) foundUser.getCredentials()); provider.setUserDetailsService(userDetailsService); - int sampleSize = 100; - List userFoundTimes = new ArrayList<>(sampleSize); for (int i = 0; i < sampleSize; i++) { long start = System.currentTimeMillis(); provider.authenticate(foundUser); userFoundTimes.add(System.currentTimeMillis() - start); } - List userNotFoundTimes = new ArrayList<>(sampleSize); for (int i = 0; i < sampleSize; i++) { long start = System.currentTimeMillis(); @@ -650,7 +562,6 @@ public class DaoAuthenticationProviderTests { } userNotFoundTimes.add(System.currentTimeMillis() - start); } - double userFoundAvg = avg(userFoundTimes); double userNotFoundAvg = avg(userNotFoundTimes); assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage("User not found average " @@ -679,7 +590,6 @@ public class DaoAuthenticationProviderTests { } catch (UsernameNotFoundException success) { } - verify(encoder, times(0)).matches(anyString(), anyString()); } diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java index 1f5bf770ff..d843593f5c 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java @@ -37,7 +37,6 @@ public class AuthenticationEventTests { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); - return authentication; } @@ -60,13 +59,11 @@ public class AuthenticationEventTests { @Test public void testRejectsNullAuthentication() { AuthenticationException exception = new DisabledException("TEST"); - try { new AuthenticationFailureDisabledEvent(null, exception); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -77,7 +74,6 @@ public class AuthenticationEventTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java index e75590f5c4..4d788d4377 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java @@ -33,7 +33,6 @@ public class LoggerListenerTests { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); - return authentication; } @@ -43,7 +42,6 @@ public class LoggerListenerTests { new LockedException("TEST")); LoggerListener listener = new LoggerListener(); listener.onApplicationEvent(event); - } } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java index ce23ea8c54..e075c6184d 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java @@ -80,7 +80,6 @@ public class DefaultJaasAuthenticationProviderTests { given(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).willReturn(aces); this.token = new UsernamePasswordAuthenticationToken("user", "password"); ReflectionTestUtils.setField(this.provider, "log", this.log); - } @Test(expected = IllegalArgumentException.class) @@ -119,7 +118,6 @@ public class DefaultJaasAuthenticationProviderTests { } catch (AuthenticationException success) { } - verifyFailedLogin(); } @@ -131,7 +129,6 @@ public class DefaultJaasAuthenticationProviderTests { } catch (AuthenticationException success) { } - verifyFailedLogin(); } @@ -141,13 +138,10 @@ public class DefaultJaasAuthenticationProviderTests { SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); given(token.getLoginContext()).willReturn(context); - this.provider.onApplicationEvent(event); - verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); @@ -158,9 +152,7 @@ public class DefaultJaasAuthenticationProviderTests { @Test public void logoutNullSession() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(this.log).debug(anyString()); verifyNoMoreInteractions(event); @@ -170,11 +162,8 @@ public class DefaultJaasAuthenticationProviderTests { public void logoutNullAuthentication() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); @@ -185,12 +174,9 @@ public class DefaultJaasAuthenticationProviderTests { public void logoutNonJaasAuthentication() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(this.token); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); @@ -202,15 +188,12 @@ public class DefaultJaasAuthenticationProviderTests { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); - this.provider.onApplicationEvent(event); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); - verifyNoMoreInteractions(event, securityContext, token); } @@ -221,14 +204,11 @@ public class DefaultJaasAuthenticationProviderTests { JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); LoginException loginException = new LoginException("Failed Login"); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); given(token.getLoginContext()).willReturn(context); willThrow(loginException).given(context).logout(); - this.provider.onApplicationEvent(event); - verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); @@ -241,7 +221,6 @@ public class DefaultJaasAuthenticationProviderTests { public void publishNullPublisher() { this.provider.setApplicationEventPublisher(null); AuthenticationException ae = new BadCredentialsException("Failed to login"); - this.provider.publishFailureEvent(this.token, ae); this.provider.publishSuccessEvent(this.token); } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java index f474ce4c40..6f59331bbf 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java @@ -79,7 +79,6 @@ public class JaasAuthenticationProviderTests { } catch (AuthenticationException ex) { } - assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") .isNotNull(); @@ -94,7 +93,6 @@ public class JaasAuthenticationProviderTests { } catch (AuthenticationException ex) { } - assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") .isNotNull(); @@ -105,9 +103,7 @@ public class JaasAuthenticationProviderTests { public void testConfigurationLoop() throws Exception { String resName = "/" + getClass().getName().replace('.', '/') + ".conf"; URL url = getClass().getResource(resName); - Security.setProperty("login.config.url.1", url.toString()); - setUp(); testFull(); } @@ -119,7 +115,6 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName()); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown ApplicationContextException"); @@ -136,7 +131,6 @@ public class JaasAuthenticationProviderTests { // Create temp directory with a space in the name File configDir = new File(System.getProperty("java.io.tmpdir") + File.separator + "jaas test"); configDir.deleteOnExit(); - if (configDir.exists()) { configDir.delete(); } @@ -149,14 +143,12 @@ public class JaasAuthenticationProviderTests { "JAASTestBlah {" + "org.springframework.security.authentication.jaas.TestLoginModule required;" + "};"); pw.flush(); pw.close(); - JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider(); myJaasProvider.setApplicationEventPublisher(this.context); myJaasProvider.setLoginConfig(new FileSystemResource(configFile)); myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName()); - myJaasProvider.afterPropertiesSet(); } @@ -168,7 +160,6 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginConfig(this.jaasProvider.getLoginConfig()); myJaasProvider.setLoginContextName(null); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -176,9 +167,7 @@ public class JaasAuthenticationProviderTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).startsWith("loginContextName must be set on"); } - myJaasProvider.setLoginContextName(""); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -192,25 +181,19 @@ public class JaasAuthenticationProviderTests { public void testFull() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE")); - assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); - Authentication auth = this.jaasProvider.authenticate(token); - assertThat(this.jaasProvider.getAuthorityGranters()).isNotNull(); assertThat(this.jaasProvider.getCallbackHandlers()).isNotNull(); assertThat(this.jaasProvider.getLoginConfig()).isNotNull(); assertThat(this.jaasProvider.getLoginContextName()).isNotNull(); - Collection list = auth.getAuthorities(); Set set = AuthorityUtils.authorityListToSet(list); - assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE") .isFalse(); assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue(); assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue(); boolean foundit = false; - for (GrantedAuthority a : list) { if (a instanceof JaasGrantedAuthority) { JaasGrantedAuthority grant = (JaasGrantedAuthority) a; @@ -219,9 +202,7 @@ public class JaasAuthenticationProviderTests { foundit = true; } } - assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue(); - assertThat(this.eventCheck.successEvent).as("Success event should be fired").isNotNull(); assertThat(this.eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal") .isEqualTo(auth); @@ -237,7 +218,6 @@ public class JaasAuthenticationProviderTests { public void testLoginExceptionResolver() { assertThat(this.jaasProvider.getLoginExceptionResolver()).isNotNull(); this.jaasProvider.setLoginExceptionResolver((e) -> new LockedException("This is just a test!")); - try { this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -251,26 +231,19 @@ public class JaasAuthenticationProviderTests { @Test public void testLogout() throws Exception { MockLoginContext loginContext = new MockLoginContext(this.jaasProvider.getLoginContextName()); - JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext); - SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(token); - SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); given(event.getSecurityContexts()).willReturn(Arrays.asList(context)); - this.jaasProvider.handleLogout(event); - assertThat(loginContext.loggedOut).isTrue(); } @Test public void testNullDefaultAuthorities() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); - Authentication auth = this.jaasProvider.authenticate(token); assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned") .hasSize(2); diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java index 565ea98356..7efedeecb6 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java @@ -35,7 +35,6 @@ public class JaasEventCheck implements ApplicationListener options = new HashMap<>(); options.put("ignoreMissingAuthentication", "true"); - this.module.initialize(this.subject, null, null, options); SecurityContextHolder.getContext().setAuthentication(null); assertThat(this.module.login()).as("Should return false and ask to be ignored").isFalse(); diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java index fbab33f747..2a557097a3 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java @@ -28,12 +28,10 @@ public class TestAuthorityGranter implements AuthorityGranter { @Override public Set grant(Principal principal) { Set rtnSet = new HashSet<>(); - if (principal.getName().equals("TEST_PRINCIPAL")) { rtnSet.add("ROLE_TEST1"); rtnSet.add("ROLE_TEST2"); } - return rtnSet; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java index ab0d94fe90..b00267effc 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java @@ -52,14 +52,11 @@ public class TestLoginModule implements LoginModule { @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; - try { TextInputCallback textCallback = new TextInputCallback("prompt"); NameCallback nameCallback = new NameCallback("prompt"); PasswordCallback passwordCallback = new PasswordCallback("prompt", false); - callbackHandler.handle(new Callback[] { textCallback, nameCallback, passwordCallback }); - this.password = new String(passwordCallback.getPassword()); this.user = nameCallback.getName(); } @@ -73,15 +70,11 @@ public class TestLoginModule implements LoginModule { if (!this.user.equals("user")) { throw new LoginException("Bad User"); } - if (!this.password.equals("password")) { throw new LoginException("Bad Password"); } - this.subject.getPrincipals().add(() -> "TEST_PRINCIPAL"); - this.subject.getPrincipals().add(() -> "NULL_PRINCIPAL"); - return true; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java index 58bb0120f5..c1f4f8be7f 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java @@ -45,7 +45,6 @@ public class InMemoryConfigurationTests { public void setUp() { this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.emptyMap()) }; - this.mappedEntries = Collections.singletonMap("name", new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL, Collections.emptyMap()) }); diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java index 3602d38288..a52f73ace0 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java @@ -41,24 +41,20 @@ public class RemoteAuthenticationManagerImplTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); manager.setAuthenticationManager(am); - manager.attemptAuthentication("rod", "password"); } @Test public void testStartupChecksAuthenticationManagerSet() throws Exception { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); - try { manager.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - manager.setAuthenticationManager(mock(AuthenticationManager.class)); manager.afterPropertiesSet(); - } @Test @@ -67,7 +63,6 @@ public class RemoteAuthenticationManagerImplTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willReturn(new TestingAuthenticationToken("u", "p", "A")); manager.setAuthenticationManager(am); - manager.attemptAuthentication("rod", "password"); } diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java index ed48fbfe87..42b37a73c8 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java @@ -39,13 +39,11 @@ public class RemoteAuthenticationProviderTests { public void testExceptionsGetPassedBackToCaller() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false)); - try { provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); fail("Should have thrown RemoteAuthenticationException"); } catch (RemoteAuthenticationException expected) { - } } @@ -59,25 +57,20 @@ public class RemoteAuthenticationProviderTests { @Test public void testStartupChecksAuthenticationManagerSet() throws Exception { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true)); provider.afterPropertiesSet(); - } @Test public void testSuccessfulAuthenticationCreatesObject() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true)); - Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); assertThat(result.getPrincipal()).isEqualTo("rod"); assertThat(result.getCredentials()).isEqualTo("password"); @@ -88,14 +81,12 @@ public class RemoteAuthenticationProviderTests { public void testNullCredentialsDoesNotCauseNullPointerException() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false)); - try { provider.authenticate(new UsernamePasswordAuthenticationToken("rod", null)); fail("Expected Exception"); } catch (RemoteAuthenticationException success) { } - } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java index 3673f6b05e..169e9802cd 100644 --- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java @@ -38,10 +38,8 @@ public class RememberMeAuthenticationProviderTests { @Test public void testDetectsAnInvalidKey() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("WRONG_KEY", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - try { aap.authenticate(token); fail("Should have thrown BadCredentialsException"); @@ -57,7 +55,6 @@ public class RememberMeAuthenticationProviderTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -71,10 +68,8 @@ public class RememberMeAuthenticationProviderTests { @Test public void testIgnoresClassesItDoesNotSupport() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(aap.authenticate(token)).isNull(); } @@ -82,12 +77,9 @@ public class RememberMeAuthenticationProviderTests { @Test public void testNormalOperation() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - Authentication result = aap.authenticate(token); - assertThat(token).isEqualTo(result); } diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java index 492566f564..6bdf73bd5d 100644 --- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java @@ -45,17 +45,13 @@ public class RememberMeAuthenticationTokenTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new RememberMeAuthenticationToken("key", null, ROLES_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { List authsContainingNull = new ArrayList<>(); authsContainingNull.add(null); @@ -63,7 +59,6 @@ public class RememberMeAuthenticationTokenTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -71,14 +66,12 @@ public class RememberMeAuthenticationTokenTests { public void testEqualsWhenEqual() { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); - assertThat(token2).isEqualTo(token1); } @Test public void testGetters() { RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", "Test", ROLES_12); - assertThat(token.getKeyHash()).isEqualTo("key".hashCode()); assertThat(token.getPrincipal()).isEqualTo("Test"); assertThat(token.getCredentials()).isEqualTo(""); @@ -92,7 +85,6 @@ public class RememberMeAuthenticationTokenTests { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -101,7 +93,6 @@ public class RememberMeAuthenticationTokenTests { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -109,7 +100,6 @@ public class RememberMeAuthenticationTokenTests { public void testNotEqualsDueToKey() { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java index 788fb05eb1..b9a333abbb 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java @@ -46,39 +46,32 @@ public class AuthenticatedReactiveAuthorizationManagerTests { @Test public void checkWhenAuthenticatedThenReturnTrue() { given(this.authentication.isAuthenticated()).willReturn(true); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @Test public void checkWhenNotAuthenticatedThenReturnFalse() { boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenEmptyThenReturnFalse() { boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenAnonymousAuthenticatedThenReturnFalse() { AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class); - boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenErrorThenError() { Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); - StepVerifier.create(result).expectError().verify(); } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java index eeb5fe479d..096e983924 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java @@ -46,21 +46,18 @@ public class AuthorityReactiveAuthorizationManagerTests { @Test public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() { boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndEmptyThenReturnFalse() { boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndErrorThenError() { Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); - StepVerifier.create(result).expectError().verify(); } @@ -68,27 +65,21 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() { given(this.authentication.isAuthenticated()).willReturn(true); given(this.authentication.getAuthorities()).willReturn(Collections.emptyList()); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -96,9 +87,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasRoleAndAuthorizedThenReturnTrue() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -106,9 +95,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @@ -117,9 +104,7 @@ public class AuthorityReactiveAuthorizationManagerTests { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -127,9 +112,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java index 265ab85f16..3c47bc6416 100644 --- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java +++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java @@ -66,7 +66,6 @@ public class DelegatingSecurityContextRunnableTests { assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext); return null; }).given(this.delegate).run(); - this.executor = Executors.newFixedThreadPool(1); } diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java index 7f087dfbab..86d242ad66 100644 --- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java +++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java @@ -51,7 +51,6 @@ public class DelegatingApplicationListenerTests { @Test public void processEventNull() { this.listener.onApplicationEvent(null); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } @@ -60,14 +59,12 @@ public class DelegatingApplicationListenerTests { given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true); given(this.delegate.supportsSourceType(this.event.getSource().getClass())).willReturn(true); this.listener.onApplicationEvent(this.event); - verify(this.delegate).onApplicationEvent(this.event); } @Test public void processEventEventTypeNotSupported() { this.listener.onApplicationEvent(this.event); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } @@ -75,7 +72,6 @@ public class DelegatingApplicationListenerTests { public void processEventSourceTypeNotSupported() { given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true); this.listener.onApplicationEvent(this.event); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java index 292c9d1680..33b297c385 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java @@ -63,20 +63,16 @@ public class SpringSecurityCoreVersionTests { public void springVersionIsUpToDate() { // Property is set by the build script String springVersion = System.getProperty("springVersion"); - assertThat(SpringSecurityCoreVersion.MIN_SPRING_VERSION).isEqualTo(springVersion); } @Test public void serialVersionMajorAndMinorVersionMatchBuildVersion() { String version = System.getProperty("springSecurityVersion"); - // Strip patch version String serialVersion = String.valueOf(SpringSecurityCoreVersion.SERIAL_VERSION_UID).substring(0, 2); - assertThat(serialVersion.charAt(0)).isEqualTo(version.charAt(0)); assertThat(serialVersion.charAt(1)).isEqualTo(version.charAt(2)); - } // SEC-2295 @@ -87,9 +83,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn(version).when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn(version).when(SpringVersion.class, "getVersion"); - performChecks(); - verifyZeroInteractions(this.logger); } @@ -99,9 +93,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("1").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn(null).when(SpringVersion.class, "getVersion"); - performChecks(); - verifyZeroInteractions(this.logger); } @@ -111,9 +103,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion"); - performChecks(); - verify(this.logger, times(1)).warn(any()); } @@ -123,9 +113,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("4.0.0.RELEASE").when(SpringVersion.class, "getVersion"); - performChecks(); - verify(this.logger, never()).warn(any()); } @@ -137,9 +125,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("3.2.10.RELEASE").when(SpringVersion.class, "getVersion"); - performChecks(minSpringVersion); - verify(this.logger, never()).warn(any()); } @@ -150,9 +136,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion"); System.setProperty(getDisableChecksProperty(), Boolean.TRUE.toString()); - performChecks(); - verifyZeroInteractions(this.logger); } diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java index e9de5e9787..b795c3609b 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java @@ -42,12 +42,10 @@ public class SpringSecurityMessageSourceTests { // Change Locale to English Locale before = LocaleContextHolder.getLocale(); LocaleContextHolder.setLocale(Locale.FRENCH); - // Cause a message to be generated MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); assertThat("Le jeton nonce est compromis FOOBAR").isEqualTo(messages.getMessage( "DigestAuthenticationFilter.nonceCompromised", new Object[] { "FOOBAR" }, "ERROR - FAILED TO LOOKUP")); - // Revert to original Locale LocaleContextHolder.setLocale(before); } @@ -57,14 +55,11 @@ public class SpringSecurityMessageSourceTests { public void germanSystemLocaleWithEnglishLocaleContextHolder() { Locale beforeSystem = Locale.getDefault(); Locale.setDefault(Locale.GERMAN); - Locale beforeHolder = LocaleContextHolder.getLocale(); LocaleContextHolder.setLocale(Locale.US); - MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor(); assertThat("Access is denied") .isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops")); - // Revert to original Locale Locale.setDefault(beforeSystem); LocaleContextHolder.setLocale(beforeHolder); diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java index 5d3ff6a689..34af08348f 100644 --- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java @@ -34,9 +34,7 @@ public class AuthorityUtilsTests { public void commaSeparatedStringIsParsedCorrectly() { List authorityArray = AuthorityUtils .commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E "); - Set authorities = AuthorityUtils.authorityListToSet(authorityArray); - assertThat(authorities.contains("B")).isTrue(); assertThat(authorities.contains("C")).isTrue(); assertThat(authorities.contains("E")).isTrue(); diff --git a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java index 5380b81d71..09177a9fef 100644 --- a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java @@ -35,14 +35,10 @@ public class SimpleGrantedAuthorityTests { SimpleGrantedAuthority auth1 = new SimpleGrantedAuthority("TEST"); assertThat(auth1).isEqualTo(auth1); assertThat(new SimpleGrantedAuthority("TEST")).isEqualTo(auth1); - assertThat(auth1.equals("TEST")).isFalse(); - SimpleGrantedAuthority auth3 = new SimpleGrantedAuthority("NOT_EQUAL"); assertThat(!auth1.equals(auth3)).isTrue(); - assertThat(auth1.equals(mock(GrantedAuthority.class))).isFalse(); - assertThat(auth1.equals(222)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java index f1515a3661..35781b5f30 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java @@ -57,13 +57,11 @@ public class SimpleAuthoritiesMapperTests { assertThat(mapped).hasSize(2); assertThat(mapped.contains("AaA")).isTrue(); assertThat(mapped.contains("Bbb")).isTrue(); - mapper.setConvertToLowerCase(true); mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap)); assertThat(mapped).hasSize(2); assertThat(mapped.contains("aaa")).isTrue(); assertThat(mapped.contains("bbb")).isTrue(); - mapper.setConvertToLowerCase(false); mapper.setConvertToUpperCase(true); mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap)); @@ -76,7 +74,6 @@ public class SimpleAuthoritiesMapperTests { public void duplicatesAreRemoved() { SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); mapper.setConvertToUpperCase(true); - Set mapped = AuthorityUtils .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA"))); assertThat(mapped).hasSize(1); diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java index eb915d7e32..0cbad90105 100644 --- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java +++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java @@ -32,7 +32,6 @@ public class ReactiveSecurityContextHolderTests { @Test public void getContextWhenEmpty() { Mono context = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(context).verifyComplete(); } @@ -40,23 +39,19 @@ public class ReactiveSecurityContextHolderTests { public void setContextAndGetContextThenEmitsContext() { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono context = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); - StepVerifier.create(context).expectNext(expectedContext).verifyComplete(); } @Test public void demo() { Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); - Mono messageByUsername = ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication).map(Authentication::getName) .flatMap(this::findMessageByUsername) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)); - StepVerifier.create(messageByUsername).expectNext("Hi user").verifyComplete(); } @@ -68,23 +63,19 @@ public class ReactiveSecurityContextHolderTests { public void setContextAndClearAndGetContextThenEmitsEmpty() { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono context = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) .subscriberContext(ReactiveSecurityContextHolder.clearContext()) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); - StepVerifier.create(context).verifyComplete(); } @Test public void setAuthenticationAndGetContextThenEmitsContext() { Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); - Mono authentication = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication)); - StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete(); } diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java index c8a22279cb..7ea8a2eca8 100644 --- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java +++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java @@ -60,7 +60,6 @@ public class SecurityContextHolderTests { fail("Should have rejected null"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java index 8f1cb7ee62..bbaf08c7a1 100644 --- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java +++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java @@ -48,15 +48,12 @@ public class DefaultSecurityParameterNameDiscovererTests { public void constructorDefault() { List discoverers = (List) ReflectionTestUtils .getField(this.discoverer, "parameterNameDiscoverers"); - assertThat(discoverers).hasSize(2); - ParameterNameDiscoverer annotationDisc = discoverers.get(0); assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class); Set annotationsToUse = (Set) ReflectionTestUtils.getField(annotationDisc, "annotationClassesToUse"); assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName()); - assertThat(discoverers.get(1).getClass()).isEqualTo(DefaultParameterNameDiscoverer.class); } @@ -64,19 +61,15 @@ public class DefaultSecurityParameterNameDiscovererTests { public void constructorDiscoverers() { this.discoverer = new DefaultSecurityParameterNameDiscoverer( Arrays.asList(new LocalVariableTableParameterNameDiscoverer())); - List discoverers = (List) ReflectionTestUtils .getField(this.discoverer, "parameterNameDiscoverers"); - assertThat(discoverers).hasSize(3); assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class); - ParameterNameDiscoverer annotationDisc = discoverers.get(1); assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class); Set annotationsToUse = (Set) ReflectionTestUtils.getField(annotationDisc, "annotationClassesToUse"); assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName()); - assertThat(discoverers.get(2)).isInstanceOf(DefaultParameterNameDiscoverer.class); } diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java index f2d1cbbcaf..626fcea0ed 100644 --- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java +++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java @@ -34,16 +34,12 @@ public class SessionInformationTests { Object principal = "Some principal object"; String sessionId = "1234567890"; Date currentDate = new Date(); - SessionInformation info = new SessionInformation(principal, sessionId, currentDate); assertThat(info.getPrincipal()).isEqualTo(principal); assertThat(info.getSessionId()).isEqualTo(sessionId); assertThat(info.getLastRequest()).isEqualTo(currentDate); - Thread.sleep(10); - info.refreshLastRequest(); - assertThat(info.getLastRequest().after(currentDate)).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java index 404722f8cb..df9ea8376d 100644 --- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java +++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java @@ -44,10 +44,8 @@ public class SessionRegistryImplTests { public void sessionDestroyedEventRemovesSessionFromRegistry() { Object principal = "Some principal object"; final String sessionId = "zzzz"; - // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // De-register session via an ApplicationEvent this.sessionRegistry.onApplicationEvent(new SessionDestroyedEvent("") { @Override @@ -60,7 +58,6 @@ public class SessionRegistryImplTests { return null; } }); - // Check attempts to retrieve cleared session return null assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); } @@ -70,10 +67,8 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; final String sessionId = "zzzz"; final String newSessionId = "123"; - // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // De-register session via an ApplicationEvent this.sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") { @Override @@ -86,7 +81,6 @@ public class SessionRegistryImplTests { return newSessionId; } }); - assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); assertThat(this.sessionRegistry.getSessionInformation(newSessionId)).isNotNull(); assertThat(this.sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal); @@ -99,11 +93,9 @@ public class SessionRegistryImplTests { String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; String sessionId3 = "5432109876"; - this.sessionRegistry.registerNewSession(sessionId1, principal1); this.sessionRegistry.registerNewSession(sessionId2, principal1); this.sessionRegistry.registerNewSession(sessionId3, principal2); - assertThat(this.sessionRegistry.getAllPrincipals()).hasSize(2); assertThat(this.sessionRegistry.getAllPrincipals().contains(principal1)).isTrue(); assertThat(this.sessionRegistry.getAllPrincipals().contains(principal2)).isTrue(); @@ -115,32 +107,24 @@ public class SessionRegistryImplTests { String sessionId = "1234567890"; // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // Retrieve existing session by session ID Date currentDateTime = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest(); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull(); - // Retrieve existing session by principal assertThat(this.sessionRegistry.getAllSessions(principal, false)).hasSize(1); - // Sleep to ensure SessionRegistryImpl will update time Thread.sleep(1000); - // Update request date/time this.sessionRegistry.refreshLastRequest(sessionId); - Date retrieved = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest(); assertThat(retrieved.after(currentDateTime)).isTrue(); - // Check it retrieves correctly when looked up via principal assertThat(this.sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved, 2000L); - // Clear session information this.sessionRegistry.removeSessionInformation(sessionId); - // Check attempts to retrieve cleared session return null assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty(); @@ -151,21 +135,17 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; - this.sessionRegistry.registerNewSession(sessionId1, principal); List sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId1, principal)).isTrue(); - this.sessionRegistry.registerNewSession(sessionId2, principal); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(2); assertThat(contains(sessionId2, principal)).isTrue(); - // Expire one session SessionInformation session = this.sessionRegistry.getSessionInformation(sessionId2); session.expireNow(); - // Check retrieval still correct assertThat(this.sessionRegistry.getSessionInformation(sessionId2).isExpired()).isTrue(); assertThat(this.sessionRegistry.getSessionInformation(sessionId1).isExpired()).isFalse(); @@ -176,22 +156,18 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; - this.sessionRegistry.registerNewSession(sessionId1, principal); List sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId1, principal)).isTrue(); - this.sessionRegistry.registerNewSession(sessionId2, principal); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(2); assertThat(contains(sessionId2, principal)).isTrue(); - this.sessionRegistry.removeSessionInformation(sessionId1); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId2, principal)).isTrue(); - this.sessionRegistry.removeSessionInformation(sessionId2); assertThat(this.sessionRegistry.getSessionInformation(sessionId2)).isNull(); assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty(); @@ -199,13 +175,11 @@ public class SessionRegistryImplTests { private boolean contains(String sessionId, Object principal) { List info = this.sessionRegistry.getAllSessions(principal, false); - for (SessionInformation sessionInformation : info) { if (sessionId.equals(sessionInformation.getSessionId())) { return true; } } - return false; } diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java index 5a392720ac..1dc583b84b 100644 --- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java +++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java @@ -35,7 +35,6 @@ public class DefaultTokenTests { String key = "key"; long created = new Date().getTime(); String extendedInformation = "extended"; - DefaultToken t1 = new DefaultToken(key, created, extendedInformation); DefaultToken t2 = new DefaultToken(key, created, extendedInformation); assertThat(t2).isEqualTo(t1); @@ -52,7 +51,6 @@ public class DefaultTokenTests { public void testEqualityWithDifferentExtendedInformation3() { String key = "key"; long created = new Date().getTime(); - DefaultToken t1 = new DefaultToken(key, created, "length1"); DefaultToken t2 = new DefaultToken(key, created, "longerLength2"); assertThat(t1).isNotEqualTo(t2); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java index f9d983a406..a6f8760871 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java @@ -33,7 +33,6 @@ public class MapReactiveUserDetailsServiceTests { .roles("USER") .build(); // @formatter:on - private MapReactiveUserDetailsService users = new MapReactiveUserDetailsService(Arrays.asList(USER_DETAILS)); @Test(expected = IllegalArgumentException.class) @@ -71,7 +70,6 @@ public class MapReactiveUserDetailsServiceTests { assertThat(foundUser.getPassword()).isNotEmpty(); foundUser.eraseCredentials(); assertThat(foundUser.getPassword()).isNull(); - foundUser = this.users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block(); assertThat(foundUser.getPassword()).isNotEmpty(); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java index 3a2a074971..5a771a6ed9 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java @@ -49,7 +49,6 @@ public class MockUserDetailsService implements UserDetailsService { if (this.users.get(username) == null) { throw new UsernameNotFoundException("User not found: " + username); } - return this.users.get(username); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java index 920d6a249f..4ac32d65ba 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java @@ -44,7 +44,6 @@ public class UserTests { @Test public void equalsReturnsTrueIfUsernamesAreTheSame() { User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); - assertThat(user1).isNotNull(); assertThat(user1).isNotEqualTo("A STRING"); assertThat(user1).isEqualTo(user1); @@ -56,7 +55,6 @@ public class UserTests { User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); Set users = new HashSet<>(); users.add(user1); - assertThat(users).contains(new User("rod", "koala", true, true, true, true, ROLE_12)); assertThat(users).contains(new User("rod", "anotherpass", false, false, false, false, AuthorityUtils.createAuthorityList("ROLE_X"))); @@ -66,7 +64,6 @@ public class UserTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = User.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); @@ -83,14 +80,12 @@ public class UserTests { } catch (IllegalArgumentException expected) { } - try { new User("rod", null, true, true, true, true, ROLE_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { List auths = AuthorityUtils.createAuthorityList("ROLE_ONE"); auths.add(null); @@ -145,9 +140,7 @@ public class UserTests { @Test public void withUserDetailsWhenAllEnabled() { User expected = new User("rob", "pass", true, true, true, true, ROLE_12); - UserDetails actual = User.withUserDetails(expected).build(); - assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); @@ -160,9 +153,7 @@ public class UserTests { @Test public void withUserDetailsWhenAllDisabled() { User expected = new User("rob", "pass", false, false, false, false, ROLE_12); - UserDetails actual = User.withUserDetails(expected).build(); - assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); @@ -175,10 +166,8 @@ public class UserTests { @Test public void withUserWhenDetailsPasswordEncoderThenEncodes() { UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build(); - UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder((p) -> p + "encoded") .build(); - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -186,7 +175,6 @@ public class UserTests { public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() { UserDetails withEncodedPassword = User.withUsername("user").password("password") .passwordEncoder((p) -> p + "encoded").roles("USER").build(); - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -199,7 +187,6 @@ public class UserTests { .roles("USER") .build(); // @formatter:on - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -214,7 +201,6 @@ public class UserTests { .roles("USER") .build(); // @formatter:on - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java index 1d989dbe98..45f1887853 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java @@ -53,7 +53,6 @@ public class EhCacheBasedUserCacheTests { private Ehcache getCache() { Ehcache cache = cacheManager.getCache("ehcacheusercachetests"); cache.removeAll(); - return cache; } @@ -67,15 +66,12 @@ public class EhCacheBasedUserCacheTests { EhCacheBasedUserCache cache = new EhCacheBasedUserCache(); cache.setCache(getCache()); cache.afterPropertiesSet(); - // Check it gets stored in the cache cache.putUserInCache(getUser()); assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword()); - // Check it gets removed from the cache cache.removeUserFromCache(getUser()); assertThat(cache.getUserFromCache(getUser().getUsername())).isNull(); - // Check it doesn't return values for null or unknown users assertThat(cache.getUserFromCache(null)).isNull(); assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull(); @@ -84,10 +80,8 @@ public class EhCacheBasedUserCacheTests { @Test(expected = IllegalArgumentException.class) public void startupDetectsMissingCache() throws Exception { EhCacheBasedUserCache cache = new EhCacheBasedUserCache(); - cache.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); - Ehcache myCache = getCache(); cache.setCache(myCache); assertThat(cache.getCache()).isEqualTo(myCache); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java index 7fa442e322..44bf44bade 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java @@ -64,15 +64,12 @@ public class SpringCacheBasedUserCacheTests { @Test public void cacheOperationsAreSuccessful() throws Exception { SpringCacheBasedUserCache cache = new SpringCacheBasedUserCache(getCache()); - // Check it gets stored in the cache cache.putUserInCache(getUser()); assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword()); - // Check it gets removed from the cache cache.removeUserFromCache(getUser()); assertThat(cache.getUserFromCache(getUser().getUsername())).isNull(); - // Check it doesn't return values for null or unknown users assertThat(cache.getUserFromCache(null)).isNull(); assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull(); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java index bfad0a615e..90f45656b4 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java @@ -43,7 +43,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setDataSource(PopulatedDatabase.getDataSource()); dao.afterPropertiesSet(); - return dao; } @@ -52,7 +51,6 @@ public class JdbcDaoImplTests { dao.setDataSource(PopulatedDatabase.getDataSource()); dao.setRolePrefix("ARBITRARY_PREFIX_"); dao.afterPropertiesSet(); - return dao; } @@ -63,7 +61,6 @@ public class JdbcDaoImplTests { assertThat(user.getUsername()).isEqualTo("rod"); assertThat(user.getPassword()).isEqualTo("koala"); assertThat(user.isEnabled()).isTrue(); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TELLER"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_SUPERVISOR"); } @@ -88,7 +85,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setAuthoritiesByUsernameQuery("SELECT * FROM FOO"); assertThat(dao.getAuthoritiesByUsernameQuery()).isEqualTo("SELECT * FROM FOO"); - dao.setUsersByUsernameQuery("SELECT USERS FROM FOO"); assertThat(dao.getUsersByUsernameQuery()).isEqualTo("SELECT USERS FROM FOO"); } @@ -96,7 +92,6 @@ public class JdbcDaoImplTests { @Test public void testLookupFailsIfUserHasNoGrantedAuthorities() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); - try { dao.loadUserByUsername("cooper"); fail("Should have thrown UsernameNotFoundException"); @@ -108,13 +103,11 @@ public class JdbcDaoImplTests { @Test public void testLookupFailsWithWrongUsername() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); - try { dao.loadUserByUsername("UNKNOWN_USER"); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { - } } @@ -129,11 +122,9 @@ public class JdbcDaoImplTests { public void testRolePrefixWorks() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDaoWithRolePrefix(); assertThat(dao.getRolePrefix()).isEqualTo("ARBITRARY_PREFIX_"); - UserDetails user = dao.loadUserByUsername("rod"); assertThat(user.getUsername()).isEqualTo("rod"); assertThat(user.getAuthorities()).hasSize(2); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ARBITRARY_PREFIX_ROLE_TELLER"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())) .contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR"); @@ -144,7 +135,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = makePopulatedJdbcDao(); dao.setEnableAuthorities(false); dao.setEnableGroups(true); - UserDetails jerry = dao.loadUserByUsername("jerry"); assertThat(jerry.getAuthorities()).hasSize(3); } @@ -162,34 +152,29 @@ public class JdbcDaoImplTests { @Test public void testStartupFailsIfDataSourceNotSet() { JdbcDaoImpl dao = new JdbcDaoImpl(); - try { dao.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testStartupFailsIfUserMapSetToNull() { JdbcDaoImpl dao = new JdbcDaoImpl(); - try { dao.setDataSource(null); dao.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test(expected = IllegalArgumentException.class) public void setMessageSourceWhenNullThenThrowsException() { JdbcDaoImpl dao = new JdbcDaoImpl(); - dao.setMessageSource(null); } @@ -199,9 +184,7 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setMessageSource(source); String code = "code"; - dao.getMessages().getMessage(code); - verify(source).getMessage(eq(code), any(), any()); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java index 757d05bbeb..1d700855e8 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java @@ -31,7 +31,6 @@ public class UserAttributeEditorTests { public void testCorrectOperationWithTrailingSpaces() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password ,ROLE_ONE,ROLE_TWO "); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.getPassword()).isEqualTo("password"); assertThat(user.getAuthorities()).hasSize(2); @@ -43,7 +42,6 @@ public class UserAttributeEditorTests { public void testCorrectOperationWithoutEnabledDisabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,ROLE_ONE,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(user.isEnabled()).isTrue(); // default @@ -57,7 +55,6 @@ public class UserAttributeEditorTests { public void testDisabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,disabled,ROLE_ONE,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(!user.isEnabled()).isTrue(); @@ -71,7 +68,6 @@ public class UserAttributeEditorTests { public void testEmptyStringReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText(""); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -80,7 +76,6 @@ public class UserAttributeEditorTests { public void testEnabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,ROLE_ONE,enabled,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(user.isEnabled()).isTrue(); @@ -94,7 +89,6 @@ public class UserAttributeEditorTests { public void testMalformedStringReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("MALFORMED_STRING"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -103,7 +97,6 @@ public class UserAttributeEditorTests { public void testNoPasswordOrRolesReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("disabled"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -112,7 +105,6 @@ public class UserAttributeEditorTests { public void testNoRolesReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,enabled"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -121,7 +113,6 @@ public class UserAttributeEditorTests { public void testNullReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText(null); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java index 1efa6f4b62..924364f352 100644 --- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java @@ -48,7 +48,6 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests { + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - @Test public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java index 2fcc882be4..91dbb6750e 100644 --- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java @@ -41,7 +41,6 @@ public class BadCredentialsExceptionMixinTests extends AbstractMixinTests { + "\"suppressed\": [\"[Ljava.lang.Throwable;\",[]]" + "}"; // @formatter:on - @Test public void serializeBadCredentialsExceptionMixinTest() throws JsonProcessingException, JSONException { BadCredentialsException exception = new BadCredentialsException("message"); diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java index 9500354e97..85b05860e8 100644 --- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java @@ -48,7 +48,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - // @formatter:off private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{" + "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," @@ -59,7 +58,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - @Test(expected = IllegalArgumentException.class) public void testWithNullPrincipal() { new RememberMeAuthenticationToken("key", null, Collections.emptyList()); diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java index ab9405c986..8f2806079f 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java @@ -44,7 +44,6 @@ public class SecurityContextMixinTests extends AbstractMixinTests { + "\"authentication\": " + UsernamePasswordAuthenticationTokenMixinTests.AUTHENTICATED_STRINGPRINCIPAL_JSON + "}"; // @formatter:on - @Test public void securityContextSerializeTest() throws JsonProcessingException, JSONException { SecurityContext context = new SecurityContextImpl(); diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java index d053a451b9..106750a1e6 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java @@ -58,7 +58,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenExplicitDefaultTypingAfterSecuritySetupThenReadsAsSpecificType() throws Exception { this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @@ -68,14 +67,12 @@ public class SecurityJackson2ModulesTests { this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); SecurityJackson2Modules.enableDefaultTyping(this.mapper); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @Test public void readValueWhenAnnotatedThenReadsAsSpecificType() throws Exception { String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlistedButAnnotated\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlistedButAnnotated.class); } @@ -83,7 +80,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenMixinProvidedThenReadsAsSpecificType() throws Exception { this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @@ -91,7 +87,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenHashMapThenReadsAsSpecificType() throws Exception { this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class); String content = "{\"@class\":\"java.util.HashMap\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(HashMap.class); } diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java index 2786cd2b24..05d67d7323 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java @@ -36,18 +36,12 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests { // @formatter:off public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}"; - public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]"; - public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]"; - public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", []]"; - public static final String EMPTY_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$EmptyList\", []]"; - public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]"; // @formatter:on - @Test public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java index f7d902486b..299b4f9026 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java @@ -53,7 +53,6 @@ public class UserDeserializerTests extends AbstractMixinTests { + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON + "}"; // @formatter:on - @Test public void serializeUserTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); @@ -72,14 +71,12 @@ public class UserDeserializerTests extends AbstractMixinTests { public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException { String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]"); - this.mapper.readValue(userJsonWithoutPasswordString, User.class); } @Test public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception { String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), this.mapper, "password"); - User user = this.mapper.readValue(userJsonWithoutPasswordString, User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); @@ -107,7 +104,6 @@ public class UserDeserializerTests extends AbstractMixinTests { private String removeNode(String json, ObjectMapper mapper, String toRemove) throws Exception { ObjectNode node = mapper.getFactory().createParser(json).readValueAsTree(); node.remove(toRemove); - String result = mapper.writeValueAsString(node); JSONAssert.assertNotEquals(json, result, false); return result; diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java index c3c4816c06..cca7f4d75b 100644 --- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java @@ -44,7 +44,6 @@ public class InMemoryUserDetailsManagerTests { @Test public void changePasswordWhenUsernameIsNotInLowercase() { UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user()).username("User").build(); - String newPassword = "newPassword"; this.manager.updatePassword(userNotLowerCase, newPassword); assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()) diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java index 413bff2c53..ddb9a46d7e 100644 --- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java @@ -97,7 +97,6 @@ public class JdbcUserDetailsManagerTests { this.manager.setChangePasswordSql(JdbcUserDetailsManager.DEF_CHANGE_PASSWORD_SQL); this.manager.initDao(); this.template = this.manager.getJdbcTemplate(); - this.template.execute("create table users(username varchar(20) not null primary key," + "password varchar(20) not null, enabled boolean not null)"); this.template @@ -121,7 +120,6 @@ public class JdbcUserDetailsManagerTests { this.template.execute("alter table users add column acc_locked boolean default false not null"); this.template.execute("alter table users add column acc_expired boolean default false not null"); this.template.execute("alter table users add column creds_expired boolean default false not null"); - this.manager.setUsersByUsernameQuery( "select username,password,enabled, acc_locked, acc_expired, creds_expired from users where username = ?"); this.manager.setCreateUserSql( @@ -133,22 +131,17 @@ public class JdbcUserDetailsManagerTests { @Test public void createUserInsertsCorrectData() { this.manager.createUser(joe); - UserDetails joe2 = this.manager.loadUserByUsername("joe"); - assertThat(joe2).isEqualTo(joe); } @Test public void createUserInsertsCorrectDataWithLocking() { setUpAccLockingColumns(); - UserDetails user = new User("joe", "pass", true, false, true, false, AuthorityUtils.createAuthorityList("A", "B")); this.manager.createUser(user); - UserDetails user2 = this.manager.loadUserByUsername(user.getUsername()); - assertThat(user2).isEqualToComparingFieldByField(user); } @@ -156,7 +149,6 @@ public class JdbcUserDetailsManagerTests { public void deleteUserRemovesUserDataAndAuthoritiesAndClearsCache() { insertJoe(); this.manager.deleteUser("joe"); - assertThat(this.template.queryForList(SELECT_JOE_SQL)).isEmpty(); assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty(); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); @@ -167,11 +159,8 @@ public class JdbcUserDetailsManagerTests { insertJoe(); User newJoe = new User("joe", "newpassword", false, true, true, true, AuthorityUtils.createAuthorityList(new String[] { "D", "F", "E" })); - this.manager.updateUser(newJoe); - UserDetails joe = this.manager.loadUserByUsername("joe"); - assertThat(joe).isEqualTo(newJoe); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); } @@ -179,16 +168,11 @@ public class JdbcUserDetailsManagerTests { @Test public void updateUserChangesDataCorrectlyAndClearsCacheWithLocking() { setUpAccLockingColumns(); - insertJoe(); - User newJoe = new User("joe", "newpassword", false, false, false, true, AuthorityUtils.createAuthorityList("D", "F", "E")); - this.manager.updateUser(newJoe); - UserDetails joe = this.manager.loadUserByUsername(newJoe.getUsername()); - assertThat(joe).isEqualToComparingFieldByField(newJoe); assertThat(this.cache.getUserMap().containsKey(newJoe.getUsername())).isFalse(); } @@ -216,7 +200,6 @@ public class JdbcUserDetailsManagerTests { authenticateJoe(); this.manager.changePassword("wrongpassword", "newPassword"); UserDetails newJoe = this.manager.loadUserByUsername("joe"); - assertThat(newJoe.getPassword()).isEqualTo("newPassword"); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); } @@ -227,11 +210,9 @@ public class JdbcUserDetailsManagerTests { Authentication currentAuth = authenticateJoe(); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(currentAuth)).willReturn(currentAuth); - this.manager.setAuthenticationManager(am); this.manager.changePassword("password", "newPassword"); UserDetails newJoe = this.manager.loadUserByUsername("joe"); - assertThat(newJoe.getPassword()).isEqualTo("newPassword"); // The password in the context should also be altered Authentication newAuth = SecurityContextHolder.getContext().getAuthentication(); @@ -247,16 +228,13 @@ public class JdbcUserDetailsManagerTests { authenticateJoe(); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); - this.manager.setAuthenticationManager(am); - try { this.manager.changePassword("password", "newPassword"); fail("Expected BadCredentialsException"); } catch (BadCredentialsException expected) { } - // Check password hasn't changed. UserDetails newJoe = this.manager.loadUserByUsername("joe"); assertThat(newJoe.getPassword()).isEqualTo("password"); @@ -268,7 +246,6 @@ public class JdbcUserDetailsManagerTests { public void findAllGroupsReturnsExpectedGroupNames() { List groups = this.manager.findAllGroups(); assertThat(groups).hasSize(4); - Collections.sort(groups); assertThat(groups.get(0)).isEqualTo("GROUP_0"); assertThat(groups.get(1)).isEqualTo("GROUP_1"); @@ -289,10 +266,8 @@ public class JdbcUserDetailsManagerTests { @SuppressWarnings("unchecked") public void createGroupInsertsCorrectData() { this.manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y")); - List roles = this.template.queryForList("select ga.authority from groups g, group_authorities ga " + "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'"); - assertThat(roles).hasSize(2); } @@ -302,7 +277,6 @@ public class JdbcUserDetailsManagerTests { this.manager.deleteGroup("GROUP_1"); this.manager.deleteGroup("GROUP_2"); this.manager.deleteGroup("GROUP_3"); - assertThat(this.template.queryForList("select * from group_authorities")).isEmpty(); assertThat(this.template.queryForList("select * from group_members")).isEmpty(); assertThat(this.template.queryForList("select id from groups")).isEmpty(); @@ -311,7 +285,6 @@ public class JdbcUserDetailsManagerTests { @Test public void renameGroupIsSuccessful() { this.manager.renameGroup("GROUP_0", "GROUP_X"); - assertThat(this.template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class)) .isZero(); } @@ -319,14 +292,12 @@ public class JdbcUserDetailsManagerTests { @Test public void addingGroupUserSetsCorrectData() { this.manager.addUserToGroup("tom", "GROUP_0"); - assertThat(this.template.queryForList("select username from group_members where group_id = 0")).hasSize(2); } @Test public void removeUserFromGroupDeletesGroupMemberRow() { this.manager.removeUserFromGroup("jerry", "GROUP_1"); - assertThat(this.template.queryForList("select group_id from group_members where username = 'jerry'")) .hasSize(1); } @@ -341,7 +312,6 @@ public class JdbcUserDetailsManagerTests { public void addGroupAuthorityInsertsCorrectGroupAuthorityRow() { GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_X"); this.manager.addGroupAuthority("GROUP_0", auth); - this.template.queryForObject( "select authority from group_authorities where authority = 'ROLE_X' and group_id = 0", String.class); } @@ -351,7 +321,6 @@ public class JdbcUserDetailsManagerTests { GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_A"); this.manager.removeGroupAuthority("GROUP_0", auth); assertThat(this.template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty(); - this.manager.removeGroupAuthority("GROUP_2", auth); assertThat(this.template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2); } @@ -388,7 +357,6 @@ public class JdbcUserDetailsManagerTests { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("joe", "password", joe.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); - return auth; } diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java index 51835d2133..2d7317b7a1 100644 --- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java @@ -28,12 +28,10 @@ public class FieldUtilsTests { @Test public void gettingAndSettingProtectedFieldIsSuccessful() throws Exception { Object tc = new TestClass(); - assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("x"); assertThat(FieldUtils.getFieldValue(tc, "nested.protectedField")).isEqualTo("z"); FieldUtils.setProtectedFieldValue("protectedField", tc, "y"); assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("y"); - try { FieldUtils.getProtectedFieldValue("nonExistentField", tc); } diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java index aa099fb9c0..7bc823f2bb 100644 --- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java @@ -61,14 +61,11 @@ public class MethodInvocationUtilsTests { AdvisedTarget t = new AdvisedTarget(); // Just lie about interfaces t.setInterfaces(new Class[] { Serializable.class, MethodInvocation.class, Blah.class }); - MethodInvocation mi = MethodInvocationUtils.create(t, "blah"); assertThat(mi).isNotNull(); - t.setProxyTargetClass(true); mi = MethodInvocationUtils.create(t, "blah"); assertThat(mi).isNotNull(); - assertThat(MethodInvocationUtils.create(t, "blah", "non-existent arg")).isNull(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java index dce328f4b3..23fde39954 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java @@ -89,7 +89,6 @@ public class Argon2PasswordEncoderTests { public void matchesWhenGeneratedWithDifferentEncoderThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(); - String password = "secret"; String oldEncodedPassword = oldEncoder.encode(password); assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue(); @@ -113,9 +112,7 @@ public class Argon2PasswordEncoderTests { @Test public void encodeWhenUsingPredictableSaltThenEqualTestHash() throws Exception { injectPredictableSaltGen(); - String hash = this.encoder.encode("sometestpassword"); - assertThat(hash).isEqualTo( "$argon2id$v=19$m=4096,t=3,p=1$QUFBQUFBQUFBQUFBQUFBQQ$hmmTNyJlwbb6HAvFoHFWF+u03fdb0F2qA+39oPlcAqo"); } @@ -125,7 +122,6 @@ public class Argon2PasswordEncoderTests { this.encoder = new Argon2PasswordEncoder(16, 32, 4, 512, 5); injectPredictableSaltGen(); String hash = this.encoder.encode("sometestpassword"); - assertThat(hash).isEqualTo( "$argon2id$v=19$m=512,t=5,p=4$QUFBQUFBQUFBQUFBQUFBQQ$PNv4C3K50bz3rmON+LtFpdisD7ePieLNq+l5iUHgc1k"); } @@ -133,16 +129,13 @@ public class Argon2PasswordEncoderTests { @Test public void upgradeEncodingWhenSameEncodingThenFalse() { String hash = this.encoder.encode("password"); - assertThat(this.encoder.upgradeEncoding(hash)).isFalse(); } @Test public void upgradeEncodingWhenSameStandardParamsThenFalse() { Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(); - String hash = this.encoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -150,9 +143,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenSameCustomParamsThenFalse() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -160,9 +151,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasLowerMemoryThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 512, 4); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isTrue(); } @@ -170,9 +159,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasLowerIterationsThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 5); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isTrue(); } @@ -180,9 +167,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasHigherParamsThenFalse() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 128, 3); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -205,7 +190,6 @@ public class Argon2PasswordEncoderTests { byte[] bytes = new byte[16]; Arrays.fill(bytes, (byte) 0x41); Mockito.when(this.keyGeneratorMock.generateKey()).thenReturn(bytes); - // we can't use the @InjectMock-annotation because the salt-generator is set in // the constructor // and Mockito will only inject mocks if they are null diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java index 1b88c0fc09..b9c9c1072f 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java @@ -113,7 +113,6 @@ public class BCryptPasswordEncoderTests { BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(8); String result = encoder.encode("password"); assertThat(encoder.matches("password", result)).isTrue(); - } @Test @@ -169,10 +168,8 @@ public class BCryptPasswordEncoderTests { public void upgradeFromLowerStrength() { BCryptPasswordEncoder weakEncoder = new BCryptPasswordEncoder(5); BCryptPasswordEncoder strongEncoder = new BCryptPasswordEncoder(15); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse(); assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java index 7fcd8739c9..010c1e9c8e 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java @@ -11,7 +11,6 @@ // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - package org.springframework.security.crypto.bcrypt; import java.util.ArrayList; @@ -141,7 +140,6 @@ public class BCryptTests { "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti")); testObjectsString.add(new TestObject<>("~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq")); - testObjectsByteArray = new ArrayList<>(); testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.uiVGfgi6Z1Iz.vZr11mi/38o09TUVCy")); @@ -315,11 +313,9 @@ public class BCryptTests { print("BCrypt.hashpw w/ international chars: "); String pw1 = "ππππππππ"; String pw2 = "????????"; - String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt()); assertThat(BCrypt.checkpw(pw2, h1)).isFalse(); print("."); - String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt()); assertThat(BCrypt.checkpw(pw1, h2)).isFalse(); print("."); @@ -386,15 +382,12 @@ public class BCryptTests { @Test public void testBase64EncodeDecode() { byte[] ba = new byte[3]; - for (int b = 0; b <= 0xFF; b++) { for (int i = 0; i < ba.length; i++) { Arrays.fill(ba, (byte) 0); ba[i] = (byte) b; - String s = encode_base64(ba, 3); assertThat(s.length()).isEqualTo(4); - byte[] decoded = BCrypt.decode_base64(s, 3); assertThat(decoded).isEqualTo(ba); } @@ -452,10 +445,8 @@ public class BCryptTests { public void equalsOnStringsIsCorrect() { assertThat(BCrypt.equalsNoEarlyReturn("", "")).isTrue(); assertThat(BCrypt.equalsNoEarlyReturn("test", "test")).isTrue(); - assertThat(BCrypt.equalsNoEarlyReturn("test", "")).isFalse(); assertThat(BCrypt.equalsNoEarlyReturn("", "test")).isFalse(); - assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java index 9a66e090d9..4c1b202df8 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java @@ -33,9 +33,7 @@ public class Utf8Tests { byte[] bytes = Utf8.encode("6048b75ed560785c"); assertThat(bytes).hasSize(16); assertThat(Arrays.equals("6048b75ed560785c".getBytes("UTF-8"), bytes)).isTrue(); - String decoded = Utf8.decode(bytes); - assertThat(decoded).isEqualTo("6048b75ed560785c"); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java index 0d1a9b678b..d806b028cb 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java @@ -67,7 +67,6 @@ public class AesBytesEncryptorTests { byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -77,11 +76,9 @@ public class AesBytesEncryptorTests { CryptoAssumptions.assumeGCMJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, CipherAlgorithm.GCM); - byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -92,11 +89,9 @@ public class AesBytesEncryptorTests { PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), 1024, 256); SecretKey secretKey = CipherUtils.newSecretKey(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name(), keySpec); AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, CipherAlgorithm.GCM); - byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java index 56a70c073d..44506004d1 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java @@ -102,7 +102,6 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests { Assert.assertArrayEquals(this.testData, leftDecrypted); Assert.assertArrayEquals(this.testData, rightDecrypted); } - } private void testCompatibility(BytesEncryptor left, BytesEncryptor right) { diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java index 3feeb87868..3fca2601c8 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java @@ -52,7 +52,6 @@ public final class CryptoAssumptions { throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", ex); } Assume.assumeTrue("AES key length of 256 not allowed, skipping test", aes256Available); - } } diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java index 7aff4acdd3..89143fae4e 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java @@ -35,7 +35,6 @@ public class PasswordEncoderFactoriesTests { @Test public void encodeWhenDefaultThenBCryptUsed() { String encodedPassword = this.encoder.encode(this.rawPassword); - assertThat(encodedPassword).startsWith("{bcrypt}"); assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java index e53288afcc..c98fd1016b 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java @@ -69,7 +69,6 @@ public class DelegatingPasswordEncoderTests { this.delegates = new HashMap<>(); this.delegates.put(this.bcryptId, this.bcrypt); this.delegates.put("noop", this.noop); - this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); } @@ -92,9 +91,7 @@ public class DelegatingPasswordEncoderTests { public void matchesWhenCustomDefaultPasswordEncoderForMatchesThenDelegates() { String encodedPassword = "{unmapped}" + this.rawPassword; this.passwordEncoder.setDefaultPasswordEncoderForMatches(this.invalidId); - assertThat(this.passwordEncoder.matches(this.rawPassword, encodedPassword)).isFalse(); - verify(this.invalidId).matches(this.rawPassword, encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); } @@ -102,16 +99,13 @@ public class DelegatingPasswordEncoderTests { @Test public void encodeWhenValidThenUsesIdForEncode() { given(this.bcrypt.encode(this.rawPassword)).willReturn(this.encodedPassword); - assertThat(this.passwordEncoder.encode(this.rawPassword)).isEqualTo(this.bcryptEncodedPassword); } @Test public void matchesWhenBCryptThenDelegatesToBCrypt() { given(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.bcryptEncodedPassword)).isTrue(); - verify(this.bcrypt).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.noop); } @@ -119,9 +113,7 @@ public class DelegatingPasswordEncoderTests { @Test public void matchesWhenNoopThenDelegatesToNoop() { given(this.noop.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.noopEncodedPassword)).isTrue(); - verify(this.noop).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt); } @@ -131,7 +123,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -140,7 +131,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -149,7 +139,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -158,7 +147,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -167,20 +155,16 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenIdIsNullThenFalse() { this.delegates = new Hashtable<>(this.delegates); - DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); - assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -189,9 +173,7 @@ public class DelegatingPasswordEncoderTests { this.delegates.put(null, this.invalidId); this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); given(this.invalidId.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.encodedPassword)).isTrue(); - verify(this.invalidId).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); } @@ -219,23 +201,19 @@ public class DelegatingPasswordEncoderTests { @Test public void upgradeEncodingWhenSameIdAndEncoderFalseThenEncoderDecidesFalse() { assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse(); - verify(this.bcrypt).upgradeEncoding(this.encodedPassword); } @Test public void upgradeEncodingWhenSameIdAndEncoderTrueThenEncoderDecidesTrue() { given(this.bcrypt.upgradeEncoding(any())).willReturn(true); - assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isTrue(); - verify(this.bcrypt).upgradeEncoding(this.encodedPassword); } @Test public void upgradeEncodingWhenDifferentIdThenTrue() { assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue(); - verifyZeroInteractions(this.bcrypt); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java index dfd72f22af..c2ba10087f 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java @@ -83,14 +83,11 @@ public class LdapShaPasswordEncoderTests { public void correctPrefixCaseIsUsed() { this.sha.setForceLowerCasePrefix(false); assertThat(this.sha.encode("somepassword").startsWith("{SSHA}")); - this.sha.setForceLowerCasePrefix(true); assertThat(this.sha.encode("somepassword").startsWith("{ssha}")); - this.sha = new LdapShaPasswordEncoder(KeyGenerators.shared(0)); this.sha.setForceLowerCasePrefix(false); assertThat(this.sha.encode("somepassword").startsWith("{SHA}")); - this.sha.setForceLowerCasePrefix(true); assertThat(this.sha.encode("somepassword").startsWith("{SSHA}")); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java index b36ac74940..a1de26c6c3 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java @@ -62,7 +62,6 @@ public class Md4PasswordEncoderTests { String rawPassword = "password"; Md4PasswordEncoder md4 = new Md4PasswordEncoder(); String encodedPassword = md4.encode(rawPassword); - assertThat(md4.matches(rawPassword, encodedPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java index a430e8108e..057545ca41 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java @@ -95,7 +95,6 @@ public class MessageDigestPasswordEncoderTests { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1"); String raw = "abc123"; assertThat(pe.matches(raw, "{THIS_IS_A_SALT}b2f50ffcbd3407fe9415c062d55f54731f340d32")); - } @Test diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java index 3da34c5daf..bd54171718 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java @@ -71,14 +71,12 @@ public class Pbkdf2PasswordEncoderTests { byte[] originalBytes = Hex.decode(originalEncodedPassword); byte[] fixedBytes = Arrays.copyOfRange(originalBytes, saltLength, originalBytes.length); String fixedHex = String.valueOf(Hex.encode(fixedBytes)); - assertThat(fixedHex).isEqualTo(encodedPassword); } @Test public void encodeAndMatchWhenBase64ThenSuccess() { this.encoder.setEncodeHashAsBase64(true); - String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); @@ -89,7 +87,6 @@ public class Pbkdf2PasswordEncoderTests { this.encoder.setEncodeHashAsBase64(true); String rawPassword = "password"; String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ=="; - assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as // Base64 @@ -98,7 +95,6 @@ public class Pbkdf2PasswordEncoderTests { @Test public void encodeAndMatchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); - String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); @@ -107,7 +103,6 @@ public class Pbkdf2PasswordEncoderTests { @Test public void matchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); - String rawPassword = "password"; String encodedPassword = "821447f994e2b04c5014e31fa9fca4ae1cc9f2188c4ed53d3ddb5ba7980982b51a0ecebfc0b81a79"; assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java index 22fa4d5ffe..6dcd99865a 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java @@ -68,7 +68,6 @@ public class SCryptPasswordEncoderTests { public void samePasswordWithDifferentParams() { SCryptPasswordEncoder oldEncoder = new SCryptPasswordEncoder(16384, 8, 1, 32, 64); SCryptPasswordEncoder newEncoder = new SCryptPasswordEncoder(); - String password = "secret"; String oldEncodedPassword = oldEncoder.encode(password); assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue(); @@ -140,10 +139,8 @@ public class SCryptPasswordEncoderTests { public void upgradeEncodingWhenWeakerToStrongerThenFalse() { SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64); SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse(); } @@ -151,10 +148,8 @@ public class SCryptPasswordEncoderTests { public void upgradeEncodingWhenStrongerToWeakerThenTrue() { SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64); SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue(); } diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java index 38cd7e3f01..b4937afebb 100644 --- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java +++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java @@ -49,7 +49,6 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectSecurityContextHolderAuthentication() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(authentication); - assertThat(getRoot().getAuthentication()).isSameAs(authentication); } @@ -57,10 +56,8 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(authentication); - assertThat(getRoot().getAuthentication()).isSameAs(explicit); } @@ -68,7 +65,6 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectExplicitAuthentication() { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); - assertThat(getRoot().getAuthentication()).isSameAs(explicit); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java index 7978c18b4b..ae84d19654 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java @@ -37,16 +37,13 @@ public class LdapUtilsTests { public void testCloseContextSwallowsNamingException() throws Exception { final DirContext dirCtx = mock(DirContext.class); willThrow(new NamingException()).given(dirCtx).close(); - LdapUtils.closeContext(dirCtx); } @Test public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName() throws Exception { final DirContext mockCtx = mock(DirContext.class); - given(mockCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org"); - assertThat(LdapUtils.getRelativeName("dc=springframework,dc=org", mockCtx)).isEqualTo(""); } @@ -54,7 +51,6 @@ public class LdapUtilsTests { public void testGetRelativeNameReturnsFullDnWithEmptyBaseName() throws Exception { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn(""); - assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx)) .isEqualTo("cn=jane,dc=springframework,dc=org"); } @@ -63,7 +59,6 @@ public class LdapUtilsTests { public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org"); - assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx)) .isEqualTo("cn=jane smith"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java index e7e0b487f1..1b8f25afad 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java @@ -52,7 +52,6 @@ public class SpringSecurityAuthenticationSourceTests { @Test public void principalIsEmptyForAnonymousUser() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); - SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored"))); assertThat(source.getPrincipal()).isEqualTo(""); @@ -62,7 +61,6 @@ public class SpringSecurityAuthenticationSourceTests { public void getPrincipalRejectsNonLdapUserDetailsObject() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password")); - source.getPrincipal(); } @@ -70,7 +68,6 @@ public class SpringSecurityAuthenticationSourceTests { public void expectedCredentialsAreReturned() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password")); - assertThat(source.getCredentials()).isEqualTo("password"); } @@ -82,7 +79,6 @@ public class SpringSecurityAuthenticationSourceTests { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null)); - assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java index 082392d6d5..5494ae1490 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java @@ -60,16 +60,13 @@ public class SpringSecurityLdapTemplateTests { String searchResultName = "ldap://example.com/dc=springframework,dc=org"; Object[] params = new Object[] {}; DirContextAdapter searchResultObject = mock(DirContextAdapter.class); - given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture())) .willReturn(this.resultsEnum); given(this.resultsEnum.hasMore()).willReturn(true, false); given(this.resultsEnum.next()).willReturn(this.searchResult); given(this.searchResult.getObject()).willReturn(searchResultObject); - SpringSecurityLdapTemplate.searchForSingleEntryInternal(this.ctx, mock(SearchControls.class), base, filter, params); - assertThat(this.searchControls.getValue().getReturningObjFlag()).isTrue(); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java index fc090ac0a7..cf6b6eefcc 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java @@ -53,7 +53,6 @@ public class LdapAuthenticationProviderTests { public void testSupportsUsernamePasswordAuthenticationToken() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - assertThat(ldapProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); } @@ -61,7 +60,6 @@ public class LdapAuthenticationProviderTests { public void testDefaultMapperIsSet() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - assertThat(ldapProvider.getUserDetailsContextMapper() instanceof LdapUserDetailsMapper).isTrue(); } @@ -69,14 +67,12 @@ public class LdapAuthenticationProviderTests { public void testEmptyOrNullUserNameThrowsException() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - try { ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password")); fail("Expected BadCredentialsException for empty username"); } catch (BadCredentialsException expected) { } - try { ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword")); fail("Expected BadCredentialsException for null username"); @@ -90,7 +86,6 @@ public class LdapAuthenticationProviderTests { final LdapAuthenticator authenticator = mock(LdapAuthenticator.class); final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password"); given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody")); - LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator); provider.authenticate(joe); } @@ -100,7 +95,6 @@ public class LdapAuthenticationProviderTests { final LdapAuthenticator authenticator = mock(LdapAuthenticator.class); final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password"); given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody")); - LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator); provider.setHideUserNotFoundExceptions(false); provider.authenticate(joe); @@ -113,9 +107,7 @@ public class LdapAuthenticationProviderTests { LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper(); userMapper.setRoleAttributes(new String[] { "ou" }); ldapProvider.setUserDetailsContextMapper(userMapper); - assertThat(ldapProvider.getAuthoritiesPopulator()).isNotNull(); - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); Object authDetails = new Object(); @@ -128,7 +120,6 @@ public class LdapAuthenticationProviderTests { assertThat(user.getPassword()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); assertThat(user.getUsername()).isEqualTo("ben"); assertThat(populator.getRequestedUsername()).isEqualTo("ben"); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_ENTRY"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_POPULATOR"); } @@ -138,12 +129,10 @@ public class LdapAuthenticationProviderTests { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); ldapProvider.setUseAuthenticationRequestCredentials(false); - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); Authentication authResult = ldapProvider.authenticate(authRequest); assertThat(authResult.getCredentials()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); - } @Test @@ -166,7 +155,6 @@ public class LdapAuthenticationProviderTests { LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class); CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException()); given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause); - LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator); try { ldapProvider.authenticate(authRequest); @@ -185,19 +173,15 @@ public class LdapAuthenticationProviderTests { ctx.setAttributeValue("ou", "FROM_ENTRY"); String username = authentication.getName(); String password = (String) authentication.getCredentials(); - if (username.equals("ben") && password.equals("benspassword")) { ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org")); ctx.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); - return ctx; } else if (username.equals("jen") && password.equals("")) { ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org")); - return ctx; } - throw new BadCredentialsException("Authentication failed."); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java index e5c10d8798..7a1a8e35bd 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java @@ -43,22 +43,16 @@ public class PasswordComparisonAuthenticatorMockTests { final BaseLdapPathContextSource source = mock(BaseLdapPathContextSource.class); final BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("uid", "bob")); - PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(source); - authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" }); - // Get the mock to return an empty attribute set given(source.getReadOnlyContext()).willReturn(dirCtx); given(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).willReturn(attrs); given(dirCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org"); - // Setup a single return value (i.e. success) final NamingEnumeration searchResults = new BasicAttributes("", null).getAll(); - given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class), any(SearchControls.class))).willReturn(searchResults); - authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword")); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java index b3c3a78d34..8272ec247f 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java @@ -98,43 +98,33 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @Test public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception { String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))"; - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - customProvider.setSearchFilter(customSearchFilter); Authentication result = customProvider.authenticate(this.joe); - assertThat(result.isAuthenticated()).isTrue(); } @Test public void defaultSearchFilter() throws Exception { final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = customProvider.authenticate(this.joe); - assertThat(result.isAuthenticated()).isTrue(); verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)); @@ -145,21 +135,16 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { public void bindPrincipalAndUsernameUsed() throws Exception { final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; ArgumentCaptor captor = ArgumentCaptor.forClass(Object[].class); - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = customProvider.authenticate(this.joe); - assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe"); assertThat(result.isAuthenticated()).isTrue(); } @@ -179,20 +164,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/"); DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class), any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr)); this.provider.contextFactory = createContextFactoryReturning(ctx); - try { this.provider.authenticate(this.joe); fail("Expected BadCredentialsException for user with no domain information"); } catch (BadCredentialsException expected) { } - this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password")); } @@ -202,9 +184,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willThrow(new NameNotFoundException()); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -215,9 +195,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(new EmptyEnumeration<>()); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -239,9 +217,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(searchResults.next()).willReturn(searchResult); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(searchResults); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -274,7 +250,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.provider.contextFactory = createContextFactoryThrowing( new AuthenticationException(msg + dataCode + ", xxxx]")); this.provider.setConvertSubErrorCodesToExceptions(true); - this.thrown.expect(BadCredentialsException.class); this.thrown.expect(new BaseMatcher() { private Matcher causeInstance = CoreMatchers @@ -297,21 +272,18 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.causeDataCode.describeTo(desc); } }); - this.provider.authenticate(this.joe); } @Test(expected = CredentialsExpiredException.class) public void expiredPasswordIsCorrectlyMapped() { this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]")); - try { this.provider.authenticate(this.joe); fail("BadCredentialsException should had been thrown"); } catch (BadCredentialsException expected) { } - this.provider.setConvertSubErrorCodesToExceptions(true); this.provider.authenticate(this.joe); } @@ -379,7 +351,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain"); checkAuthentication("dc=ad,dc=eu,dc=mydomain", provider); - } @Test(expected = IllegalArgumentException.class) @@ -395,10 +366,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @Test public void contextEnvironmentPropertiesUsed() { Hashtable env = new Hashtable<>(); - env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory"); this.provider.setContextEnvironmentProperties(env); - try { this.provider.authenticate(this.joe); fail("CommunicationException was expected with a root cause of ClassNotFoundException"); @@ -433,24 +402,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { throws NamingException { DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); @SuppressWarnings("deprecation") DistinguishedName searchBaseDn = new DistinguishedName(rootDn); given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr)); - provider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = provider.authenticate(this.joe); - assertThat(result.getAuthorities()).isEmpty(); - dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu"); - result = provider.authenticate(this.joe); - assertThat(result.getAuthorities()).hasSize(1); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java index 0f0ffef89f..84cc77f851 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java @@ -54,7 +54,6 @@ public class PasswordPolicyAwareContextSourceTests { if ("manager".equals(env.get(Context.SECURITY_PRINCIPAL))) { return PasswordPolicyAwareContextSourceTests.this.ctx; } - return null; } }; @@ -71,7 +70,6 @@ public class PasswordPolicyAwareContextSourceTests { @Test(expected = UncategorizedLdapException.class) public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception { willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class)); - this.ctxSource.getContext("user", "ignored"); } @@ -79,9 +77,7 @@ public class PasswordPolicyAwareContextSourceTests { public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception { given(this.ctx.getResponseControls()).willReturn(new Control[] { new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) }); - willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class)); - this.ctxSource.getContext("user", "ignored"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java index 2572727594..50babf5437 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java @@ -33,7 +33,6 @@ public class PasswordPolicyControlFactoryTests { public void returnsNullForUnrecognisedOID() { PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory(); Control wrongCtrl = mock(Control.class); - given(wrongCtrl.getID()).willReturn("wrongId"); assertThat(ctrlFactory.getControlInstance(wrongCtrl)).isNull(); } @@ -42,7 +41,6 @@ public class PasswordPolicyControlFactoryTests { public void returnsControlForCorrectOID() { PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory(); Control control = mock(Control.class); - given(control.getID()).willReturn(PasswordPolicyControl.OID); given(control.getEncodedValue()).willReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL); Control result = ctrlFactory.getControlInstance(control); diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java index ebca7d35ba..0422f10ef7 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java @@ -66,7 +66,6 @@ public class PasswordPolicyResponseControlTests { // // //com.sun.jndi.ldap.LdapPoolManager.showStats(System.out); // } - // private PasswordPolicyResponseControl getPPolicyResponseCtl(InitialLdapContext ctx) // throws NamingException { // Control[] ctrls = ctx.getResponseControls(); @@ -79,13 +78,10 @@ public class PasswordPolicyResponseControlTests { // // return null; // } - @Test public void openLDAP33SecondsTillPasswordExpiryCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getTimeBeforeExpiration()).isEqualTo(33); } @@ -93,9 +89,7 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAP496GraceLoginsRemainingCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01, (byte) 0xF0 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(496); } @@ -105,7 +99,6 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAP5GraceLoginsRemainingCtrlIsParsedCorrectly() { PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_5_LOGINS_REMAINING_CTRL); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(5); } @@ -115,7 +108,6 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAPAccountLockedCtrlIsParsedCorrectly() { PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_LOCKED_CTRL); - assertThat(ctrl.hasError() && ctrl.isLocked()).isTrue(); assertThat(ctrl.hasWarning()).isFalse(); } @@ -123,9 +115,7 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAPPasswordExpiredCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x03, (byte) 0xA1, 0x01, 0x00 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasError() && ctrl.isExpired()).isTrue(); assertThat(ctrl.hasWarning()).isFalse(); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java index 1f1e767efe..5e007f84ed 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java @@ -35,7 +35,6 @@ public class InetOrgPersonTests { public void testUsernameIsMappedFromContextUidIfNotSet() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getUsername()).isEqualTo("ghengis"); } @@ -55,7 +54,6 @@ public class InetOrgPersonTests { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); essence.setUsername("joe"); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getUsername()).isEqualTo("joe"); assertThat(p.getUid()).isEqualTo("ghengis"); } @@ -64,7 +62,6 @@ public class InetOrgPersonTests { public void attributesMapCorrectlyFromContext() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getCarLicense()).isEqualTo("HORS1"); assertThat(p.getMail()).isEqualTo("ghengis@mongolia"); assertThat(p.getGivenName()).isEqualTo("Ghengis"); @@ -89,7 +86,6 @@ public class InetOrgPersonTests { public void testPasswordIsSetFromContextUserPassword() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getPassword()).isEqualTo("pillage"); } @@ -102,7 +98,6 @@ public class InetOrgPersonTests { ctx2.setDn(new DistinguishedName("ignored=ignored")); InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails(); p.populateContext(ctx2); - assertThat(ctx2).isEqualTo(ctx1); } @@ -116,13 +111,11 @@ public class InetOrgPersonTests { InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails(); InetOrgPerson p2 = (InetOrgPerson) new InetOrgPerson.Essence(p).createUserDetails(); p2.populateContext(ctx2); - assertThat(ctx2).isEqualTo(ctx1); } private DirContextAdapter createUserContext() { DirContextAdapter ctx = new DirContextAdapter(); - ctx.setDn(new DistinguishedName("ignored=ignored")); ctx.setAttributeValue("uid", "ghengis"); ctx.setAttributeValue("userPassword", "pillage"); @@ -147,7 +140,6 @@ public class InetOrgPersonTests { ctx.setAttributeValue("sn", "Khan"); ctx.setAttributeValue("street", "Westward Avenue"); ctx.setAttributeValue("telephoneNumber", "+442075436521"); - return ctx; } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java index 7671e06211..e803d89288 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java @@ -35,7 +35,6 @@ public class LdapUserDetailsImplTests { mutableLdapUserDetails.setDn("uid=username1,ou=people,dc=example,dc=com"); mutableLdapUserDetails.setUsername("username1"); mutableLdapUserDetails.setPassword("password"); - LdapUserDetails ldapUserDetails = mutableLdapUserDetails.createUserDetails(); assertThat(ldapUserDetails).isInstanceOf(CredentialsContainer.class); ldapUserDetails.eraseCredentials(); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java index 40dfe14fc9..e0205051e3 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java @@ -40,17 +40,12 @@ public class LdapUserDetailsMapperTests { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setConvertToUpperCase(false); mapper.setRolePrefix(""); - mapper.setRoleAttributes(new String[] { "userRole" }); - DirContextAdapter ctx = new DirContextAdapter(); - ctx.setAttributeValues("userRole", new String[] { "X", "Y", "Z" }); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getAuthorities()).hasSize(3); } @@ -60,18 +55,13 @@ public class LdapUserDetailsMapperTests { @Test public void testNonRetrievedRoleAttributeIsIgnored() { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); - mapper.setRoleAttributes(new String[] { "userRole", "nonRetrievedAttribute" }); - BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("userRole", "x")); - DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getAuthorities()).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_X"); } @@ -79,17 +69,13 @@ public class LdapUserDetailsMapperTests { @Test public void testPasswordAttributeIsMappedCorrectly() { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); - mapper.setPasswordAttributeName("myappsPassword"); BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes())); - DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getPassword()).isEqualTo("mypassword"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java index 5ef160ca9a..3dfd7c53dd 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java @@ -52,13 +52,10 @@ public class LdapUserDetailsServiceTests { @Test public void correctAuthoritiesAreReturned() { DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe")); - LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData), new MockAuthoritiesPopulator()); service.setUserDetailsMapper(new LdapUserDetailsMapper()); - UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway"); - Set authorities = AuthorityUtils.authorityListToSet(user.getAuthorities()); assertThat(authorities).hasSize(1); assertThat(authorities.contains("ROLE_FROM_POPULATOR")).isTrue(); @@ -67,7 +64,6 @@ public class LdapUserDetailsServiceTests { @Test public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() { DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe")); - LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData)); UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway"); assertThat(user.getAuthorities()).isEmpty(); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java index cfdb2267c4..09ea5382e6 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java @@ -44,10 +44,8 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests { given(uds.loadUserByUsername("joe")).willReturn(user); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(user.getAuthorities()).willReturn(authorities); - UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds); Collection auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe"); - assertThat(auths).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER")).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java index 3a23553cca..13277bc737 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java @@ -56,7 +56,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { @Before public void setup() { this.handler = new DefaultMessageSecurityExpressionHandler<>(); - this.message = new GenericMessage<>(""); this.authentication = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); @@ -67,7 +66,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { public void trustResolverPopulated() { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("authenticated"); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse(); } @@ -82,7 +80,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("authenticated"); given(this.trustResolver.isAnonymous(this.authentication)).willReturn(false); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } @@ -94,7 +91,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { this.handler.setRoleHierarchy(roleHierarchy); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')"); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } @@ -104,7 +100,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("hasPermission(message, 'read')"); given(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).willReturn(true); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java index 98a01be6b5..f4a66f8761 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java @@ -66,7 +66,6 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { this.matcherToExpression = new LinkedHashMap<>(); this.matcherToExpression.put(this.matcher1, this.expression1); this.matcherToExpression.put(this.matcher2, this.expression2); - this.source = ExpressionBasedMessageSecurityMetadataSourceFactory .createExpressionMessageMetadataSource(this.matcherToExpression); this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message); @@ -74,18 +73,14 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { @Test public void createExpressionMessageMetadataSourceNoMatch() { - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).isNull(); } @Test public void createExpressionMessageMetadataSourceMatchFirst() { given(this.matcher1.matches(this.message)).willReturn(true); - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).hasSize(1); ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); @@ -96,9 +91,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { @Test public void createExpressionMessageMetadataSourceMatchSecond() { given(this.matcher2.matches(this.message)).willReturn(true); - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).hasSize(1); ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java index 0add3f1d23..27918fa51a 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java @@ -74,7 +74,6 @@ public class MessageExpressionConfigAttributeTests { @Test public void toStringUsesExpressionString() { given(this.expression.getExpressionString()).willReturn("toString"); - assertThat(this.attribute.toString()).isEqualTo(this.expression.getExpressionString()); } @@ -84,10 +83,8 @@ public class MessageExpressionConfigAttributeTests { Message message = MessageBuilder.withPayload("M") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build(); EvaluationContext context = mock(EvaluationContext.class); - this.attribute = new MessageExpressionConfigAttribute(this.expression, matcher); this.attribute.postProcess(context, message); - verify(context).setVariable("topic", "someTopic"); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java index fcd38b0553..700e2714cb 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java @@ -71,7 +71,6 @@ public class MessageExpressionVoterTests { public void setup() { this.attributes = Arrays .asList(new MessageExpressionConfigAttribute(this.expression, this.matcher)); - this.voter = new MessageExpressionVoter(); } @@ -127,10 +126,8 @@ public class MessageExpressionVoterTests { given(this.expressionHandler.createEvaluationContext(this.authentication, this.message)) .willReturn(this.evaluationContext); given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true); - assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message); } @@ -144,7 +141,6 @@ public class MessageExpressionVoterTests { this.attributes = Arrays.asList(configAttribute); given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext); given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true); - assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); verify(configAttribute).postProcess(this.evaluationContext, this.message); diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java index 43da6ad2f6..94d546c32e 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java @@ -77,7 +77,6 @@ public class ChannelSecurityInterceptorTests { this.interceptor = new ChannelSecurityInterceptor(this.source); this.interceptor.setAccessDecisionManager(this.accessDecisionManager); this.interceptor.setRunAsManager(this.runAsManager); - this.originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(this.originalAuth); } @@ -110,9 +109,7 @@ public class ChannelSecurityInterceptorTests { @Test public void preSendGrant() { given(this.source.getAttributes(this.message)).willReturn(this.attrs); - Message result = this.interceptor.preSend(this.message, this.channel); - assertThat(result).isSameAs(this.message); } @@ -121,7 +118,6 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class), eq(this.message), eq(this.attrs)); - this.interceptor.preSend(this.message, this.channel); } @@ -131,13 +127,9 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) .willReturn(this.runAs); - Message preSend = this.interceptor.preSend(this.message, this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); - this.interceptor.postSend(preSend, this.channel, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth); } @@ -152,13 +144,9 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) .willReturn(this.runAs); - Message preSend = this.interceptor.preSend(this.message, this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); - this.interceptor.afterSendCompletion(preSend, this.channel, true, new RuntimeException()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java index 037958cb4d..4bf00db940 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java @@ -63,7 +63,6 @@ public class DefaultMessageSecurityMetadataSourceTests { this.messageMap = new LinkedHashMap<>(); this.messageMap.put(this.matcher1, Arrays.asList(this.config1)); this.messageMap.put(this.matcher2, Arrays.asList(this.config2)); - this.source = new DefaultMessageSecurityMetadataSource(this.messageMap); } @@ -75,14 +74,12 @@ public class DefaultMessageSecurityMetadataSourceTests { @Test public void getAttributesFirst() { given(this.matcher1.matches(this.message)).willReturn(true); - assertThat(this.source.getAttributes(this.message)).containsOnly(this.config1); } @Test public void getAttributesSecond() { given(this.matcher1.matches(this.message)).willReturn(true); - assertThat(this.source.getAttributes(this.message)).containsOnly(this.config2); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java index 43656244ad..c11683c321 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java @@ -63,7 +63,6 @@ public class SecurityContextChannelInterceptorTests { this.messageBuilder = MessageBuilder.withPayload("payload"); this.expectedAnonymous = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); - this.interceptor = new SecurityContextChannelInterceptor(); } @@ -82,18 +81,14 @@ public class SecurityContextChannelInterceptorTests { String headerName = "header"; this.interceptor = new SecurityContextChannelInterceptor(headerName); this.messageBuilder.setHeader(headerName, this.authentication); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @Test public void preSendUserSet() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @@ -107,9 +102,7 @@ public class SecurityContextChannelInterceptorTests { this.expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous", AuthorityUtils.createAuthorityList("ROLE_CUSTOM")); this.interceptor.setAnonymousAuthentication(this.expectedAnonymous); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -117,9 +110,7 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotAuthentication() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -127,7 +118,6 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotSet() { this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -135,32 +125,26 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotSetCustomAnonymous() { this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @Test public void afterSendCompletion() { SecurityContextHolder.getContext().setAuthentication(this.authentication); - this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void afterSendCompletionNullAuthentication() { this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void beforeHandleUserSet() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); - this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @@ -168,9 +152,7 @@ public class SecurityContextChannelInterceptorTests { @Test public void beforeHandleUserNotAuthentication() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal); - this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertAnonymous(); } @@ -178,23 +160,19 @@ public class SecurityContextChannelInterceptorTests { @Test public void beforeHandleUserNotSet() { this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertAnonymous(); } @Test public void afterMessageHandledUserNotSet() { this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void afterMessageHandled() { SecurityContextHolder.getContext().setAuthentication(this.authentication); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -203,14 +181,10 @@ public class SecurityContextChannelInterceptorTests { public void restoresOriginalContext() { TestingAuthenticationToken original = new TestingAuthenticationToken("original", "original", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(original); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(original); } @@ -222,35 +196,25 @@ public class SecurityContextChannelInterceptorTests { public void restoresOriginalContextNestedThreeDeep() { AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_USER")); - TestingAuthenticationToken origional = new TestingAuthenticationToken("original", "origional", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(origional); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); - // start send websocket this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo(anonymous.getName()); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); // end send websocket - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(origional); } private void assertAnonymous() { Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); assertThat(currentAuthentication).isInstanceOf(AnonymousAuthenticationToken.class); - AnonymousAuthenticationToken anonymous = (AnonymousAuthenticationToken) currentAuthentication; assertThat(anonymous.getName()).isEqualTo(this.expectedAnonymous.getName()); assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(this.expectedAnonymous.getAuthorities()); diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java index a22a63ee0a..f7e259aeed 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java +++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java @@ -265,17 +265,14 @@ public final class ResolvableMethod { factory.addAdvice(interceptor); return (T) factory.getProxy(); } - else { Enhancer enhancer = new Enhancer(); enhancer.setSuperclass(type); enhancer.setInterfaces(new Class[] { Supplier.class }); enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE); enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class); - Class proxyClass = enhancer.createClass(); Object proxy = null; - if (objenesis.isWorthTrying()) { try { proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache()); @@ -284,7 +281,6 @@ public final class ResolvableMethod { logger.debug("Objenesis failed, falling back to default constructor", ex); } } - if (proxy == null) { try { proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance(); @@ -295,7 +291,6 @@ public final class ResolvableMethod { ex); } } - ((Factory) proxy).setCallbacks(new Callback[] { interceptor }); return (T) proxy; } @@ -440,7 +435,6 @@ public final class ResolvableMethod { } // Build & resolve shortcuts... - /** * Resolve and return the {@code Method} equivalent to: *

@@ -489,7 +483,6 @@ public final class ResolvableMethod { */ public MethodParameter resolveReturnType(Class returnType, ResolvableType generic, ResolvableType... generics) { - return returning(returnType, generic, generics).method().returnType(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java index dd740ed3c2..368b50d839 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java @@ -79,7 +79,6 @@ public class AndMessageMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new AndMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -88,7 +87,6 @@ public class AndMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(true); given(this.delegate2.matches(this.message)).willReturn(true); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -96,7 +94,6 @@ public class AndMessageMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -104,7 +101,6 @@ public class AndMessageMatcherTests { public void matchesMultiBothFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -113,7 +109,6 @@ public class AndMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(true); given(this.delegate2.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java index 157dd8c772..51aa9f3040 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java @@ -79,7 +79,6 @@ public class OrMessageMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -87,7 +86,6 @@ public class OrMessageMatcherTests { public void matchesMultiTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -95,7 +93,6 @@ public class OrMessageMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new OrMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -104,7 +101,6 @@ public class OrMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(false); given(this.delegate2.matches(this.message)).willReturn(false); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -112,7 +108,6 @@ public class OrMessageMatcherTests { public void matchesMultiSingleFalse() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java index ed1ed3d9fc..9161a95ff8 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java @@ -59,74 +59,59 @@ public class SimpDestinationMessageMatcherTests { @Test public void matchesAllWithDestination() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesSpecificWithDestination() { this.matcher = new SimpDestinationMessageMatcher("/destination/1"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesFalseWithDestination() { this.matcher = new SimpDestinationMessageMatcher("/nomatch"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse(); } @Test public void matchesFalseMessageTypeNotDisconnectType() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT); - assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse(); } @Test public void matchesTrueMessageType() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesTrueSubscribeType() { this.matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesNullMessageType() { this.matcher = new SimpDestinationMessageMatcher("/match"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void extractPathVariablesFromDestination() { this.matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.extractPathVariables(this.messageBuilder.build()).get("topic")).isEqualTo("someTopic"); } @@ -139,11 +124,8 @@ public class SimpDestinationMessageMatcherTests { @Test public void typeConstructorParameterIsTransmitted() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - MessageMatcher expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE); - assertThat(this.matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher); - } } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java index 08b727f0fe..c6f6b72b7d 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java @@ -44,7 +44,6 @@ public class SimpMessageTypeMatcherTests { public void matchesMessageMessageTrue() { Message message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build(); - assertThat(this.matcher.matches(message)).isTrue(); } @@ -52,14 +51,12 @@ public class SimpMessageTypeMatcherTests { public void matchesMessageConnectFalse() { Message message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build(); - assertThat(this.matcher.matches(message)).isFalse(); } @Test public void matchesMessageNullFalse() { Message message = MessageBuilder.withPayload("Hi").build(); - assertThat(this.matcher.matches(message)).isFalse(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java index 9ec31982c2..f7d1e6d76c 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java @@ -51,7 +51,6 @@ public class CsrfChannelInterceptorTests { public void setup() { this.token = new DefaultCsrfToken("header", "param", "token"); this.interceptor = new CsrfChannelInterceptor(); - this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken()); this.messageHeaders.setSessionAttributes(new HashMap<>()); @@ -66,84 +65,72 @@ public class CsrfChannelInterceptorTests { @Test public void preSendIgnoresConnectAck() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT_ACK); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresDisconnect() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresDisconnectAck() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT_ACK); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresHeartbeat() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.HEARTBEAT); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresMessage() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.MESSAGE); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresOther() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.OTHER); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresSubscribe() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.SUBSCRIBE); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresUnsubscribe() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.UNSUBSCRIBE); - this.interceptor.preSend(message(), this.channel); } @Test(expected = InvalidCsrfTokenException.class) public void preSendNoToken() { this.messageHeaders.removeNativeHeader(this.token.getHeaderName()); - this.interceptor.preSend(message(), this.channel); } @Test(expected = InvalidCsrfTokenException.class) public void preSendInvalidToken() { this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid"); - this.interceptor.preSend(message(), this.channel); } @Test(expected = MissingCsrfTokenException.class) public void preSendMissingToken() { this.messageHeaders.getSessionAttributes().clear(); - this.interceptor.preSend(message(), this.channel); } @Test(expected = MissingCsrfTokenException.class) public void preSendMissingTokenNullSessionAttributes() { this.messageHeaders.setSessionAttributes(null); - this.interceptor.preSend(message(), this.channel); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java index 04e511db7f..b92390fecd 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java @@ -60,14 +60,12 @@ public class CsrfTokenHandshakeInterceptorTests { this.httpRequest = new MockHttpServletRequest(); this.attributes = new HashMap<>(); this.request = new ServletServerHttpRequest(this.httpRequest); - this.interceptor = new CsrfTokenHandshakeInterceptor(); } @Test public void beforeHandshakeNoAttribute() throws Exception { this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes); - assertThat(this.attributes).isEmpty(); } @@ -75,9 +73,7 @@ public class CsrfTokenHandshakeInterceptorTests { public void beforeHandshake() throws Exception { CsrfToken token = new DefaultCsrfToken("header", "param", "token"); this.httpRequest.setAttribute(CsrfToken.class.getName(), token); - this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes); - assertThat(this.attributes.keySet()).containsOnly(CsrfToken.class.getName()); assertThat(this.attributes.values()).containsOnly(token); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java index 5de8cb739c..bb777ce820 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java @@ -61,7 +61,6 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() { ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientCredentialsClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java index b64751f885..190af59bc3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java @@ -61,7 +61,6 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() { ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientCredentialsClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java index 8959d18c38..8de4368877 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java @@ -166,20 +166,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -190,23 +186,18 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal), any()); @@ -220,26 +211,20 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { .willReturn(this.clientRegistration); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).willReturn(this.authorizedClient); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -252,15 +237,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -271,22 +253,17 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -298,20 +275,15 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); @@ -321,7 +293,6 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -333,16 +304,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -353,16 +320,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verifyNoInteractions(this.authorizedClientService); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java index 857ed535a1..aafb30ec73 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java @@ -155,7 +155,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { given(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(Mono.empty()); StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest)) .verifyError(IllegalArgumentException.class); - } @SuppressWarnings("unchecked") @@ -164,23 +163,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty()); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), eq(this.principal)); } @@ -190,27 +184,20 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -221,31 +208,23 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationSuccessHandler( (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); - Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationSuccessHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -255,30 +234,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName())); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -289,30 +260,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName())); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -323,30 +286,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } @@ -355,29 +310,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } @@ -386,33 +333,24 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationFailureHandler( (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationFailureHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -425,27 +363,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -458,16 +390,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), eq(this.principal)); } @@ -477,24 +406,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -505,24 +428,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); - this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); @@ -532,7 +449,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java index 4cc00ed3f7..3fd7402466 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java @@ -96,7 +96,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -106,11 +105,9 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -124,14 +121,11 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -141,7 +135,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -157,19 +150,14 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java index 32ba665c88..b6014bf6c4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java @@ -97,7 +97,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -107,11 +106,9 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -125,14 +122,11 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -142,7 +136,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -158,20 +151,15 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java index ae155f6966..cd86c5d416 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java @@ -61,10 +61,8 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizedClientProvider authorizedClientProvider = mock(OAuth2AuthorizedClientProvider.class); given(authorizedClientProvider.authorize(any())).willReturn(authorizedClient); - DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class), authorizedClientProvider); @@ -79,7 +77,6 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) .principal(new TestingAuthenticationToken("principal", "password")).build(); - DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class)); assertThat(delegate.authorize(context)).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java index a9f81cf137..802465922c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java @@ -62,7 +62,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes()); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty()); @@ -72,7 +71,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider3.authorize(any())).willReturn(Mono.just(authorizedClient)); - DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) @@ -86,14 +84,12 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) .principal(new TestingAuthenticationToken("principal", "password")).build(); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty()); ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty()); - DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( authorizedClientProvider1, authorizedClientProvider2); assertThat(delegate.authorize(context).block()).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java index d86f847cbf..17288536a1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java @@ -73,13 +73,11 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test public void constructorWhenAuthorizedClientsProvidedThenUseProvidedAuthorizedClients() { String registrationId = this.registration3.getRegistrationId(); - Map authorizedClients = Collections.singletonMap( new OAuth2AuthorizedClientId(this.registration3.getRegistrationId(), this.principalName1), mock(OAuth2AuthorizedClient.class)); ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).willReturn(this.registration3); - InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService( clientRegistrationRepository, authorizedClients); assertThat((Object) authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1)) @@ -114,11 +112,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void loadAuthorizedClientWhenClientRegistrationFoundAndAssociatedToPrincipalThenReturnAuthorizedClient() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName1); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -138,11 +134,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenSavedThenCanLoad() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName2); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration3, this.principalName2, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -162,18 +156,14 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void removeAuthorizedClientWhenSavedThenRemoved() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName2); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName2, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNotNull(); - this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); - loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java index d782405489..6855cd5846 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java @@ -139,7 +139,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { Mono saveAndLoad = this.authorizedClientService .saveAuthorizedClient(authorizedClient, this.principal) .then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndLoad).expectNext(authorizedClient).verifyComplete(); } @@ -198,7 +197,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { Mono saveAndDeleteAndLoad = this.authorizedClientService .saveAuthorizedClient(authorizedClient, this.principal).then(this.authorizedClientService .removeAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndDeleteAndLoad).verifyComplete(); } @@ -213,7 +211,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { .then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName)) .then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndDeleteAndLoad).verifyComplete(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java index d2d2931620..49b7fbb3fa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java @@ -150,12 +150,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void loadAuthorizedClientWhenExistsThenReturnAuthorizedClient() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -179,9 +176,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(null); Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - assertThatThrownBy(() -> this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName())) .isInstanceOf(DataRetrievalFailureException.class) @@ -192,7 +187,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Test public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { Authentication principal = createPrincipal(); - assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) .isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null"); } @@ -201,7 +195,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenPrincipalIsNullThenThrowIllegalArgumentException() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) .isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null"); } @@ -210,12 +203,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenSaveThenLoadReturnsSaved() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -232,16 +222,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { .isEqualTo(expected.getRefreshToken().getTokenValue()); assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); - // Test save/load of NOT NULL attributes only principal = createPrincipal(); expected = createAuthorizedClient(principal, this.clientRegistration, true); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -263,15 +249,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); - // When a client with the same principal and registration id is saved OAuth2AuthorizedClient updatedClient = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(updatedClient, principal); - // Then the saved client is updated OAuth2AuthorizedClient savedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(savedClient).isNotNull(); assertThat(savedClient.getClientRegistration()).isEqualTo(updatedClient.getClientRegistration()); assertThat(savedClient.getPrincipalName()).isEqualTo(updatedClient.getPrincipalName()); @@ -299,14 +282,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests { JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper authorizedClientParametersMapper = spy( new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper()); this.authorizedClientService.setAuthorizedClientParametersMapper(authorizedClientParametersMapper); - Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - verify(authorizedClientRowMapper).mapRow(any(), anyInt()); verify(authorizedClientParametersMapper).apply(any()); } @@ -328,16 +308,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void removeAuthorizedClientWhenExistsThenRemoved() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); - this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); @@ -347,19 +323,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void tableDefinitionWhenCustomThenAbleToOverride() { CustomTableDefinitionJdbcOAuth2AuthorizedClientService customAuthorizedClientService = new CustomTableDefinitionJdbcOAuth2AuthorizedClientService( new JdbcTemplate(createDb("custom-oauth2-client-schema.sql")), this.clientRegistrationRepository); - Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - customAuthorizedClientService.saveAuthorizedClient(authorizedClient, principal); - authorizedClient = customAuthorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); - customAuthorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - authorizedClient = customAuthorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); @@ -473,7 +444,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { "The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, " + "however, it was not found in the ClientRegistrationRepository."); } - OAuth2AccessToken.TokenType tokenType = null; if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("accessTokenType"))) { tokenType = OAuth2AccessToken.TokenType.BEARER; @@ -488,7 +458,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { } OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt, scopes); - OAuth2RefreshToken refreshToken = null; byte[] refreshTokenValue = rs.getBytes("refreshTokenValue"); if (refreshTokenValue != null) { @@ -500,9 +469,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { } refreshToken = new OAuth2RefreshToken(tokenValue, issuedAt); } - String principalName = rs.getString("principalName"); - return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java index 5d2d0c8418..cf348d52cd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java @@ -78,7 +78,6 @@ public class OAuth2AuthorizeRequestTests { attrs.put("name1", "value1"); attrs.put("name2", "value2"); }).build(); - assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal); @@ -92,7 +91,6 @@ public class OAuth2AuthorizeRequestTests { attrs.put("name1", "value1"); attrs.put("name2", "value2"); }).build(); - assertThat(authorizeRequest.getClientRegistrationId()) .isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isEqualTo(this.authorizedClient); @@ -105,7 +103,6 @@ public class OAuth2AuthorizeRequestTests { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal("principalName") .build(); - assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal().getName()).isEqualTo("principalName"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java index fae43f8872..c1639e420c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java @@ -90,7 +90,6 @@ public class OAuth2AuthorizedClientProviderBuilderTests { public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .authorizationCode().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal) .build(); @@ -104,15 +103,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .refreshToken( (configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) .build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -123,12 +119,10 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .clientCredentials( (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) .build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -138,13 +132,11 @@ public class OAuth2AuthorizedClientProviderBuilderTests { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) .build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -159,44 +151,35 @@ public class OAuth2AuthorizedClientProviderBuilderTests { (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) .build(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - // authorization_code OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext)) .isInstanceOf(ClientAuthorizationRequiredException.class); - // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext); - assertThat(reauthorizedClient).isNotNull(); verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); - // client_credentials OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal) .build(); authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); - // password OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); authorizedClient = authorizedClientProvider.authorize(passwordContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); @@ -205,15 +188,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @Test public void buildWhenCustomProviderThenProviderCalled() { OAuth2AuthorizedClientProvider customProvider = mock(OAuth2AuthorizedClientProvider.class); - OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .provider(customProvider).build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal) .build(); authorizedClientProvider.authorize(authorizationContext); - verify(customProvider).authorize(any(OAuth2AuthorizationContext.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java index 8e5e4a8a9f..a91d541770 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java @@ -65,7 +65,6 @@ public class OAuth2AuthorizedClientTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken); - assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isEqualTo(this.accessToken); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java index 3f74f56885..8ded488091 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java @@ -96,7 +96,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotPasswordThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -124,13 +123,11 @@ public class PasswordOAuth2AuthorizedClientProviderTests { public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -144,21 +141,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests { "access-token-expired", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); // without refresh token - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); - } @Test @@ -171,7 +164,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests { this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with // refresh // token - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") @@ -191,22 +183,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); // without refresh // token - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java index e1803063c8..53f11ad2db 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java @@ -97,7 +97,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotPasswordThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -125,13 +124,11 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -145,21 +142,17 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { "access-token-expired", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); // without refresh token - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); - } @Test @@ -172,7 +165,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with // refresh // token - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") @@ -192,23 +184,18 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); // without refresh // token - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java index 12d2d4bb63..a43dba1211 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java @@ -81,7 +81,6 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() { ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().authorizationCode().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block()) @@ -93,21 +92,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().refreshToken().build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(reauthorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); @@ -118,20 +111,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build()) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); @@ -142,21 +130,16 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().password().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration( this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build()) .principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); @@ -169,47 +152,35 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().authorizationCode().refreshToken().clientCredentials().password().build(); - // authorization_code OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block()) .isInstanceOf(ClientAuthorizationRequiredException.class); - // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext).block(); - assertThat(reauthorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); - // client_credentials OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build()) .principal(this.principal).build(); authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - recordedRequest = this.server.takeRequest(); formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); - // password OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext .withClientRegistration( @@ -217,11 +188,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { .principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); authorizedClient = authorizedClientProvider.authorize(passwordContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(3); - recordedRequest = this.server.takeRequest(); formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); @@ -231,14 +199,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { public void buildWhenCustomProviderThenProviderCalled() { ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class); given(customProvider.authorize(any())).willReturn(Mono.empty()); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().provider(customProvider).build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); authorizedClientProvider.authorize(authorizationContext).block(); - verify(customProvider).authorize(any(OAuth2AuthorizationContext.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java index e78a1d9898..ee63d83c36 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java @@ -117,7 +117,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -127,7 +126,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -139,7 +137,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); Instant expiresAt = now.minus(Duration.ofMinutes(1)); @@ -147,16 +144,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken()); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -168,12 +161,9 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -185,14 +175,11 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - String[] requestScope = new String[] { "read", "write" }; OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build(); - this.authorizedClientProvider.authorize(authorizationContext); - ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); @@ -206,7 +193,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build(); - assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)) .isInstanceOf(IllegalArgumentException.class) .hasMessageStartingWith("The context attribute must be of type String[] '" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java index 06f9e27527..07dcd2b7a1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java @@ -118,7 +118,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -128,7 +127,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -140,7 +138,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); Instant expiresAt = now.minus(Duration.ofMinutes(1)); @@ -148,17 +145,13 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken()); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -170,13 +163,10 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -188,14 +178,11 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - String[] requestScope = new String[] { "read", "write" }; OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build(); - this.authorizedClientProvider.authorize(authorizationContext).block(); - ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); @@ -209,7 +196,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build(); - assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()) .isInstanceOf(IllegalArgumentException.class) .hasMessageStartingWith("The context attribute must be of type String[] '" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java index a2dfa39428..c250c84f06 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java @@ -72,7 +72,6 @@ public class OAuth2AuthenticationTokenTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(this.principal, this.authorities, this.authorizedClientRegistrationId); - assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(this.authorities); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 3d82ba7717..251dbb8fc9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -84,7 +84,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - assertThatThrownBy(() -> this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) .isInstanceOf(OAuth2AuthorizationException.class) @@ -97,7 +96,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - assertThatThrownBy(() -> this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) .isInstanceOf(OAuth2AuthorizationException.class) @@ -109,13 +107,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("refresh").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider .authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authenticationResult.isAuthenticated()).isTrue(); assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authenticationResult.getCredentials()) @@ -133,18 +129,14 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .additionalParameters(additionalParameters).build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); - OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider .authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication.getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java index f3d4a0900e..c93b774a3c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java @@ -69,7 +69,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange); - assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authentication.getCredentials()) .isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode()); @@ -103,7 +102,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange, this.accessToken); - assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authentication.getCredentials()).isEqualTo(this.accessToken.getTokenValue()); assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java index 1e956bd75d..459ac5c5b9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java @@ -82,18 +82,14 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { @Test public void authenticateWhenValidThenSuccess() { given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(this.tokenResponse.build())); - OAuth2AuthorizationCodeAuthenticationToken result = authenticate(); - assertThat(result).isNotNull(); } @Test public void authenticateWhenEmptyThenEmpty() { given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.empty()); - OAuth2AuthorizationCodeAuthenticationToken result = authenticate(); - assertThat(result).isNull(); } @@ -101,7 +97,6 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() { given(this.accessTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error")))); - assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java index 7833f2ab05..9d25859dfa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java @@ -125,10 +125,8 @@ public class OAuth2LoginAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication).isNull(); } @@ -136,12 +134,10 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_REQUEST)); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -150,12 +146,10 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_state_parameter")); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890") .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -164,15 +158,12 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenLoginSuccessThenReturnAuthentication() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -187,21 +178,17 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -210,16 +197,13 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -230,11 +214,9 @@ public class OAuth2LoginAuthenticationProviderTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234") .additionalParameters(additionalParameters).build(); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java index 8a50f56c84..cb83eef68b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java @@ -76,7 +76,6 @@ public class OAuth2LoginAuthenticationTokenTests { public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange); - assertThat(authentication.getPrincipal()).isNull(); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList()); @@ -126,7 +125,6 @@ public class OAuth2LoginAuthenticationTokenTests { public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal, this.authorities, this.accessToken); - assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(this.authorities); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java index 977feff17d..9309ba2db3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java @@ -113,9 +113,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { // we didn't do anything because it should cause a ClassCastException (as verified // below) TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b"); - assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class); } @@ -157,10 +155,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) .block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -179,9 +175,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { Collections.singletonMap("user", "rob"), "user"); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); - this.manager.authenticate(loginToken()).block(); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -199,10 +193,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.manager.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) .block(); - assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java index 458ab5ab3e..9338e165b5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java @@ -98,25 +98,19 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=authorization_code"); assertThat(formParameters).contains("code=code-1234"); assertThat(formParameters).contains("redirect_uri=https%3A%2F%2Fclient.com%2Fcallback%2Fclient-1"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -132,9 +126,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); } @@ -144,15 +136,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.from(this.clientRegistration) .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration)); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-1"); assertThat(formParameters).contains("client_secret=secret"); @@ -163,7 +151,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -175,7 +162,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -189,10 +175,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -202,10 +186,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"refresh_token\": \"refresh-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); } @@ -213,7 +195,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { String invalidTokenUri = "https://invalid-provider.com/oauth2/token"; ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build(); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest( clientRegistration))).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -228,7 +209,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -238,7 +218,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -246,7 +225,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java index e7c0cfd370..a7e28cf954 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java @@ -92,27 +92,20 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"scope\": \"read write\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -128,12 +121,9 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); } @@ -143,18 +133,13 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.from(this.clientRegistration) .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); - this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-1"); assertThat(formParameters).contains("client_secret=secret"); @@ -165,10 +150,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -180,10 +163,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -197,13 +178,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -212,13 +190,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); } @@ -226,10 +201,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { String invalidTokenUri = "https://invalid-provider.com/oauth2/token"; ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build(); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -243,10 +216,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -256,10 +227,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -267,10 +236,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java index 0f24023a2e..31e196cf00 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java @@ -93,29 +93,22 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); assertThat(formParameters).contains("password=password"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -129,17 +122,13 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -150,10 +139,8 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -167,16 +154,12 @@ public class DefaultPasswordTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -184,10 +167,8 @@ public class DefaultPasswordTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -195,10 +176,8 @@ public class DefaultPasswordTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java index d4f5b66239..a4cd6dd27d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java @@ -97,28 +97,21 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); assertThat(formParameters).contains("refresh_token=refresh-token"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -132,18 +125,13 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); - this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -154,10 +142,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -171,18 +157,14 @@ public class DefaultRefreshTokenTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -190,10 +172,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -201,10 +181,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java index 7f366ba058..a9bf107e9d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java @@ -75,7 +75,6 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" @@ -84,20 +83,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), this.authorizationExchange)); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -111,13 +104,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() { this.exception.expect(IllegalArgumentException.class); - String redirectUri = "http:\\example.com"; OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri(redirectUri).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); } @@ -125,10 +116,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenTokenUriMalformedThenThrowIllegalArgumentException() { this.exception.expect(IllegalArgumentException.class); - String tokenUri = "http:\\provider.com\\oauth2\\token"; this.clientRegistrationBuilder.tokenUri(tokenUri); - this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); } @@ -137,22 +126,17 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); - MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed - server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -165,10 +149,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { this.exception.expect(OAuth2AuthorizationException.class); - String tokenUri = "https://invalid-provider.com/oauth2/token"; this.clientRegistrationBuilder.tokenUri(tokenUri); - this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); } @@ -177,17 +159,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("unauthorized_client")); - MockWebServer server = new MockWebServer(); - String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setResponseCode(500).setBody(accessTokenErrorResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -202,15 +180,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("server_error")); - MockWebServer server = new MockWebServer(); - server.enqueue(new MockResponse().setResponseCode(500)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -225,19 +199,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); - MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; - server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -251,27 +220,21 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .scope("openid", "profile", "email", "address").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile"); } @@ -279,26 +242,20 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .scope("openid", "profile", "email", "address").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java index 5000346862..c75fc03315 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java @@ -74,19 +74,15 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { authorizationResponse); OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( clientRegistration, authorizationExchange); - RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); @@ -101,35 +97,27 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { public void convertWhenPkceGrantRequestValidThenConverts() { ClientRegistration clientRegistration = this.clientRegistrationBuilder.clientAuthenticationMethod(null) .clientSecret(null).build(); - Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); - Map additionalParameters = new HashMap<>(); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234"); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"); - OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.attributes(attributes) .additionalParameters(additionalParameters).build(); - OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBuilder.build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( clientRegistration, authorizationExchange); - RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull(); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java index 9771f072df..28c625f841 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java @@ -58,7 +58,6 @@ public class OAuth2AuthorizationCodeGrantRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( this.clientRegistration, this.authorizationExchange); - assertThat(authorizationCodeGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationCodeGrantRequest.getAuthorizationExchange()).isEqualTo(this.authorizationExchange); assertThat(authorizationCodeGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java index 4aa6632681..f5b402ed3e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java @@ -56,19 +56,15 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.clientCredentialsGrantRequest); - ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java index f0bc076c22..1bb619e9b1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java @@ -55,7 +55,6 @@ public class OAuth2ClientCredentialsGrantRequestTests { .clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT) .redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth") .clientName("Client 1").build(); - assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)) .isInstanceOf(IllegalArgumentException.class).hasMessage( "clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS"); @@ -65,7 +64,6 @@ public class OAuth2ClientCredentialsGrantRequestTests { public void constructorWhenValidParametersProvidedThenCreated() { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThat(clientCredentialsGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(clientCredentialsGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java index af4378312c..2032c722b0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java @@ -53,19 +53,15 @@ public class OAuth2PasswordGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.passwordGrantRequest); - ClientRegistration clientRegistration = this.passwordGrantRequest.getClientRegistration(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.PASSWORD.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java index c53b600a3a..60c53bdeda 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java @@ -58,20 +58,16 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.refreshTokenGrantRequest); - ClientRegistration clientRegistration = this.refreshTokenGrantRequest.getClientRegistration(); OAuth2RefreshToken refreshToken = this.refreshTokenGrantRequest.getRefreshToken(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index f2a2dba39e..f614700b0f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -63,9 +63,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - String tokenUri = this.server.url("/oauth2/token").toString(); - this.clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(tokenUri); } @@ -82,18 +80,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); String body = this.server.takeRequest().getBody().readUtf8(); - assertThat(body).isEqualTo( "grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D"); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -184,10 +177,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; - this.server.enqueue( jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -200,7 +191,6 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenErrorResponse = "{}"; this.server.enqueue( jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("server_error"); } @@ -209,9 +199,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_token_response"); } @@ -222,12 +210,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile"); } @@ -236,12 +221,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address"); } @@ -272,19 +254,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void setCustomWebClientThenCustomWebClientIsUsed() { WebClient customClient = mock(WebClient.class); given(customClient.post()).willReturn(WebClient.builder().build().post()); - this.tokenResponseClient.setWebClient(customClient); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()) .block(); - verify(customClient, atLeastOnce()).post(); } @@ -294,10 +271,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.tokenResponseClient.getTokenResponse(pkceAuthorizationCodeGrantRequest()).block(); String body = this.server.takeRequest().getBody().readUtf8(); - assertThat(body).isEqualTo( "grant_type=authorization_code&client_id=client-id&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D&code_verifier=code-verifier-1234"); } @@ -305,14 +280,11 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() { ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null) .build(); - Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); - Map additionalParameters = new HashMap<>(); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234"); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .clientId(registration.getClientId()).state("state") .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java index 46ce905b07..7e47b19533 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java @@ -56,7 +56,6 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - this.clientRegistration = TestClientRegistrations.clientCredentials() .tokenUri(this.server.url("/oauth2/token").uri().toASCIIString()); } @@ -74,11 +73,9 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + " \"scope\":\"create\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); RecordedRequest actualRequest = this.server.takeRequest(); String body = actualRequest.getUtf8Body(); - assertThat(response.getAccessToken()).isNotNull(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); @@ -92,13 +89,10 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { enqueueJson("{\n" + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + " \"scope\":\"create\"\n" + "}"); - OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); RecordedRequest actualRequest = this.server.takeRequest(); String body = actualRequest.getUtf8Body(); - assertThat(response.getAccessToken()).isNotNull(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); assertThat(body).isEqualTo( @@ -112,9 +106,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); - assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes()); } @@ -127,16 +119,13 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void setWebClientCustomThenCustomClientIsUsed() { WebClient customClient = mock(WebClient.class); given(customClient.post()).willReturn(WebClient.builder().build().post()); - this.client.setWebClient(customClient); ClientRegistration registration = this.clientRegistration.build(); enqueueJson("{\n" + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); - verify(customClient, atLeastOnce()).post(); } @@ -144,15 +133,12 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenInvalidResponse() throws WebClientResponseException { ClientRegistration registration = this.clientRegistration.build(); enqueueUnexpectedResponse(); - OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - assertThatThrownBy(() -> this.client.getTokenResponse(request).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) .hasMessageContaining("[invalid_token_response]") .hasMessageContaining("Empty OAuth 2.0 Access Token Response"); - } private void enqueueUnexpectedResponse() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java index a131e93910..a48a48505c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java @@ -85,30 +85,23 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) .block(); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); assertThat(formParameters).contains("password=password"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -122,17 +115,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -143,10 +132,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) @@ -161,17 +148,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) .block(); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -179,10 +162,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -192,10 +173,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java index 4599d702e6..47a5cdcd24 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java @@ -91,28 +91,21 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest).block(); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); assertThat(formParameters).contains("refresh_token=refresh-token"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -126,18 +119,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); - this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -148,10 +136,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[invalid_token_response]") .hasMessageContaining("An error occurred parsing the Access Token response") @@ -164,18 +150,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -183,10 +165,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -196,10 +176,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java index 10815a3cc6..6eeade77ca 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java @@ -38,9 +38,7 @@ public class OAuth2ErrorResponseErrorHandlerTests { public void handleErrorWhenErrorResponseBodyThenHandled() { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - assertThatThrownBy(() -> this.errorHandler.handleError(response)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessage("[unauthorized_client] The client is not authorized"); @@ -49,10 +47,8 @@ public class OAuth2ErrorResponseErrorHandlerTests { @Test public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() { String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\""; - MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST); response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader); - assertThatThrownBy(() -> this.errorHandler.handleError(response)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessage("[insufficient_scope] The access token expired"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java index 6bfcc4f2a9..e47de4a0a4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java @@ -51,7 +51,6 @@ public class OAuth2AuthenticationExceptionMixinTests { OAuth2AuthenticationException exception = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), "Authorization Request Not Found"); - String serializedJson = this.mapper.writeValueAsString(exception); String expected = asJson(exception); JSONAssert.assertEquals(expected, serializedJson, true); @@ -61,7 +60,6 @@ public class OAuth2AuthenticationExceptionMixinTests { public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { OAuth2AuthenticationException exception = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]")); - String serializedJson = this.mapper.writeValueAsString(exception); String expected = asJson(exception); JSONAssert.assertEquals(expected, serializedJson, true); @@ -79,13 +77,11 @@ public class OAuth2AuthenticationExceptionMixinTests { OAuth2AuthenticationException expected = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), "Authorization Request Not Found"); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class); assertThat(exception).isNotNull(); assertThat(exception.getCause()).isNull(); assertThat(exception.getMessage()).isEqualTo(expected.getMessage()); - OAuth2Error oauth2Error = exception.getError(); assertThat(oauth2Error).isNotNull(); assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); @@ -97,13 +93,11 @@ public class OAuth2AuthenticationExceptionMixinTests { public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { OAuth2AuthenticationException expected = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]")); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class); assertThat(exception).isNotNull(); assertThat(exception.getCause()).isNull(); assertThat(exception.getMessage()).isNull(); - OAuth2Error oauth2Error = exception.getError(); assertThat(oauth2Error).isNotNull(); assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java index 6e7583df26..ad7e4f5752 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java @@ -73,7 +73,6 @@ public class OAuth2AuthenticationTokenMixinTests { String expectedJson = asJson(authentication); String json = this.mapper.writeValueAsString(authentication); JSONAssert.assertEquals(expectedJson, json, true); - // OAuth2User authentication = TestOAuth2AuthenticationTokens.authenticated(); expectedJson = asJson(authentication); @@ -125,7 +124,6 @@ public class OAuth2AuthenticationTokenMixinTests { OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo(); OidcUserInfo userInfo = oidcUser.getUserInfo(); assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims()); - // OAuth2User expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated(); json = asJson(expectedAuthentication); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java index 2246bed695..531045c6e5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java @@ -127,7 +127,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { this.userService = mock(OAuth2UserService.class); this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, this.userService); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(this.accessTokenResponse); } @@ -166,10 +165,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication).isNull(); } @@ -177,12 +174,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE)); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() .errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -191,12 +186,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_state_parameter")); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012") .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -205,11 +198,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenTokenResponseDoesNotContainIdTokenThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_id_token")); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse .withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -218,9 +209,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenJwkSetUriNotSetThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_signature_verifier")); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().jwkSetUri(null).build(); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange)); } @@ -229,11 +218,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenIdTokenValidationErrorThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("[invalid_id_token] ID Token Validation Error")); - JwtDecoder jwtDecoder = mock(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error")); this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -242,7 +229,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenIdTokenInvalidNonceThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("[invalid_nonce]")); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://provider.com"); claims.put(IdTokenClaimNames.SUB, "subject1"); @@ -250,7 +236,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash"); this.setUpIdToken(claims); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -264,15 +249,12 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -292,21 +274,17 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -320,16 +298,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters()); } @@ -348,11 +323,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); - return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234") .additionalParameters(additionalParameters).build(); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index ceb35a8a25..cd1157c53b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -139,9 +139,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { // we didn't do anything because it should cause a ClassCastException (as verified // below) TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b"); - assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class); } @@ -172,10 +170,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error")); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block()) .isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("[invalid_id_token] ID Token Validation Error"); @@ -187,20 +183,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "sub"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash"); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]"); } @@ -212,16 +204,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.")) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.userService.loadUser(any())).willReturn(Mono.empty()); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); @@ -235,25 +224,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager .authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -266,25 +250,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .refreshToken("refresh-token").build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager .authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -301,25 +280,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { additionalParameters.put("param2", "value2"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId())); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - this.manager.authenticate(authorizationCodeAuthentication).block(); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -331,21 +305,17 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Collections.singletonList(clientRegistration.getClientId())); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) @@ -353,9 +323,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); this.manager.setAuthoritiesMapper(authoritiesMapper); - Authentication result = this.manager.authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java index 38ea444a74..c74a5fc23e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java @@ -146,14 +146,10 @@ public class OidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() { Function> customJwtValidatorFactory = mock(Function.class); this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwtValidatorFactory.apply(same(clientRegistration))) .willReturn(new OidcIdTokenValidator(clientRegistration)); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -161,13 +157,9 @@ public class OidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() { Function customJwsAlgorithmResolver = mock(Function.class); this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwsAlgorithmResolver).apply(same(clientRegistration)); } @@ -176,14 +168,10 @@ public class OidcIdTokenDecoderFactoryTests { Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java index 8f1023628b..9c6aa401ec 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java @@ -102,7 +102,6 @@ public class OidcIdTokenValidatorTests { * issuer in the ID Token, the validation must fail */ this.registration = this.registration.issuerUri("https://somethingelse.com"); - assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription) .allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS)); } @@ -114,7 +113,6 @@ public class OidcIdTokenValidatorTests { * in the ID Token, the validation must succeed */ this.registration = this.registration.issuerUri("https://example.com"); - assertThat(this.validateIdToken()).isEmpty(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java index 99d2525d1b..10a57382c1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java @@ -146,14 +146,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() { Function> customJwtValidatorFactory = mock(Function.class); this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwtValidatorFactory.apply(same(clientRegistration))) .willReturn(new OidcIdTokenValidator(clientRegistration)); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -161,13 +157,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() { Function customJwsAlgorithmResolver = mock(Function.class); this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwsAlgorithmResolver).apply(same(clientRegistration)); } @@ -176,14 +168,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java index 1d9af0f825..0289684cc6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java @@ -104,18 +104,14 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoUriNullThenUserInfoNotRetrieved() { this.registration.userInfoUri(null); - OidcUser user = this.userService.loadUser(userRequest()).block(); - assertThat(user.getUserInfo()).isNull(); } @Test public void loadUserWhenOAuth2UserEmptyThenNullUserInfo() { given(this.oauth2UserService.loadUser(any())).willReturn(Mono.empty()); - OidcUser user = this.userService.loadUser(userRequest()).block(); - assertThat(user.getUserInfo()).isNull(); } @@ -124,7 +120,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThatCode(() -> this.userService.loadUser(userRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -137,7 +132,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThatCode(() -> this.userService.loadUser(userRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -150,7 +144,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull(); } @@ -163,7 +156,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThat(this.userService.loadUser(userRequest()).block().getName()).isEqualTo("rob"); } @@ -175,18 +167,13 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - OidcUserRequest userRequest = userRequest(); - Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))) .willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters())); - this.userService.loadUser(userRequest).block().getUserInfo(); - verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration())); } @@ -196,7 +183,6 @@ public class OidcReactiveOAuth2UserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -210,7 +196,6 @@ public class OidcReactiveOAuth2UserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java index 973c8a150d..412a1ed786 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java @@ -82,7 +82,6 @@ public class OidcUserRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OidcUserRequest userRequest = new OidcUserRequest(this.clientRegistration, this.accessToken, this.idToken, this.additionalParameters); - assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken); assertThat(userRequest.getIdToken()).isEqualTo(this.idToken); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java index 79fc3ad856..045ac4a3f5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java @@ -52,21 +52,18 @@ public class OidcUserRequestUtilsTests { @Test public void shouldRetrieveUserInfoWhenNoUserInfoUriThenFalse() { this.registration.userInfoUri(null); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } @Test public void shouldRetrieveUserInfoWhenDifferentScopesThenFalse() { this.registration.scope("notintoken"); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } @Test public void shouldRetrieveUserInfoWhenNotAuthorizationCodeThenFalse() { this.registration.authorizationGrantType(AuthorizationGrantType.IMPLICIT); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java index 2517e8b4e5..73b0e8c68b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java @@ -90,14 +90,11 @@ public class OidcUserServiceTests { this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) .userNameAttributeName(StandardClaimNames.SUB); - this.accessToken = TestOAuth2AccessTokens.scopes(OidcScopes.OPENID, OidcScopes.PROFILE); - Map idTokenClaims = new HashMap<>(); idTokenClaims.put(IdTokenClaimNames.ISS, "https://provider.com"); idTokenClaims.put(IdTokenClaimNames.SUB, "subject1"); this.idToken = new OidcIdToken("access-token", Instant.MIN, Instant.MAX, idTokenClaims); - this.userService.setOauth2UserService(new DefaultOAuth2UserService()); } @@ -155,7 +152,6 @@ public class OidcUserServiceTests { ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user") .build(); this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNull(); @@ -168,14 +164,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.singleton("scope2")); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -188,14 +180,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.emptySet()); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -208,11 +196,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -224,14 +209,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - assertThat(user.getIdToken()).isNotNull(); assertThat(user.getUserInfo()).isNotNull(); assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6); @@ -243,7 +224,6 @@ public class OidcUserServiceTests { assertThat(user.getUserInfo().getFamilyName()).isEqualTo("last"); assertThat(user.getUserInfo().getPreferredUsername()).isEqualTo("user1"); assertThat(user.getUserInfo().getEmail()).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(3); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OidcUserAuthority.class); OidcUserAuthority userAuthority = (OidcUserAuthority) user.getAuthorities().iterator().next(); @@ -257,16 +237,12 @@ public class OidcUserServiceTests { public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_user_info_response")); - String userInfoResponse = "{\n" + " \"email\": \"full_name@provider.com\",\n" + " \"name\": \"full name\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userNameAttributeName(StandardClaimNames.EMAIL).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -274,14 +250,10 @@ public class OidcUserServiceTests { public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectNotSameAsIdTokenSubjectThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_user_info_response")); - String userInfoResponse = "{\n" + " \"sub\": \"other-subject\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -290,17 +262,13 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -309,13 +277,9 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -324,11 +288,8 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -338,15 +299,11 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userNameAttributeName(StandardClaimNames.EMAIL).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - assertThat(user.getName()).isEqualTo("user1@example.com"); } @@ -357,11 +314,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) .isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -374,11 +328,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); @@ -394,12 +345,9 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -414,20 +362,14 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters())); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } @@ -437,7 +379,6 @@ public class OidcUserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class); @@ -451,7 +392,6 @@ public class OidcUserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java index c55d019efe..a72c9059d6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java @@ -72,21 +72,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() throws IOException, ServletException { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token"); } @Test public void logoutWhenNotOAuth2AuthenticationThenDefaults() throws IOException, ServletException { Authentication token = mock(Authentication.class); - this.request.setUserPrincipal(token); this.handler.setDefaultTargetUrl("https://default"); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @@ -94,41 +90,32 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { public void logoutWhenNotOidcUserThenDefaults() throws IOException, ServletException { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.request.setUserPrincipal(token); this.handler.setDefaultTargetUrl("https://default"); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @Test public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() throws Exception { - ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration); OidcClientInitiatedLogoutSuccessHandler handler = new OidcClientInitiatedLogoutSuccessHandler(repository); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId()); - this.request.setUserPrincipal(token); handler.setDefaultTargetUrl("https://default"); handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @Test public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value")); this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue"); } @@ -136,7 +123,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { @Test public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); this.handler.setPostLogoutRedirectUri("{baseUrl}"); @@ -145,7 +131,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { this.request.setServerName("rp.example.org"); this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java index 21103b9cde..b0465c0dc6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java @@ -77,24 +77,19 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token"); } @Test public void logoutWhenNotOAuth2AuthenticationThenDefaults() { Authentication token = mock(Authentication.class); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setLogoutSuccessUrl(URI.create("https://default")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @@ -102,49 +97,37 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { public void logoutWhenNotOidcUserThenDefaults() { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setLogoutSuccessUrl(URI.create("https://default")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @Test public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() { - ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository( registration); OidcClientInitiatedServerLogoutSuccessHandler handler = new OidcClientInitiatedServerLogoutSuccessHandler( repository); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - handler.setLogoutSuccessUrl(URI.create("https://default")); handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @Test public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue"); } @@ -152,17 +135,14 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { @Test public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build(); given(this.exchange.getRequest()).willReturn(request); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setPostLogoutRedirectUri("{baseUrl}"); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo( "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java index db69a0ea48..f419a9c07f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java @@ -87,7 +87,6 @@ public class ClientRegistrationTests { .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).issuerUri(ISSUER_URI) .providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -274,7 +273,6 @@ public class ClientRegistrationTests { .authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI) .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT); @@ -345,7 +343,6 @@ public class ClientRegistrationTests { .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI) .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI) .jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(overriddenId); } @@ -355,7 +352,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(SCOPES.toArray(new String[0])) .tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -425,7 +421,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.PASSWORD).scope(SCOPES.toArray(new String[0])) .tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -483,7 +478,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(customGrantType).scope(SCOPES.toArray(new String[0])).tokenUri(TOKEN_URI) .clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -518,12 +512,10 @@ public class ClientRegistrationTests { assertThat(clientRegistration.getAuthorizationGrantType()).isEqualTo(updated.getAuthorizationGrantType()); assertThat(clientRegistration.getRedirectUri()).isEqualTo(updated.getRedirectUri()); assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes()); - ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails(); ClientRegistration.ProviderDetails updatedProviderDetails = updated.getProviderDetails(); assertThat(providerDetails.getAuthorizationUri()).isEqualTo(updatedProviderDetails.getAuthorizationUri()); assertThat(providerDetails.getTokenUri()).isEqualTo(updatedProviderDetails.getTokenUri()); - ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails .getUserInfoEndpoint(); @@ -532,12 +524,10 @@ public class ClientRegistrationTests { .isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod()); assertThat(userInfoEndpoint.getUserNameAttributeName()) .isEqualTo(updatedUserInfoEndpoint.getUserNameAttributeName()); - assertThat(providerDetails.getJwkSetUri()).isEqualTo(updatedProviderDetails.getJwkSetUri()); assertThat(providerDetails.getIssuerUri()).isEqualTo(updatedProviderDetails.getIssuerUri()); assertThat(providerDetails.getConfigurationMetadata()) .isEqualTo(updatedProviderDetails.getConfigurationMetadata()); - assertThat(clientRegistration.getClientName()).isEqualTo(updated.getClientName()); } @@ -547,7 +537,6 @@ public class ClientRegistrationTests { ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration) .clientSecret("a-new-secret").scope("a-new-scope") .providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build(); - assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret()); assertThat(updated.getClientSecret()).isEqualTo("a-new-secret"); assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java index 61dc4e954a..4fa404c5e6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java @@ -200,45 +200,35 @@ public class ClientRegistrationsTests { @Test public void issuerWhenScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenOidcFallbackScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registrationOidcFallback("", null).build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenOAuth2ScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenGrantTypesSupportedNullThenDefaulted() throws Exception { this.response.remove("grant_types_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } @Test public void issuerWhenOAuth2GrantTypesSupportedNullThenDefaulted() throws Exception { this.response.remove("grant_types_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } @@ -249,7 +239,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenGrantTypesSupportedInvalidThenException() { this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]"); @@ -258,7 +247,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() { this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]"); @@ -267,54 +255,42 @@ public class ClientRegistrationsTests { @Test public void issuerWhenTokenEndpointAuthMethodsNullThenDefaulted() throws Exception { this.response.remove("token_endpoint_auth_methods_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsNullThenDefaulted() throws Exception { this.response.remove("token_endpoint_auth_methods_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC); } @Test public void issuerWhenTokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST); } @Test public void issuerWhenTokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none")); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none")); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE); } @@ -325,7 +301,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth")); - assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining( "Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]"); @@ -334,7 +309,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth")); - assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining( "Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" @@ -384,7 +358,6 @@ public class ClientRegistrationsTests { MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(mockResponse); - return ClientRegistrations.fromOidcIssuerLocation(this.issuer).clientId("client-id") .clientSecret("client-secret"); } @@ -394,7 +367,6 @@ public class ClientRegistrationsTests { this.response.put("issuer", this.issuer); this.issuer = this.server.url(path).toString(); final String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response); - final Dispatcher dispatcher = new Dispatcher() { @Override public MockResponse dispatch(RecordedRequest request) { @@ -406,9 +378,7 @@ public class ClientRegistrationsTests { return new MockResponse().setResponseCode(404); } }; - this.server.setDispatcher(dispatcher); - return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret"); } @@ -428,9 +398,7 @@ public class ClientRegistrationsTests { private ClientRegistration.Builder registrationOidcFallback(String path, String body) throws Exception { this.issuer = createIssuerFromServer(path); this.response.put("issuer", this.issuer); - String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response); - final Dispatcher dispatcher = new Dispatcher() { @Override public MockResponse dispatch(RecordedRequest request) { @@ -443,7 +411,6 @@ public class ClientRegistrationsTests { } }; this.server.setDispatcher(dispatcher); - return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java index 7a37f60f92..9d5e3fdd3a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java @@ -71,7 +71,6 @@ public class CustomUserTypesOAuth2UserServiceTests { String registrationId = "client-registration-id-1"; this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId); this.accessToken = TestOAuth2AccessTokens.noScopes(); - Map> customUserTypes = new HashMap<>(); customUserTypes.put(registrationId, CustomOAuth2User.class); this.userService = new CustomUserTypesOAuth2UserService(customUserTypes); @@ -116,7 +115,6 @@ public class CustomUserTypesOAuth2UserServiceTests { public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("other-client-registration-id-1").build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(user).isNull(); } @@ -126,20 +124,15 @@ public class CustomUserTypesOAuth2UserServiceTests { String userInfoResponse = "{\n" + " \"id\": \"12345\",\n" + " \"name\": \"first last\",\n" + " \"login\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); - assertThat(user.getName()).isEqualTo("first last"); assertThat(user.getAttributes().size()).isEqualTo(4); assertThat((String) user.getAttribute("id")).isEqualTo("12345"); assertThat((String) user.getAttribute("name")).isEqualTo("first last"); assertThat((String) user.getAttribute("login")).isEqualTo("user1"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next().getAuthority()).isEqualTo("ROLE_USER"); } @@ -149,16 +142,12 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"id\": \"12345\",\n" + " \"name\": \"first last\",\n" + " \"login\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -167,13 +156,9 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -182,11 +167,8 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java index cfb50cc055..43b8e3a7b0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java @@ -112,7 +112,6 @@ public class DefaultOAuth2UserServiceTests { public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_user_info_uri")); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -121,7 +120,6 @@ public class DefaultOAuth2UserServiceTests { public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_user_name_attribute")); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user") .build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); @@ -133,14 +131,10 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); - assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); assertThat((String) user.getAttribute("user-name")).isEqualTo("user1"); @@ -149,7 +143,6 @@ public class DefaultOAuth2UserServiceTests { assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle"); assertThat((String) user.getAttribute("address")).isEqualTo("address"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class); OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next(); @@ -162,18 +155,14 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"user-name\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -184,19 +173,14 @@ public class DefaultOAuth2UserServiceTests { "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); this.exception.expectMessage( containsString("Error Code: insufficient_scope, Error Description: The access token expired")); - String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\""; - MockResponse response = new MockResponse(); response.setHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader); response.setResponseCode(400); this.server.enqueue(response); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -206,15 +190,11 @@ public class DefaultOAuth2UserServiceTests { this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); this.exception.expectMessage(containsString("Error Code: invalid_token")); - String userInfoErrorResponse = "{\n" + " \"error\": \"invalid_token\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -223,14 +203,10 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -239,12 +215,9 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -255,12 +228,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) .isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -273,12 +243,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); @@ -294,12 +261,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -316,7 +280,6 @@ public class DefaultOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write")); OAuth2User user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -332,7 +295,6 @@ public class DefaultOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes()); OAuth2User user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -342,20 +304,16 @@ public class DefaultOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoSuccessResponseInvalidContentTypeThenThrowOAuth2AuthenticationException() { String userInfoUri = this.server.url("/user").toString(); - this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource " + "from '" + userInfoUri + "': response contains invalid content type 'text/plain'.")); - MockResponse response = new MockResponse(); response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); response.setBody("invalid content type"); this.server.enqueue(response); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java index 5476241816..fec781af6f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java @@ -77,9 +77,7 @@ public class DefaultReactiveOAuth2UserServiceTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - String userInfoUri = this.server.url("/user").toString(); - this.clientRegistration = TestClientRegistrations.clientRegistration().userInfoUri(userInfoUri); } @@ -97,7 +95,6 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { this.clientRegistration.userInfoUri(null); - StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri")) .verify(); @@ -106,7 +103,6 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() { this.clientRegistration.userNameAttributeName(null); - StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute")) .verify(); @@ -118,9 +114,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block(); - assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); assertThat((String) user.getAttribute("id")).isEqualTo("user1"); @@ -129,7 +123,6 @@ public class DefaultReactiveOAuth2UserServiceTests { assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle"); assertThat((String) user.getAttribute("address")).isEqualTo("address"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class); OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next(); @@ -145,9 +138,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - this.userService.loadUser(oauth2UserRequest()).block(); - RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -163,9 +154,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - this.userService.loadUser(oauth2UserRequest()).block(); - RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -180,7 +169,6 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed enqueueApplicationJsonBody(userInfoResponse); - assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response"); } @@ -189,7 +177,6 @@ public class DefaultReactiveOAuth2UserServiceTests { public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() { this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setResponseCode(500).setBody("{}")); - assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response"); } @@ -209,7 +196,6 @@ public class DefaultReactiveOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write")); OAuth2User user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -225,7 +211,6 @@ public class DefaultReactiveOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes()); OAuth2User user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -238,9 +223,7 @@ public class DefaultReactiveOAuth2UserServiceTests { response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); response.setBody("invalid content type"); this.server.enqueue(response); - OAuth2UserRequest userRequest = oauth2UserRequest(); - assertThatThrownBy(() -> this.userService.loadUser(userRequest).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '" @@ -258,7 +241,6 @@ public class DefaultReactiveOAuth2UserServiceTests { given(spec.retrieve()).willReturn(clientResponse); given(clientResponse.onStatus(any(Predicate.class), any(Function.class))).willReturn(clientResponse); given(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).willReturn(Mono.just(body)); - DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService(); userService.setWebClient(rest); return userService; @@ -269,7 +251,6 @@ public class DefaultReactiveOAuth2UserServiceTests { } private void enqueueApplicationJsonBody(String json) { - this.server.enqueue( new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java index 45eb7fcd4d..f259c60ddf 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java @@ -62,10 +62,8 @@ public class DelegatingOAuth2UserServiceTests { OAuth2UserService userService3 = mock(OAuth2UserService.class); OAuth2User mockUser = mock(OAuth2User.class); given(userService3.loadUser(any(OAuth2UserRequest.class))).willReturn(mockUser); - DelegatingOAuth2UserService delegatingUserService = new DelegatingOAuth2UserService<>( Arrays.asList(userService1, userService2, userService3)); - OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class)); assertThat(loadedUser).isEqualTo(mockUser); } @@ -76,10 +74,8 @@ public class DelegatingOAuth2UserServiceTests { OAuth2UserService userService1 = mock(OAuth2UserService.class); OAuth2UserService userService2 = mock(OAuth2UserService.class); OAuth2UserService userService3 = mock(OAuth2UserService.class); - DelegatingOAuth2UserService delegatingUserService = new DelegatingOAuth2UserService<>( Arrays.asList(userService1, userService2, userService3)); - OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class)); assertThat(loadedUser).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java index 61e80e7aad..a4f975736f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java @@ -49,13 +49,10 @@ public class OAuth2UserRequestEntityConverterTests { public void convertWhenAuthenticationMethodHeaderThenGetRequest() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken()); - RequestEntity requestEntity = this.converter.convert(userRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.GET); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)) @@ -68,18 +65,14 @@ public class OAuth2UserRequestEntityConverterTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken()); - RequestEntity requestEntity = this.converter.convert(userRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN)) .isEqualTo(userRequest.getAccessToken().getTokenValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java index 18edbf0661..85b13b8d83 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java @@ -77,7 +77,6 @@ public class OAuth2UserRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2UserRequest userRequest = new OAuth2UserRequest(this.clientRegistration, this.accessToken, this.additionalParameters); - assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken); assertThat(userRequest.getAdditionalParameters()).containsAllEntriesOf(this.additionalParameters); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index 832bce8902..ddcc33cc29 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -107,7 +107,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNull(); } @@ -120,9 +119,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setContent("foo".getBytes(StandardCharsets.UTF_8)); request.setCharacterEncoding(StandardCharsets.UTF_8.name()); HttpServletRequest spyRequest = Mockito.spy(request); - this.resolver.resolve(spyRequest); - Mockito.verify(spyRequest, Mockito.never()).getReader(); Mockito.verify(spyRequest, Mockito.never()).getInputStream(); Mockito.verify(spyRequest, Mockito.never()).getParameter(ArgumentMatchers.anyString()); @@ -138,7 +135,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { + "-invalid"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - assertThatThrownBy(() -> this.resolver.resolve(request)).isInstanceOf(IllegalArgumentException.class) .hasMessage( "Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid"); @@ -150,7 +146,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -178,7 +173,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest).isNotNull(); @@ -192,7 +186,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -206,7 +199,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServerPort(8080); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -221,7 +213,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(8081); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -236,7 +227,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("http"); request.setServerPort(80); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -251,7 +241,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(443); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -266,7 +255,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(-1); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -281,7 +269,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.setQueryString("foo=bar"); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -297,7 +284,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServerName("localhost"); request.setServerPort(80); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -314,7 +300,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServerName("example.com"); request.setServerPort(443); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -328,7 +313,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getAuthorizationRequestUri()) @@ -343,7 +327,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" @@ -358,7 +341,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.addParameter("action", "authorize"); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -373,7 +355,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.addParameter("action", "login"); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" @@ -387,7 +368,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -422,7 +402,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -456,11 +435,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver.setAuthorizationRequestCustomizer( (customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); @@ -477,13 +454,11 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver .setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> { uriBuilder.queryParam("param1", "value1"); return uriBuilder.build(); })); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -498,12 +473,10 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> { params.put("appid", params.get("client_id")); params.remove("client_id"); })); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()).matches( "https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java index 445dfa9fa6..4610f688c2 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java @@ -208,7 +208,6 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -216,15 +215,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any(), any()); @@ -235,10 +231,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -246,15 +240,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal), any()); @@ -269,13 +260,10 @@ public class DefaultOAuth2AuthorizedClientManagerTests { .willReturn(this.clientRegistration); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.request))).willReturn(this.authorizedClient); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -283,15 +271,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(any()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -303,10 +288,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -319,10 +302,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { } return contextAttributes; }); - this.request.addParameter(OAuth2ParameterNames.USERNAME, "username"); this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password"); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -330,9 +311,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME); assertThat(username).isEqualTo("username"); @@ -349,15 +328,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), @@ -369,25 +345,20 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -399,25 +370,19 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestParameterScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - // Override the mock with the default this.authorizedClientManager .setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write"); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); @@ -429,19 +394,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -452,19 +413,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verifyNoInteractions(this.authorizedClientRepository); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java index 0548e9fbff..a80ca4ee9d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java @@ -199,21 +199,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); this.loadAuthorizedClientProbe.assertWasSubscribed(); this.saveAuthorizedClientProbe.assertWasNotSubscribed(); @@ -226,21 +222,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -255,26 +247,20 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationSuccessHandler( (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); authorizationSuccessHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); @@ -286,30 +272,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange)); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -321,30 +300,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange)); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -356,30 +328,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); } @@ -389,29 +354,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); } @@ -421,33 +379,25 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationFailureHandler( (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationFailureHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); @@ -461,27 +411,21 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange))).willReturn(this.loadAuthorizedClientProbe.mono()); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(any()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -493,10 +437,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - // Set custom contextAttributesMapper capable of mapping the form parameters this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> currentServerWebExchange() .flatMap(ServerWebExchange::getFormData).map((formData) -> { @@ -507,19 +449,15 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password); return contextAttributes; })); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) .build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME); assertThat(username).isEqualTo("username"); @@ -534,15 +472,12 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); this.saveAuthorizedClientProbe.assertWasNotSubscribed(); } @@ -552,23 +487,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -580,24 +510,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestParameterScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - this.serverWebExchange = MockServerWebExchange .builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")).build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); this.authorizedClientManager.authorize(reauthorizeRequest).subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java index 36fca1a6f2..c28af93daa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java @@ -53,7 +53,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(authorizationRequest).isNull(); } @@ -61,14 +60,11 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void loadAuthorizationRequestWhenSavedThenReturnAuthorizationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -77,30 +73,24 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void loadAuthorizationRequestWhenMultipleSavedThenReturnMatchingAuthorizationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - String state1 = "state-1122"; OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().state(state1).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request, response); - String state2 = "state-3344"; OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().state(state2).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request, response); - String state3 = "state-5566"; OAuth2AuthorizationRequest authorizationRequest3 = createAuthorizationRequest().state(state3).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response); - request.addParameter(OAuth2ParameterNames.STATE, state1); OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest1).isEqualTo(authorizationRequest1); - request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state2); OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest2).isEqualTo(authorizationRequest2); - request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state3); OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository @@ -111,18 +101,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void loadAuthorizationRequestWhenSavedAndStateParameterNullThenReturnNull() { MockHttpServletRequest request = new MockHttpServletRequest(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull(); } @Test public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class); } @@ -130,7 +117,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class); } @@ -146,15 +132,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void saveAuthorizationRequestWhenNotNullThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -162,15 +145,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void saveAuthorizationRequestWhenNoExistingSessionAndDistributedSessionThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockDistributedHttpSession()); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -178,19 +158,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void saveAuthorizationRequestWhenExistingSessionAndDistributedSessionThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockDistributedHttpSession()); - OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request, new MockHttpServletResponse()); - OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest2.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest2); } @@ -224,17 +200,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenSavedThenRemoved() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(removedAuthorizationRequest).isNotNull(); assertThat(loadedAuthorizationRequest).isNull(); } @@ -244,18 +216,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenSavedThenRemovedFromSession() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); - String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; - assertThat(removedAuthorizationRequest).isNotNull(); assertThat(request.getSession().getAttribute(sessionAttributeName)).isNull(); } @@ -264,12 +231,9 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenNotSavedThenNotRemoved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); - MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); - assertThat(removedAuthorizationRequest).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java index 34967f442e..7cf152bdbd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java @@ -92,7 +92,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -135,10 +134,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); - HttpSession session = this.request.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); @@ -181,10 +178,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response); - // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient1).isNotNull(); @@ -214,7 +209,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); - HttpSession session = this.request.getSession(false); assertThat(session).isNotNull(); assertThat(session @@ -227,13 +221,10 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response); - OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.request, this.response); - this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.request); assertThat(loadedAuthorizedClient2).isNotNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java index 4977086d0b..b77b743985 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java @@ -157,9 +157,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { // parameter. MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -169,9 +167,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -184,9 +180,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); authorizationResponse.setRequestURI(requestUri + "-no-match"); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -206,7 +200,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); this.filter.doFilter(authorizationResponse, response, filterChain); verifyNoInteractions(filterChain); - // 2) redirect_uri with query parameters AND authorization response additional // parameters Map additionalParameters = new LinkedHashMap<>(); @@ -231,7 +224,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); FilterChain filterChain = mock(FilterChain.class); - // 1) Parameter value Map parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.put("param2", "value8"); @@ -240,7 +232,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { authorizationResponse.setSession(authorizationRequest.getSession()); this.filter.doFilter(authorizationResponse, response, filterChain); verify(filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // 2) Parameter order parametersNotMatch = new LinkedHashMap<>(); parametersNotMatch.put("param2", "value2"); @@ -249,7 +240,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { authorizationResponse.setSession(authorizationRequest.getSession()); this.filter.doFilter(authorizationResponse, response, filterChain); verify(filterChain, times(2)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // 3) Parameter missing parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.remove("param2"); @@ -267,9 +257,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(authorizationResponse)).isNull(); } @@ -280,13 +268,10 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); - OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT); given(this.authenticationManager.authenticate(any(Authentication.class))) .willThrow(new OAuth2AuthorizationException(error)); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1?error=invalid_grant"); } @@ -298,9 +283,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(authorizedClient).isNotNull(); @@ -318,9 +301,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1"); } @@ -338,9 +319,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(request, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(request, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); } @@ -349,19 +328,14 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - RequestCache requestCache = spy(HttpSessionRequestCache.class); this.filter.setRequestCache(requestCache); - authorizationRequest.setRequestURI("/saved-request"); requestCache.saveRequest(authorizationRequest, response); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); } @@ -374,26 +348,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(anonymousPrincipal); SecurityContextHolder.setContext(securityContext); - MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient( this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo(anonymousPrincipal.getName()); assertThat(authorizedClient.getAccessToken()).isNotNull(); - HttpSession session = authorizationResponse.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); @@ -407,26 +376,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests { throws Exception { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); SecurityContextHolder.setContext(securityContext); // null Authentication - MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser"); assertThat(authorizedClient.getAccessToken()).isNotNull(); - HttpSession session = authorizationResponse.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index c5e2ece886..26020004c6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -125,9 +125,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -139,11 +137,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value()); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); } @@ -156,11 +151,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); @@ -174,13 +166,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - AuthorizationRequestRepository authorizationRequestRepository = mock( AuthorizationRequestRepository.class); this.filter.setAuthorizationRequestRepository(authorizationRequestRepository); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(authorizationRequestRepository).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -194,11 +183,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=token&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/authorize/oauth2/implicit/registration-3"); @@ -212,13 +198,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - AuthorizationRequestRepository authorizationRequestRepository = mock( AuthorizationRequestRepository.class); this.filter.setAuthorizationRequestRepository(authorizationRequestRepository); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -229,17 +212,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { String authorizationRequestBaseUri = "/custom/authorization"; this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, authorizationRequestBaseUri); - String requestUri = authorizationRequestBaseUri + "/" + this.registration1.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); @@ -253,14 +232,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) .doFilter(any(ServletRequest.class), any(ServletResponse.class)); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); @@ -275,19 +250,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) .doFilter(any(ServletRequest.class), any(ServletResponse.class)); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - verifyZeroInteractions(filterChain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value()); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); } @@ -303,22 +272,17 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.addParameter("idp", "https://other.provider.com"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver( this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest .from(defaultAuthorizationRequestResolver.resolve(request)) .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build(); given(resolver.resolve(any())).willReturn(result); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id&" @@ -337,13 +301,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.addParameter(loginHintParamName, "user@provider.com"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver( this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); - OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request); Map additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters()); additionalParameters.put(loginHintParamName, request.getParameter(loginHintParamName)); @@ -355,13 +316,9 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))) .authorizationRequestUri(customAuthorizationRequestUri).build(); given(resolver.resolve(any())).willReturn(result); - OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 7237f3f046..2a783cc03e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -158,9 +158,7 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); verify(this.filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -174,17 +172,13 @@ public class OAuth2LoginAuthenticationFilterTests { // NOTE: // A valid Authorization Response contains either a 'code' or 'error' parameter. // Don't set it to force an invalid Authorization Response. - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -199,17 +193,13 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -226,10 +216,8 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found") .clientId("client-1").clientSecret("secret") .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) @@ -239,14 +227,11 @@ public class OAuth2LoginAuthenticationFilterTests { .userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1") .build(); this.setUpAuthorizationRequest(request, response, registrationNotFound, state); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -261,15 +246,11 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull(); } @@ -281,15 +262,11 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration1, state); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(request, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request); assertThat(authorizedClient).isNotNull(); @@ -305,22 +282,17 @@ public class OAuth2LoginAuthenticationFilterTests { this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, filterProcessesUrl)); this.filter.setAuthenticationManager(this.authenticationManager); - String requestUri = "/login/oauth2/custom/" + this.registration2.getRegistrationId(); String state = "state"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(this.filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -338,25 +310,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -375,25 +341,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -412,25 +372,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -445,17 +399,12 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class); given(this.authenticationDetailsSource.buildDetails(any())).willReturn(webAuthenticationDetails); - MockHttpServletResponse response = new MockHttpServletResponse(); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - Authentication result = this.filter.attemptAuthentication(request, response); - assertThat(result.getDetails()).isEqualTo(webAuthenticationDetails); } @@ -473,12 +422,10 @@ public class OAuth2LoginAuthenticationFilterTests { private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) { String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null) .replacePath(request.getContextPath()).build().toUriString(); - Map uriVariables = new HashMap<>(); uriVariables.put("baseUrl", baseUrl); uriVariables.put("action", "login"); uriVariables.put("registrationId", clientRegistration.getRegistrationId()); - return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables) .toUriString(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java index 04b820fe0c..73cb3d8cff 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java @@ -108,7 +108,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(this.authentication); SecurityContextHolder.setContext(securityContext); - this.registration1 = ClientRegistration.withRegistrationId("client1").clientId("client-1") .clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) @@ -268,24 +267,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests { this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(clientCredentialsAuthorizedClientProvider); this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); given(clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient", OAuth2AuthorizedClient.class); - OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration2); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken()); - verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -301,7 +295,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests { DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(passwordAuthorizedClientProvider); - // Set custom contextAttributesMapper authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -314,28 +307,21 @@ public class OAuth2AuthorizedClientArgumentResolverTests { } return contextAttributes; }); - this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); given(passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("passwordClient", OAuth2AuthorizedClient.class); - this.request.setParameter(OAuth2ParameterNames.USERNAME, "username"); this.request.setParameter(OAuth2ParameterNames.PASSWORD, "password"); - OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration3); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken()); - verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java index 041a5283d9..4d80f56666 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -92,7 +92,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { final ServerOAuth2AuthorizedClientRepository delegate = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository( new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository)); this.authorizedClientRepository = spy(new ServerOAuth2AuthorizedClientRepository() { - @Override public Mono loadAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { @@ -110,7 +109,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { ServerWebExchange exchange) { return delegate.removeAuthorizedClient(clientRegistrationId, principal, exchange); } - }); this.authorizedClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction( this.clientRegistrationRepository, this.authorizedClientRepository); @@ -135,21 +133,17 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -162,15 +156,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { String accessTokenResponse = "{\n" + " \"access_token\": \"refreshed-access-token\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -180,16 +171,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { this.authentication.getName(), accessToken, refreshToken); doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository).loadAuthorizedClient( eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -205,25 +193,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) .willReturn(Mono.just(clientRegistration1)); - // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) .willReturn(Mono.just(clientRegistration2)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration1.getRegistrationId())) @@ -234,9 +217,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { .retrieve().bodyToMono(String.class)) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(4); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -258,12 +239,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value())); this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write"); OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, @@ -271,29 +250,22 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository) .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - Mono requestMono = this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - // first try should fail, and remove the cached authorized client assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class, (e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED)); - assertThat(this.server.getRequestCount()).isEqualTo(1); - verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - // second try should retrieve the authorized client and succeed requestMono.block(); - assertThat(this.server.getRequestCount()).isEqualTo(3); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java index 3896a725ed..4f1905c770 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -209,9 +209,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -222,9 +220,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -237,9 +233,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .header(HttpHeaders.AUTHORIZATION, "Existing") .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } @@ -250,7 +244,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.just(accessTokenResponse)); - ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -258,20 +251,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", accessToken, null); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -285,19 +273,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenClientCredentialsTokenNotExpiredThenUseCurrentToken() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", this.accessToken, null); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -312,7 +296,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -320,27 +303,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(authentication), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -354,26 +331,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); - Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -388,12 +359,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -409,12 +377,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -425,27 +390,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenUnauthorizedThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -461,31 +419,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenUnauthorizedWithWebClientExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -501,27 +451,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenForbiddenThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -537,31 +480,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenForbiddenWithWebClientExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -577,18 +512,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenWWWAuthenticateHeaderIncludesErrorThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; @@ -596,14 +528,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE))) .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -622,31 +550,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizationExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null)); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()).isSameAs(exception); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) @@ -656,18 +576,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenOtherHttpStatusShouldNotInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any()); } @@ -675,16 +591,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); ClientRegistration registration = TestClientRegistrations.password().build(); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(Mono.just(registration)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), eq(authentication), any())).willReturn(Mono.empty()); - // Set custom contextAttributesMapper capable of mapping the form parameters this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName()); @@ -699,23 +612,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { return contextAttributes; }); }); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) .build(); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -736,12 +644,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(this.registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -758,12 +663,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -774,14 +676,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenClientRegistrationIdFromAuthenticationThenAuthorizedClientResolved() { this.function.setDefaultOAuth2AuthorizedClient(true); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), @@ -789,10 +689,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -803,18 +701,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenDefaultOAuth2AuthorizedClientFalseThenEmpty() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), "client-id"); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - verifyZeroInteractions(this.clientRegistrationRepository, this.authorizedClientRepository); } @@ -829,9 +723,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(this.registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(), eq(this.serverWebExchange)); } @@ -846,27 +738,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.clientRegistrationRepository, unauthenticatedAuthorizedClientRepository); this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.just(accessTokenResponse)); - ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(Mono.just(registration)); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).block(); - verify(unauthenticatedAuthorizedClientRepository).loadAuthorizedClient(any(), any(), any()); verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); verify(unauthenticatedAuthorizedClientRepository).saveAuthorizedClient(any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -891,7 +777,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { messageWriters.add(new FormHttpMessageWriter()); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes())); messageWriters.add(new MultipartHttpMessageWriter(messageWriters)); - BodyInserter.Context context = new BodyInserter.Context() { @Override public List> messageWriters() { @@ -908,7 +793,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { return new HashMap<>(); } }; - MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/"); request.body().insert(body, context).block(); return body.getBodyAsString().block(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java index 7bd2bab3ae..06d676acaa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -152,22 +152,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(clientRegistration); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -180,15 +175,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { String accessTokenResponse = "{\n" + " \"access_token\": \"refreshed-access-token\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(clientRegistration); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -198,14 +190,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { this.authentication.getName(), accessToken, refreshToken); doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient( eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -221,25 +210,20 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) .willReturn(clientRegistration1); - // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) .willReturn(clientRegistration2); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration1.getRegistrationId())) @@ -249,9 +233,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { .clientRegistrationId(clientRegistration2.getRegistrationId())) .retrieve().bodyToMono(String.class)) .subscriberContext(context()).block(); - assertThat(this.server.getRequestCount()).isEqualTo(4); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java index c486b01ec4..1cdd07b662 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -265,18 +265,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { private Map getDefaultRequestAttributes() { this.function.defaultRequest().accept(this.spec); verify(this.spec).attributes(this.attrs.capture()); - this.attrs.getValue().accept(this.result); - return this.result; } @Test public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -284,7 +280,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenAuthorizedClientThenAuthorizationHeader() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -293,9 +288,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -304,7 +297,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing") .attributes( @@ -314,9 +306,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } @@ -326,7 +316,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -334,7 +323,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -344,20 +332,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -371,20 +354,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600) // .refreshToken(xxx) // No refreshToken in response .build(); - RestOperations refreshTokenClient = mock(RestOperations.class); given(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class))) .willReturn(new ResponseEntity(response, HttpStatus.OK)); DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient(); refreshTokenTokenResponseClient.setRestOperations(refreshTokenClient); - RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider(); authorizedClientProvider.setAccessTokenResponseClient(refreshTokenTokenResponseClient); DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -392,7 +372,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -402,20 +381,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(refreshTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken().getTokenValue()).isEqualTo(refreshToken.getTokenValue()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -428,7 +402,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.registration = TestClientRegistrations.clientCredentials().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -438,17 +411,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request1 = requests.get(0); assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com"); @@ -459,18 +427,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() { this.registration = TestClientRegistrations.clientCredentials().build(); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -480,16 +444,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request1 = requests.get(0); assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token"); assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com"); @@ -502,11 +461,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - ClientRegistration registration = TestClientRegistrations.password().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(registration); - // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -519,12 +476,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { } return contextAttributes; }); - MockHttpServletRequest servletRequest = new MockHttpServletRequest(); servletRequest.setParameter(OAuth2ParameterNames.USERNAME, "username"); servletRequest.setParameter(OAuth2ParameterNames.PASSWORD, "password"); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) @@ -532,12 +487,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -552,7 +504,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -560,7 +511,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -569,15 +519,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -589,7 +535,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshTokenNullThenShouldRefreshFalse() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -598,12 +543,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -616,7 +558,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -625,12 +566,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -642,44 +580,33 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenChainedThenDefaultsStillAvailable() throws Exception { this.function.setDefaultOAuth2AuthorizedClient(true); - MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); - OAuth2User user = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, authorities, this.registration.getRegistrationId()); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - given(this.authorizedClientRepository.loadAuthorizedClient( eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest))) .willReturn(authorizedClient); - // Default request attributes set final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com")) .attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())).build(); - // Default request attributes NOT set final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build(); - Context context = context(servletRequest, servletResponse, authentication); - this.function.filter(request1, this.exchange) .flatMap((response) -> this.function.filter(request2, this.exchange)).subscriberContext(context) .block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(2); - ClientRequest request = requests.get(0); assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request.url().toASCIIString()).isEqualTo("https://example1.com"); assertThat(request.method()).isEqualTo(HttpMethod.GET); assertThat(getBody(request)).isEmpty(); - request = requests.get(1); assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request.url().toASCIIString()).isEqualTo("https://example2.com"); @@ -708,16 +635,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -743,7 +666,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; @@ -752,12 +674,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -788,7 +707,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { private void assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus httpStatus, String expectedErrorCode) { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); MockHttpServletRequest servletRequest = new MockHttpServletRequest(); @@ -799,17 +717,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(), httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -835,18 +749,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN)); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> { assertThat(e.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode()); @@ -871,13 +781,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verifyNoInteractions(this.authorizationFailureHandler); } @@ -902,7 +809,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { messageWriters.add(new FormHttpMessageWriter()); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes())); messageWriters.add(new MultipartHttpMessageWriter(messageWriters)); - BodyInserter.Context context = new BodyInserter.Context() { @Override public List> messageWriters() { @@ -919,7 +825,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { return new HashMap<>(); } }; - MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/"); request.body().insert(body, context).block(); return body.getBodyAsString().block(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java index a85ef616f4..54967496b5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java @@ -77,19 +77,15 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { @Test public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"), ResponseStatusException.class); - assertThat(expected.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST); } @Test public void resolveWhenClientRegistrationFoundThenWorks() { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration)); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id"); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); @@ -100,9 +96,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration)); ServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com")); - OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block(); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); @@ -113,12 +107,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration() .clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build())); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); - assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER)) .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" @@ -129,11 +120,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); - assertThat((String) request.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); - assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}"); @@ -144,13 +132,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver.setAuthorizationRequestCustomizer( (customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID); @@ -163,15 +148,12 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver .setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> { uriBuilder.queryParam("param1", "value1"); return uriBuilder.build(); })); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" @@ -182,14 +164,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> { params.put("appid", params.get("client_id")); params.remove("client_id"); })); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java index 6b1369601a..56f527b658 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java @@ -121,9 +121,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/")); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); - verifyNoInteractions(this.authenticationManager); } @@ -131,7 +129,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenMatchThenAuthorizedClientSaved() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -139,18 +136,14 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class), any()); } @@ -163,7 +156,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - // 1) redirect_uri with query parameters Map parameters = new LinkedHashMap<>(); parameters.put("param1", "value1"); @@ -175,15 +167,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); verify(this.authenticationManager, times(1)).authenticate(any()); - // 2) redirect_uri with query parameters AND authorization response additional // parameters Map additionalParameters = new LinkedHashMap<>(); @@ -191,7 +180,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { additionalParameters.put("auth-param2", "value2"); authorizationResponse = createAuthorizationResponse(authorizationRequest, additionalParameters); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verify(this.authenticationManager, times(2)).authenticate(any()); } @@ -209,7 +197,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - // 1) Parameter value Map parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.put("param2", "value8"); @@ -218,26 +205,21 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); - // 2) Parameter order parametersNotMatch = new LinkedHashMap<>(); parametersNotMatch.put("param2", "value2"); parametersNotMatch.put("param1", "value1"); authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch)); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); - // 3) Parameter missing parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.remove("param2"); authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch)); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); } @@ -249,7 +231,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -257,20 +238,15 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - ServerRequestCache requestCache = mock(ServerRequestCache.class); given(requestCache.getRedirectUri(any(ServerWebExchange.class))) .willReturn(Mono.just(URI.create("/saved-request"))); - this.filter.setRequestCache(requestCache); - this.filter.filter(exchange, chain).block(); - verify(requestCache).getRedirectUri(exchange); assertThat(exchange.getResponse().getHeaders().getLocation().toString()).isEqualTo("/saved-request"); } @@ -280,7 +256,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -288,12 +263,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - assertThatThrownBy(() -> this.filter.filter(exchange, chain).block()) .isInstanceOf(OAuth2AuthenticationException.class) .extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode") @@ -306,7 +279,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -314,15 +286,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error")))); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - assertThatThrownBy(() -> this.filter.filter(exchange, chain).block()) .isInstanceOf(OAuth2AuthenticationException.class) .extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode") diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java index b18bd9442b..f5c6f0c5f8 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java @@ -71,7 +71,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { this.filter.setAuthorizationRequestRepository(this.authzRequestRepository); FilteringWebHandler webHandler = new FilteringWebHandler((e) -> e.getResponse().setComplete(), Arrays.asList(this.filter)); - this.client = WebTestClient.bindToWebHandler(webHandler).build(); given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) .willReturn(Mono.just(this.registration)); @@ -88,7 +87,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesNotMatchThenClientRegistrationRepositoryNotSubscribed() { this.client.get().exchange().expectStatus().isOk(); - verifyZeroInteractions(this.clientRepository, this.authzRequestRepository); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java index b08e068cfa..aed902381d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java @@ -85,7 +85,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { @Test public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() { given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.empty()); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class); } @@ -94,7 +93,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { this.authorizationRequest.attributes(Map::clear); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(this.authorizationRequest.build())); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); @@ -105,7 +103,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); @@ -118,7 +115,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(this.clientRegistration)); - assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode()) .isEqualTo("error"); } @@ -130,9 +126,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizationCodeAuthenticationToken result = applyConverter(); - OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse(); assertThat(exchange.getError()).isNull(); assertThat(exchange.getCode()).isEqualTo("code"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java index 0e6ed8a94c..23c526bdf3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java @@ -62,7 +62,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { } // loadAuthorizedClient - @Test public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; @@ -96,7 +95,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenFoundThenFound() { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } @@ -107,10 +105,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { .registrationId("other-client-registration").build(); OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration, "anonymousUser", this.authorizedClient.getAccessToken()); - this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } @@ -119,13 +115,11 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void loadAuthorizedClientWhenAnonymousThenFound() { this.authentication = this.anonymous; this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } // saveAuthorizedClient - @Test public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() { this.authorizedClient = null; @@ -151,7 +145,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { } // removeAuthorizedClient - @Test public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; @@ -180,7 +173,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void removeAuthorizedClientWhenFoundThenFound() { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java index 4b027dac97..13a50ed5ab 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java @@ -68,7 +68,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { @Test public void loadAuthorizationRequestWhenNoSessionThenEmpty() { StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - assertSessionStartedIs(false); } @@ -77,7 +76,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes) .doOnNext((attrs) -> attrs.put("foo", "bar")) .then(this.repository.loadAuthorizationRequest(this.exchange)); - StepVerifier.create(setAttrThenLoad).verifyComplete(); } @@ -87,7 +85,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndLoad = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.loadAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndLoad).verifyComplete(); } @@ -104,25 +101,19 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - WebSessionManager sessionManager = (e) -> this.exchange.getSession(); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndLoad = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.loadAuthorizationRequest(oldExchange)); - StepVerifier.create(saveAndSaveAndLoad).expectNext(oldAuthorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)) .expectNext(this.authorizationRequest).verifyComplete(); } @@ -133,7 +124,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .isInstanceOf(IllegalArgumentException.class); assertSessionStartedIs(false); - } @Test @@ -141,7 +131,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { this.exchange = null; assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .isInstanceOf(IllegalArgumentException.class); - } @Test @@ -162,9 +151,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndRemove = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.exchange.getSession().map(WebSession::getAttributes).map(Map::isEmpty)) .expectNext(true).verifyComplete(); } @@ -178,7 +165,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndRemove = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.removeAuthorizationRequest(otherStateExchange)); - StepVerifier.create(saveAndRemove).verifyComplete(); } @@ -187,27 +173,20 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - WebSessionManager sessionManager = (e) -> this.exchange.getSession(); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndRemove = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange)).expectNext(oldAuthorizationRequest) .verifyComplete(); } @@ -218,30 +197,23 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - Map sessionAttrs = spy(new HashMap<>()); WebSession session = mock(WebSession.class); given(session.getAttributes()).willReturn(sessionAttrs); WebSessionManager sessionManager = (e) -> Mono.just(session); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndRemove = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - verify(sessionAttrs, times(3)).put(any(), any()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java index 3a683952e2..e24d86bb86 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java @@ -81,7 +81,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block(); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -115,10 +114,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient expected = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(expected, null, this.exchange).block(); - OAuth2AuthorizedClient result = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); - assertThat(result).isEqualTo(expected); } @@ -151,10 +148,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block(); - // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange); - OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient1).isNotNull(); @@ -184,7 +179,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); - WebSession session = this.exchange.getSession().block(); assertThat(session).isNotNull(); assertThat(session.getAttributes()).isEmpty(); @@ -195,13 +189,10 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block(); - OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.exchange).block(); - this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); - OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); assertThat(loadedAuthorizedClient2).isNotNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java index 5f262d97f6..195d8edd7e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java @@ -81,7 +81,6 @@ public class OAuth2LoginAuthenticationWebFilterTests { @Test public void onAuthenticationSuccessWhenOAuth2LoginAuthenticationTokenThenSavesAuthorizedClient() { this.filter.onAuthenticationSuccess(loginToken(), this.webFilterExchange).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any()); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java index 272e74c75c..e0c1524dc7 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java @@ -51,7 +51,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "date"; this.claims.put(claimName, Date.from(expectedClaimValue)); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -62,7 +61,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "longSeconds"; this.claims.put(claimName, expectedClaimValue.getEpochSecond()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -72,7 +70,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "instant"; this.claims.put(claimName, expectedClaimValue); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -83,7 +80,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "integerSeconds"; this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).intValue()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -94,7 +90,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "doubleSeconds"; this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).doubleValue()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -104,7 +99,6 @@ public class ClaimAccessorTests { public void getClaimAsStringWhenValueIsNullThenReturnNull() { String claimName = "claim-with-null-value"; this.claims.put(claimName, null); - assertThat(this.claimAccessor.getClaimAsString(claimName)).isNull(); } @@ -120,9 +114,7 @@ public class ClaimAccessorTests { List expectedClaimValue = Arrays.asList("item1", "item2"); String claimName = "list"; this.claims.put(claimName, expectedClaimValue); - List actualClaimValue = this.claimAccessor.getClaim(claimName); - assertThat(actualClaimValue).containsOnlyElementsOf(expectedClaimValue); } @@ -131,9 +123,7 @@ public class ClaimAccessorTests { boolean expectedClaimValue = true; String claimName = "boolean"; this.claims.put(claimName, expectedClaimValue); - boolean actualClaimValue = this.claimAccessor.getClaim(claimName); - assertThat(actualClaimValue).isEqualTo(expectedClaimValue); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java index 012fc99b46..642d1217d0 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java @@ -45,7 +45,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests { public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities)) .isInstanceOf(IllegalArgumentException.class); - assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities)) .isInstanceOf(IllegalArgumentException.class); } @@ -55,7 +54,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests { Collection authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, null).getAuthorities(); assertThat(authorities).isEmpty(); - authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, Collections.emptyList()) .getAuthorities(); assertThat(authorities).isEmpty(); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java index 1eaf4be167..5e23cec5d9 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java @@ -42,7 +42,6 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenNoValidatorsConfiguredThenReturnsSuccessfulResult() { DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>(); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - assertThat(tokenValidator.validate(token).hasErrors()).isFalse(); } @@ -50,16 +49,12 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenAnyValidatorFailsThenReturnsFailureResultContainingDetailFromFailingValidator() { OAuth2TokenValidator success = mock(OAuth2TokenValidator.class); OAuth2TokenValidator failure = mock(OAuth2TokenValidator.class); - given(success.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(failure.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(success, failure)); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isTrue(); assertThat(result.getErrors()).containsExactly(DETAIL); } @@ -68,20 +63,15 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenMultipleValidatorsFailThenReturnsFailureResultContainingAllDetails() { OAuth2TokenValidator firstFailure = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondFailure = mock(OAuth2TokenValidator.class); - OAuth2Error otherDetail = new OAuth2Error("another-error"); - given(firstFailure.validate(any(AbstractOAuth2Token.class))) .willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); given(secondFailure.validate(any(AbstractOAuth2Token.class))) .willReturn(OAuth2TokenValidatorResult.failure(otherDetail)); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( firstFailure, secondFailure); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isTrue(); assertThat(result.getErrors()).containsExactly(DETAIL, otherDetail); } @@ -90,16 +80,12 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenAllValidatorsSucceedThenReturnsSuccessfulResult() { OAuth2TokenValidator firstSuccess = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondSuccess = mock(OAuth2TokenValidator.class); - given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(firstSuccess, secondSuccess)); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isFalse(); assertThat(result.getErrors()).isEmpty(); } @@ -115,20 +101,15 @@ public class DelegatingOAuth2TokenValidatorTests { public void constructorsWhenInvokedWithSameInputsThenResultInSameOutputs() { OAuth2TokenValidator firstSuccess = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondSuccess = mock(OAuth2TokenValidator.class); - given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); - DelegatingOAuth2TokenValidator firstValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(firstSuccess, secondSuccess)); DelegatingOAuth2TokenValidator secondValidator = new DelegatingOAuth2TokenValidator<>( firstSuccess, secondSuccess); - AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - firstValidator.validate(token); secondValidator.validate(token); - verify(firstSuccess, times(2)).validate(token); verify(secondSuccess, times(2)).validate(token); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java index 00486cab70..984c1b7804 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java @@ -72,7 +72,6 @@ public class OAuth2AccessTokenTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES); - assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE); assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE); assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT); @@ -86,7 +85,6 @@ public class OAuth2AccessTokenTests { OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES); byte[] serialized = SerializationUtils.serialize(accessToken); accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized); - assertThat(serialized).isNotNull(); assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE); assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java index 4595dba640..fab4afdc2c 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java @@ -41,7 +41,6 @@ public class OAuth2ErrorTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2Error error = new OAuth2Error(ERROR_CODE, ERROR_DESCRIPTION, ERROR_URI); - assertThat(error.getErrorCode()).isEqualTo(ERROR_CODE); assertThat(error.getDescription()).isEqualTo(ERROR_DESCRIPTION); assertThat(error.getUri()).isEqualTo(ERROR_URI); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java index a029dd1bfe..e1aae08a90 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java @@ -38,7 +38,6 @@ public class OAuth2TokenValidatorResultTests { @Test public void failureWhenInvokedWithDetailReturnsFailureResultIncludingDetail() { OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL); - assertThat(failure.hasErrors()).isTrue(); assertThat(failure.getErrors()).containsExactly(DETAIL); } @@ -46,7 +45,6 @@ public class OAuth2TokenValidatorResultTests { @Test public void failureWhenInvokedWithMultipleDetailsReturnsFailureResultIncludingAll() { OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL, DETAIL); - assertThat(failure.hasErrors()).isTrue(); assertThat(failure.getErrors()).containsExactly(DETAIL, DETAIL); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java index c295fa2694..d09bff9892 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java @@ -70,7 +70,6 @@ public class ClaimTypeConverterTests { TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class))); Converter mapStringObjectConverter = getConverter(TypeDescriptor.map(Map.class, TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class))); - Map> claimTypeConverters = new HashMap<>(); claimTypeConverters.put(STRING_CLAIM, stringConverter); claimTypeConverters.put(BOOLEAN_CLAIM, booleanConverter); @@ -117,7 +116,6 @@ public class ClaimTypeConverterTests { mapIntegerObject.put(1, "value1"); Map mapStringObject = new HashMap<>(); mapStringObject.put("1", "value1"); - Map claims = new HashMap<>(); claims.put(STRING_CLAIM, Boolean.TRUE); claims.put(BOOLEAN_CLAIM, "true"); @@ -126,9 +124,7 @@ public class ClaimTypeConverterTests { claims.put(COLLECTION_STRING_CLAIM, listNumber); claims.put(LIST_STRING_CLAIM, listNumber); claims.put(MAP_STRING_OBJECT_CLAIM, mapIntegerObject); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get(STRING_CLAIM)).isEqualTo("true"); assertThat(claims.get(BOOLEAN_CLAIM)).isEqualTo(Boolean.TRUE); assertThat(claims.get(INSTANT_CLAIM)).isEqualTo(instant); @@ -147,7 +143,6 @@ public class ClaimTypeConverterTests { List listString = Lists.list("1", "2", "3", "4"); Map mapStringObject = new HashMap<>(); mapStringObject.put("1", "value1"); - Map claims = new HashMap<>(); claims.put(STRING_CLAIM, string); claims.put(BOOLEAN_CLAIM, bool); @@ -156,9 +151,7 @@ public class ClaimTypeConverterTests { claims.put(COLLECTION_STRING_CLAIM, listString); claims.put(LIST_STRING_CLAIM, listString); claims.put(MAP_STRING_OBJECT_CLAIM, mapStringObject); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get(STRING_CLAIM)).isSameAs(string); assertThat(claims.get(BOOLEAN_CLAIM)).isSameAs(bool); assertThat(claims.get(INSTANT_CLAIM)).isSameAs(instant); @@ -172,9 +165,7 @@ public class ClaimTypeConverterTests { public void convertWhenConverterNotAvailableThenDoesNotConvert() { Map claims = new HashMap<>(); claims.put("claim1", "value1"); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get("claim1")).isSameAs("value1"); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java index 8aa09301b4..715f4efa77 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java @@ -63,11 +63,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Assert.assertTrue(scopes.contains("read")); Assert.assertTrue(scopes.contains("write")); Assert.assertEquals(3600, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNotNull(refreshToken); Assert.assertEquals("refresh-token-1234", refreshToken.getTokenValue()); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(2, additionalParameters.size()); @@ -88,12 +86,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Set scopes = accessToken.getScopes(); Assert.assertNotNull(scopes); Assert.assertEquals(0, scopes.size()); - Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNull(refreshToken); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(0, additionalParameters.size()); @@ -113,12 +108,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Set scopes = accessToken.getScopes(); Assert.assertNotNull(scopes); Assert.assertEquals(0, scopes.size()); - Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNull(refreshToken); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(0, additionalParameters.size()); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java index 7be9dd9717..1fb64a63f6 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java @@ -46,17 +46,14 @@ public class OAuth2AccessTokenResponseMapConverterTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("custom_parameter_1", "custom-value-1"); additionalParameters.put("custom_parameter_2", "custom-value-2"); - Set scopes = new HashSet<>(); scopes.add("read"); scopes.add("write"); - OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699) .additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes) .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); Map result = this.messageConverter.convert(build); Assert.assertEquals(7, result.size()); - Assert.assertEquals("access-token-value-1234", result.get("access_token")); Assert.assertEquals("refresh-token-value-1234", result.get("refresh_token")); Assert.assertEquals("read write", result.get("scope")); @@ -72,7 +69,6 @@ public class OAuth2AccessTokenResponseMapConverterTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); Map result = this.messageConverter.convert(build); Assert.assertEquals(3, result.size()); - Assert.assertEquals("access-token-value-1234", result.get("access_token")); Assert.assertEquals("Bearer", result.get("token_type")); Assert.assertNotNull(result.get("expires_in")); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java index 047dcc4c18..a9934d43b1 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java @@ -77,11 +77,9 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build(); - assertThat(tokenResponse.getAccessToken()).isNotNull(); assertThat(tokenResponse.getAccessToken().getTokenValue()).isEqualTo(TOKEN_VALUE); assertThat(tokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); @@ -99,13 +97,10 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build(); - OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build(); - assertThat(withResponse.getAccessToken().getTokenValue()) .isEqualTo(tokenResponse.getAccessToken().getTokenValue()); assertThat(withResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); @@ -125,13 +120,10 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .additionalParameters(additionalParameters).build(); - OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build(); - assertThat(withResponse.getRefreshToken()).isNull(); } @@ -139,11 +131,9 @@ public class OAuth2AccessTokenResponseTests { public void buildWhenResponseAndExpiresInThenExpiresAtEqualToIssuedAtPlusExpiresIn() { OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); - long expiresIn = 30; OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse) .expiresIn(expiresIn).build(); - assertThat(withResponse.getAccessToken().getExpiresAt()) .isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn)); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java index e6c64edd15..3855e1eae8 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java @@ -120,16 +120,13 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - Map attributes = new HashMap<>(); attributes.put("attribute1", "value1"); attributes.put("attribute2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).attributes(attributes) .authorizationRequestUri(AUTHORIZATION_URI).build(); - assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI); assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); @@ -147,7 +144,6 @@ public class OAuth2AuthorizationRequestTests { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&" + "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com"); @@ -174,11 +170,9 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=code&client_id=client-id&" + "scope=scope1%20scope2&state=state&" @@ -189,7 +183,6 @@ public class OAuth2AuthorizationRequestTests { public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesRequiredParametersOnly() { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id"); } @@ -204,18 +197,14 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - Map attributes = new HashMap<>(); attributes.put("attribute1", "value1"); attributes.put("attribute2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).attributes(attributes).build(); - OAuth2AuthorizationRequest authorizationRequestCopy = OAuth2AuthorizationRequest.from(authorizationRequest) .build(); - assertThat(authorizationRequestCopy.getAuthorizationUri()) .isEqualTo(authorizationRequest.getAuthorizationUri()); assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType()); @@ -235,7 +224,6 @@ public class OAuth2AuthorizationRequestTests { public void buildWhenAuthorizationUriIncludesQueryParameterThenAuthorizationRequestUrlIncludesIt() { OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .authorizationUri(AUTHORIZATION_URI + "?param1=value1¶m2=value2").build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "param1=value1¶m2=value2&" + "response_type=code&client_id=client-id&state=state&" @@ -248,7 +236,6 @@ public class OAuth2AuthorizationRequestTests { .authorizationUri(AUTHORIZATION_URI + "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D") .build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&" @@ -264,7 +251,6 @@ public class OAuth2AuthorizationRequestTests { additionalParameters.put('\u00e2' + "ge", "4" + '\u00bd'); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .additionalParameters(additionalParameters).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo( "https://example.com/login/oauth/authorize?" + "response_type=code&client_id=client-id&state=state&" diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java index 2359547241..3a6f98a92f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java @@ -80,12 +80,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { + " \"scope\": \"read write\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -94,7 +91,6 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234"); assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly( entry("custom_parameter_1", "custom-value-1"), entry("custom_parameter_2", "custom-value-2")); - } // gh-6463 @@ -107,12 +103,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { + " \"custom_object_2\": [\"value1\", \"value2\"],\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -130,12 +123,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { String tokenResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 3600,\n" + " \"scope\": null,\n" + " \"refresh_token\": \"refresh-token-1234\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -149,11 +139,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Converter tokenResponseConverter = mock(Converter.class); given(tokenResponseConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setTokenResponseConverter(tokenResponseConverter); - String tokenResponse = "{}"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response)) .isInstanceOf(HttpMessageNotReadableException.class) .hasMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response"); @@ -166,15 +153,12 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("custom_parameter_1", "custom-value-1"); additionalParameters.put("custom_parameter_2", "custom-value-2"); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken("refresh-token-1234").additionalParameters(additionalParameters).build(); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); this.messageConverter.writeInternal(accessTokenResponse, outputMessage); String tokenResponse = outputMessage.getBodyAsString(); - assertThat(tokenResponse).contains("\"access_token\":\"access-token-1234\""); assertThat(tokenResponse).contains("\"token_type\":\"Bearer\""); assertThat(tokenResponse).contains("\"expires_in\""); @@ -189,13 +173,10 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Converter tokenResponseParametersConverter = mock(Converter.class); given(tokenResponseParametersConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli()) .build(); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); - assertThatThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage)) .isInstanceOf(HttpMessageNotWritableException.class) .hasMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java index 783f2f4de3..0e9dc1ad14 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java @@ -69,9 +69,7 @@ public class OAuth2ErrorHttpMessageConverterTests { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\",\n" + " \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response); assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client"); assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized"); @@ -84,9 +82,7 @@ public class OAuth2ErrorHttpMessageConverterTests { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\",\n" + " \"error_codes\": [65001],\n" + " \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response); assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client"); assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized"); @@ -98,11 +94,8 @@ public class OAuth2ErrorHttpMessageConverterTests { Converter errorConverter = mock(Converter.class); given(errorConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setErrorConverter(errorConverter); - String errorResponse = "{}"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response)) .isInstanceOf(HttpMessageNotReadableException.class) .hasMessageContaining("An error occurred reading the OAuth 2.0 Error"); @@ -112,11 +105,9 @@ public class OAuth2ErrorHttpMessageConverterTests { public void writeInternalWhenOAuth2ErrorThenWriteErrorResponse() throws Exception { OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2"); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); this.messageConverter.writeInternal(oauth2Error, outputMessage); String errorResponse = outputMessage.getBodyAsString(); - assertThat(errorResponse).contains("\"error\":\"unauthorized_client\""); assertThat(errorResponse).contains("\"error_description\":\"The client is not authorized\""); assertThat(errorResponse).contains("\"error_uri\":\"https://tools.ietf.org/html/rfc6749#section-5.2\""); @@ -127,12 +118,9 @@ public class OAuth2ErrorHttpMessageConverterTests { Converter errorParametersConverter = mock(Converter.class); given(errorParametersConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setErrorParametersConverter(errorParametersConverter); - OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2"); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); - assertThatThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage)) .isInstanceOf(HttpMessageNotWritableException.class) .hasMessageContaining("An error occurred writing the OAuth 2.0 Error"); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java index d4f2ae75e0..ebe7aa9919 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java @@ -48,7 +48,6 @@ public class DefaultAddressStandardClaimTests { AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder().formatted(FORMATTED) .streetAddress(STREET_ADDRESS).locality(LOCALITY).region(REGION).postalCode(POSTAL_CODE) .country(COUNTRY).build(); - assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED); assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS); assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY); @@ -66,9 +65,7 @@ public class DefaultAddressStandardClaimTests { addressFields.put(REGION_FIELD_NAME, REGION); addressFields.put(POSTAL_CODE_FIELD_NAME, POSTAL_CODE); addressFields.put(COUNTRY_FIELD_NAME, COUNTRY); - AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder(addressFields).build(); - assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED); assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS); assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java index dc9b96c0cf..adcce05236 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java @@ -31,16 +31,12 @@ public class OidcIdTokenBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoOidcIdTokens() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - OidcIdToken first = idTokenBuilder.tokenValue("V1").claim("TEST_CLAIM_1", "C1").build(); - OidcIdToken second = idTokenBuilder.tokenValue("V2").claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3") .build(); - assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); assertThat(first.getTokenValue()).isEqualTo("V1"); - assertThat(second.getClaims()).hasSize(2); assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2"); assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3"); @@ -50,15 +46,11 @@ public class OidcIdTokenBuilderTests { @Test public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - Instant now = Instant.now(); - OidcIdToken idToken = idTokenBuilder.expiresAt(now).build(); assertThat(idToken.getExpiresAt()).isSameAs(now); - idToken = idTokenBuilder.expiresAt(now).build(); assertThat(idToken.getExpiresAt()).isSameAs(now); - assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -66,15 +58,11 @@ public class OidcIdTokenBuilderTests { @Test public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - Instant now = Instant.now(); - OidcIdToken idToken = idTokenBuilder.issuedAt(now).build(); assertThat(idToken.getIssuedAt()).isSameAs(now); - idToken = idTokenBuilder.issuedAt(now).build(); assertThat(idToken.getIssuedAt()).isSameAs(now); - assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -82,13 +70,10 @@ public class OidcIdTokenBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - String generic = new String("sub"); String named = new String("sub"); - OidcIdToken idToken = idTokenBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build(); assertThat(idToken.getSubject()).isSameAs(generic); - idToken = idTokenBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build(); assertThat(idToken.getSubject()).isSameAs(named); } @@ -96,7 +81,6 @@ public class OidcIdTokenBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim"); - OidcIdToken idToken = idTokenBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB)) .build(); assertThat(idToken.getSubject()).isNull(); @@ -105,11 +89,9 @@ public class OidcIdTokenBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - String name = new String("name"); String value = new String("value"); OidcIdToken idToken = idTokenBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(idToken.getClaims()).hasSize(1); assertThat(idToken.getClaims().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java index 9e43b0449a..4f795c6f95 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java @@ -85,7 +85,6 @@ public class OidcIdTokenTests { private static final Map CLAIMS; private static final String ID_TOKEN_VALUE = "id-token-value"; - static { CLAIMS = new HashMap<>(); CLAIMS.put(ISS_CLAIM, ISS_VALUE); @@ -117,7 +116,6 @@ public class OidcIdTokenTests { public void constructorWhenParametersProvidedAndValidThenCreated() { OidcIdToken idToken = new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), CLAIMS); - assertThat(idToken.getClaims()).isEqualTo(CLAIMS); assertThat(idToken.getTokenValue()).isEqualTo(ID_TOKEN_VALUE); assertThat(idToken.getIssuer().toString()).isEqualTo(ISS_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java index fe5a579734..8877139e0f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java @@ -28,14 +28,10 @@ public class OidcUserInfoBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoOidcUserInfos() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - OidcUserInfo first = userInfoBuilder.claim("TEST_CLAIM_1", "C1").build(); - OidcUserInfo second = userInfoBuilder.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build(); - assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); - assertThat(second.getClaims()).hasSize(2); assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2"); assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3"); @@ -44,13 +40,10 @@ public class OidcUserInfoBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - String generic = new String("sub"); String named = new String("sub"); - OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build(); assertThat(userInfo.getSubject()).isSameAs(generic); - userInfo = userInfoBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build(); assertThat(userInfo.getSubject()).isSameAs(named); } @@ -58,7 +51,6 @@ public class OidcUserInfoBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim"); - OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB)) .build(); assertThat(userInfo.getSubject()).isNull(); @@ -67,11 +59,9 @@ public class OidcUserInfoBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - String name = new String("name"); String value = new String("value"); OidcUserInfo userInfo = userInfoBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(userInfo.getClaims()).hasSize(1); assertThat(userInfo.getClaims().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java index 9146c9760c..53fe17d28d 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java @@ -113,7 +113,6 @@ public class OidcUserInfoTests { private static final long UPDATED_AT_VALUE = Instant.now().minusSeconds(60).toEpochMilli(); private static final Map CLAIMS; - static { CLAIMS = new HashMap<>(); CLAIMS.put(SUB_CLAIM, SUB_VALUE); @@ -134,7 +133,6 @@ public class OidcUserInfoTests { CLAIMS.put(LOCALE_CLAIM, LOCALE_VALUE); CLAIMS.put(PHONE_NUMBER_CLAIM, PHONE_NUMBER_VALUE); CLAIMS.put(PHONE_NUMBER_VERIFIED_CLAIM, PHONE_NUMBER_VERIFIED_VALUE); - ADDRESS_VALUE = new HashMap<>(); ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME, DefaultAddressStandardClaimTests.FORMATTED); @@ -148,7 +146,6 @@ public class OidcUserInfoTests { ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME, DefaultAddressStandardClaimTests.COUNTRY); CLAIMS.put(ADDRESS_CLAIM, ADDRESS_VALUE); - CLAIMS.put(UPDATED_AT_CLAIM, UPDATED_AT_VALUE); } @@ -160,7 +157,6 @@ public class OidcUserInfoTests { @Test public void constructorWhenParametersProvidedAndValidThenCreated() { OidcUserInfo userInfo = new OidcUserInfo(CLAIMS); - assertThat(userInfo.getClaims()).isEqualTo(CLAIMS); assertThat(userInfo.getSubject()).isEqualTo(SUB_VALUE); assertThat(userInfo.getFullName()).isEqualTo(NAME_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java index ef8501ead2..78dd8b494f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java @@ -54,14 +54,12 @@ public class DefaultOidcUserTests { private static final Map ID_TOKEN_CLAIMS = new HashMap<>(); private static final Map USER_INFO_CLAIMS = new HashMap<>(); - static { ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com"); ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT); USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME); USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL); } - private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS); @@ -85,7 +83,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); assertThat(user.getName()).isEqualTo(SUBJECT); @@ -97,7 +94,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenNameAttributeKeyProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, IdTokenClaimNames.SUB); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); assertThat(user.getName()).isEqualTo(SUBJECT); @@ -109,7 +105,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenUserInfoProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); @@ -124,7 +119,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO, StandardClaimNames.EMAIL); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java index 4f83847331..d086c3eb99 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java @@ -48,14 +48,12 @@ public class OidcUserAuthorityTests { private static final Map ID_TOKEN_CLAIMS = new HashMap<>(); private static final Map USER_INFO_CLAIMS = new HashMap<>(); - static { ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com"); ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT); USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME); USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL); } - private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS); @@ -79,7 +77,6 @@ public class OidcUserAuthorityTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OidcUserAuthority userAuthority = new OidcUserAuthority(AUTHORITY, ID_TOKEN, USER_INFO); - assertThat(userAuthority.getIdToken()).isEqualTo(ID_TOKEN); assertThat(userAuthority.getUserInfo()).isEqualTo(USER_INFO); assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java index 88f20d81c1..c1643e86d5 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java @@ -79,7 +79,6 @@ public class DefaultOAuth2UserTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY); - assertThat(user.getName()).isEqualTo(USERNAME); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(AUTHORITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java index 83d68e921e..b7b22d5541 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java @@ -52,7 +52,6 @@ public class OAuth2UserAuthorityTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2UserAuthority userAuthority = new OAuth2UserAuthority(AUTHORITY, ATTRIBUTES); - assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY); assertThat(userAuthority.getAttributes()).isEqualTo(ATTRIBUTES); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java index bfdd17de31..abe976ecc8 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java @@ -63,7 +63,6 @@ public class OAuth2BodyExtractorsTests { messageReaders.add(new DecoderHttpMessageReader<>(StringDecoder.allMimeTypes())); messageReaders.add(new DecoderHttpMessageReader<>(new Jackson2JsonDecoder())); messageReaders.add(new FormHttpMessageReader()); - this.hints = new HashMap<>(); this.context = new BodyExtractor.Context() { @Override @@ -87,13 +86,10 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenInvalidJsonThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody("{"); - Mono result = extractor.extract(response, this.context); - assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("An error occurred parsing the Access Token response"); } @@ -102,11 +98,8 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenEmptyThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); - Mono result = extractor.extract(response, this.context); - assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("Empty OAuth 2.0 Access Token Response"); } @@ -115,17 +108,14 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenValidThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody( "{\n" + " \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + " \"token_type\":\"Bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n" + " \"example_parameter\":\"example_value\"\n" + " }"); - Instant now = Instant.now(); OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block(); - assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA"); assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2)); @@ -138,17 +128,14 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenMultipleAttributeTypesThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody( "{\n" + " \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + " \"token_type\":\"Bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n" + " \"subjson\":{}, \n" + " \"list\":[] \n" + " }"); - Instant now = Instant.now(); OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block(); - assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA"); assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2)); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java index 6cde34191f..f0dba9b354 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java @@ -43,7 +43,6 @@ public final class TestKeys { throw new IllegalStateException(ex); } } - public static final String DEFAULT_ENCODED_SECRET_KEY = "bCzY/M48bbkwBEWjmNSIEPfwApcvXOnkCxORBEbPr+4="; public static final SecretKey DEFAULT_SECRET_KEY = new SecretKeySpec( @@ -66,7 +65,6 @@ public final class TestKeys { throw new IllegalArgumentException(ex); } } - public static final String DEFAULT_RSA_PRIVATE_KEY = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA" + "iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM" + "g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK" @@ -94,7 +92,6 @@ public final class TestKeys { + "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g=="; public static final RSAPrivateKey DEFAULT_PRIVATE_KEY; - static { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY)); try { diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java index d91c78a928..efac7719f7 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java @@ -34,18 +34,14 @@ public class JwtBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoJwts() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token"); - Jwt first = jwtBuilder.tokenValue("V1").header("TEST_HEADER_1", "H1").claim("TEST_CLAIM_1", "C1").build(); - Jwt second = jwtBuilder.tokenValue("V2").header("TEST_HEADER_1", "H2").header("TEST_HEADER_2", "H3") .claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build(); - assertThat(first.getHeaders()).hasSize(1); assertThat(first.getHeaders().get("TEST_HEADER_1")).isEqualTo("H1"); assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); assertThat(first.getTokenValue()).isEqualTo("V1"); - assertThat(second.getHeaders()).hasSize(2); assertThat(second.getHeaders().get("TEST_HEADER_1")).isEqualTo("H2"); assertThat(second.getHeaders().get("TEST_HEADER_2")).isEqualTo("H3"); @@ -58,15 +54,11 @@ public class JwtBuilderTests { @Test public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - Instant now = Instant.now(); - Jwt jwt = jwtBuilder.expiresAt(now).build(); assertThat(jwt.getExpiresAt()).isSameAs(now); - jwt = jwtBuilder.expiresAt(now).build(); assertThat(jwt.getExpiresAt()).isSameAs(now); - assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -74,15 +66,11 @@ public class JwtBuilderTests { @Test public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - Instant now = Instant.now(); - Jwt jwt = jwtBuilder.issuedAt(now).build(); assertThat(jwt.getIssuedAt()).isSameAs(now); - jwt = jwtBuilder.issuedAt(now).build(); assertThat(jwt.getIssuedAt()).isSameAs(now); - assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -90,13 +78,10 @@ public class JwtBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - String generic = new String("sub"); String named = new String("sub"); - Jwt jwt = jwtBuilder.subject(named).claim(JwtClaimNames.SUB, generic).build(); assertThat(jwt.getSubject()).isSameAs(generic); - jwt = jwtBuilder.claim(JwtClaimNames.SUB, generic).subject(named).build(); assertThat(jwt.getSubject()).isSameAs(named); } @@ -104,7 +89,6 @@ public class JwtBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header"); - Jwt jwt = jwtBuilder.subject("sub").claims((claims) -> claims.remove(JwtClaimNames.SUB)).build(); assertThat(jwt.getSubject()).isNull(); } @@ -112,11 +96,9 @@ public class JwtBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - String name = new String("name"); String value = new String("value"); Jwt jwt = jwtBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(jwt.getClaims()).hasSize(1); assertThat(jwt.getClaims().get(name)).isSameAs(value); } @@ -124,7 +106,6 @@ public class JwtBuilderTests { @Test public void headersWhenRemovingAClaimThenIsNotPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header"); - Jwt jwt = jwtBuilder.header("alg", "none").headers((headers) -> headers.remove("alg")).build(); assertThat(jwt.getHeaders().get("alg")).isNull(); } @@ -132,11 +113,9 @@ public class JwtBuilderTests { @Test public void headersWhenAddingAClaimThenIsPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim"); - String name = new String("name"); String value = new String("value"); Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value)).build(); - assertThat(jwt.getHeaders()).hasSize(1); assertThat(jwt.getHeaders().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java index 8f1be78bb3..c3206a37f3 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java @@ -219,7 +219,6 @@ public class JwtDecodersTests { @Test public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); @@ -228,7 +227,6 @@ public class JwtDecodersTests { @Test public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> JwtDecoders.fromIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java index c8f73f387a..501beb5fb9 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java @@ -36,23 +36,19 @@ public class JwtIssuerValidatorTests { @Test public void validateWhenIssuerMatchesThenReturnsSuccess() { Jwt jwt = TestJwts.jwt().claim("iss", ISSUER).build(); - assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success()); } @Test public void validateWhenIssuerMismatchesThenReturnsError() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "https://other").build(); - OAuth2TokenValidatorResult result = this.validator.validate(jwt); - assertThat(result.getErrors()).isNotEmpty(); } @Test public void validateWhenJwtHasNoIssuerThenReturnsError() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.AUD, "https://aud").build(); - OAuth2TokenValidatorResult result = this.validator.validate(jwt); assertThat(result.getErrors()).isNotEmpty(); } @@ -62,7 +58,6 @@ public class JwtIssuerValidatorTests { public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "issuer").build(); JwtIssuerValidator validator = new JwtIssuerValidator("issuer"); - assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success()); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java index 924c5f85ca..cc2e99e373 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java @@ -69,11 +69,9 @@ public class JwtTests { private static final Map CLAIMS; private static final String JWT_TOKEN_VALUE = "jwt-token-value"; - static { HEADERS = new HashMap<>(); HEADERS.put("alg", JwsAlgorithms.RS256); - CLAIMS = new HashMap<>(); CLAIMS.put(ISS_CLAIM, ISS_VALUE); CLAIMS.put(SUB_CLAIM, SUB_VALUE); @@ -105,7 +103,6 @@ public class JwtTests { public void constructorWhenParametersProvidedAndValidThenCreated() { Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS); - assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE); assertThat(jwt.getHeaders()).isEqualTo(HEADERS); assertThat(jwt.getClaims()).isEqualTo(CLAIMS); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java index cba1158652..8cac7c007c 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java @@ -54,28 +54,20 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime() { Instant oneHourAgo = Instant.now().minusSeconds(3600); - Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - Collection details = jwtValidator.validate(jwt).getErrors(); Collection messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(messages).contains("Jwt expired at " + oneHourAgo); } @Test public void validateWhenJwtIsTooEarlyThenErrorMessageIndicatesNotBeforeTime() { Instant oneHourFromNow = Instant.now().plusSeconds(3600); - Jwt jwt = TestJwts.jwt().notBefore(oneHourFromNow).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - Collection details = jwtValidator.validate(jwt).getErrors(); Collection messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(messages).contains("Jwt used before " + oneHourFromNow); } @@ -83,54 +75,39 @@ public class JwtTimestampValidatorTests { public void validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew() { Duration oneDayOff = Duration.ofDays(1); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(oneDayOff); - Instant now = Instant.now(); Instant almostOneDayAgo = now.minus(oneDayOff).plusSeconds(10); Instant almostOneDayFromNow = now.plus(oneDayOff).minusSeconds(10); Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10); Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10); - Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build(); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); - jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build(); - OAuth2TokenValidatorResult result = jwtValidator.validate(jwt); Collection messages = result.getErrors().stream().map(OAuth2Error::getDescription) .collect(Collectors.toList()); - assertThat(result.hasErrors()).isTrue(); assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo); - jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build(); - result = jwtValidator.validate(jwt); messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(result.hasErrors()).isTrue(); assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow); - } @Test public void validateWhenConfiguredWithFixedClockThenValidatesUsingFixedTime() { Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0)); jwtValidator.setClock(MOCK_NOW); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); - jwt = TestJwts.jwt().notBefore(Instant.now(MOCK_NOW)).build(); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @Test public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -138,7 +115,6 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -146,7 +122,6 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenExpiryIsValidAndNotBeforeIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -154,17 +129,14 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenBothExpiryAndNotBeforeAreValidThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0)); jwtValidator.setClock(MOCK_NOW); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @Test public void setClockWhenInvokedWithNullThenThrowsIllegalArgumentException() { JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - assertThatCode(() -> jwtValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java index 540f668e5e..d27b08df2a 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java @@ -48,23 +48,18 @@ public class MappedJwtClaimSetConverterTests { Instant at = Instant.ofEpochMilli(1000000000000L); Converter expiresAtConverter = mock(Converter.class); given(expiresAtConverter.convert(any())).willReturn(at); - MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter)); - Map source = new HashMap<>(); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1)); } @Test public void convertWhenUsingDefaultsThenBasesIssuedAtOffOfExpiration() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.EXP, 1000000000L); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(1000000000L)); assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1000000000L).minusSeconds(1)); } @@ -72,16 +67,12 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenCoercesAudienceAccordingToJwtSpec() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.AUD, "audience"); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); - source = Collections.singletonMap(JwtClaimNames.AUD, Arrays.asList("one", "two")); target = converter.convert(source); - assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("one", "two")); } @@ -89,7 +80,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenCoercesAllAttributesInJwtSpec() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, 1); source.put(JwtClaimNames.AUD, "audience"); @@ -98,9 +88,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, "https://any.url"); source.put(JwtClaimNames.NBF, 1000000000); source.put(JwtClaimNames.SUB, 1234); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1"); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L)); @@ -116,7 +104,6 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); given(claimConverter.convert(any(Object.class))).willReturn("1234"); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, 1); source.put(JwtClaimNames.AUD, "audience"); @@ -125,9 +112,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, URI.create("https://any.url")); source.put(JwtClaimNames.NBF, "1000000000"); source.put(JwtClaimNames.SUB, 2345); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1"); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L)); @@ -140,10 +125,8 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenConverterReturnsNullThenClaimIsRemoved() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.ISS, null); Map target = converter.convert(source); - assertThat(target).doesNotContainKey(JwtClaimNames.ISS); } @@ -153,10 +136,8 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap("custom-claim", claimConverter)); given(claimConverter.convert(any())).willReturn("custom-value"); - Map source = new HashMap<>(); Map target = converter.convert(source); - assertThat(target.get("custom-claim")).isEqualTo("custom-value"); } @@ -166,7 +147,6 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = new MappedJwtClaimSetConverter( Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); given(claimConverter.convert(any(Object.class))).willReturn("1234"); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, new Object()); source.put(JwtClaimNames.AUD, new Object()); @@ -175,9 +155,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, new Object()); source.put(JwtClaimNames.NBF, new Object()); source.put(JwtClaimNames.SUB, new Object()); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo(source.get(JwtClaimNames.JTI)); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(source.get(JwtClaimNames.AUD)); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(source.get(JwtClaimNames.EXP)); @@ -190,16 +168,12 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenFailedConversionThrowsIllegalStateException() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map badIssuer = Collections.singletonMap(JwtClaimNames.ISS, "https://badly formed iss"); assertThatCode(() -> converter.convert(badIssuer)).isInstanceOf(IllegalStateException.class); - Map badIssuedAt = Collections.singletonMap(JwtClaimNames.IAT, "badly-formed-iat"); assertThatCode(() -> converter.convert(badIssuedAt)).isInstanceOf(IllegalStateException.class); - Map badExpiresAt = Collections.singletonMap(JwtClaimNames.EXP, "badly-formed-exp"); assertThatCode(() -> converter.convert(badExpiresAt)).isInstanceOf(IllegalStateException.class); - Map badNotBefore = Collections.singletonMap(JwtClaimNames.NBF, "badly-formed-nbf"); assertThatCode(() -> converter.convert(badNotBefore)).isInstanceOf(IllegalStateException.class); } @@ -208,7 +182,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenIssuerIsNotAUriThenConvertsToString() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map nonUriIssuer = Collections.singletonMap(JwtClaimNames.ISS, "issuer"); Map target = converter.convert(nonUriIssuer); assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("issuer"); @@ -218,7 +191,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenIssuerIsOfTypeURLThenConvertsToString() throws Exception { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map issuer = Collections.singletonMap(JwtClaimNames.ISS, new URL("https://issuer")); Map target = converter.convert(issuer); assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("https://issuer"); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java index 18a4a00aa2..b0b848f875 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java @@ -175,15 +175,11 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure)); decoder.setJwtValidator(jwtValidator); - assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -194,17 +190,13 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); decoder.setJwtValidator(jwtValidator); - assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description") .hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)); @@ -216,13 +208,10 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - Converter, Map> claimSetConverter = mock(Converter.class); given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); decoder.setClaimSetConverter(claimSetConverter); - Jwt jwt = decoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java index 32b04cc858..fcdd0e2c84 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java @@ -174,11 +174,9 @@ public class NimbusJwtDecoderTests { @Test public void decodeWhenJwtFailsValidationThenReturnsCorrespondingErrorMessage() { OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure)); this.jwtDecoder.setJwtValidator(jwtValidator); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -188,11 +186,9 @@ public class NimbusJwtDecoderTests { OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); this.jwtDecoder.setJwtValidator(jwtValidator); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description") .hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)); @@ -202,13 +198,11 @@ public class NimbusJwtDecoderTests { public void decodeWhenReadingErrorPickTheFirstErrorMessage() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.jwtDecoder.setJwtValidator(jwtValidator); - OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri"); OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -218,7 +212,6 @@ public class NimbusJwtDecoderTests { Converter, Map> claimSetConverter = mock(Converter.class); given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); this.jwtDecoder.setClaimSetConverter(claimSetConverter); - Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); @@ -229,9 +222,7 @@ public class NimbusJwtDecoderTests { public void decodeWhenClaimSetConverterFailsThenBadJwtException() { Converter, Map> claimSetConverter = mock(Converter.class); this.jwtDecoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion")); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class); } @@ -255,7 +246,6 @@ public class NimbusJwtDecoderTests { try (MockWebServer server = new MockWebServer()) { String jwkSetUri = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build(); - server.shutdown(); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) @@ -269,12 +259,10 @@ public class NimbusJwtDecoderTests { Cache cache = new ConcurrentMapCache("test-jwk-set-cache"); String jwkSetUri = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build(); - server.shutdown(); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) .hasMessageContaining("An error occurred while attempting to decode the Jwt"); - } } @@ -530,7 +518,6 @@ public class NimbusJwtDecoderTests { assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) .hasMessageContaining("An error occurred while attempting to decode the Jwt"); - } // gh-8730 @@ -595,7 +582,6 @@ public class NimbusJwtDecoderTests { @Override public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException { - try { return signedJWT.getJWTClaimsSet(); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java index fb9906cffc..237e3ba2c4 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java @@ -126,16 +126,13 @@ public class NimbusReactiveJwtDecoderTests { @Test public void decodeWhenInvalidUrl() { this.decoder = new NimbusReactiveJwtDecoder("https://s"); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(IllegalStateException.class).hasCauseInstanceOf(UnknownHostException.class); - } @Test public void decodeWhenMessageReadScopeThenSuccess() { Jwt jwt = this.decoder.decode(this.messageReadToken).block(); - assertThat(jwt.getClaims().get("scope")).isEqualTo("message:read"); } @@ -147,16 +144,13 @@ public class NimbusReactiveJwtDecoderTests { .generatePublic(new X509EncodedKeySpec(bytes)); this.decoder = new NimbusReactiveJwtDecoder(publicKey); String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ"; - assertThatCode(() -> this.decoder.decode(noKeyId).block()).doesNotThrowAnyException(); } @Test public void decodeWhenIssuedAtThenSuccess() { String withIssuedAt = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NSwiaWF0IjoxNTI5OTQyNDQ4fQ.LBzAJO-FR-uJDHST61oX4kimuQjz6QMJPW_mvEXRB6A-fMQWpfTQ089eboipAqsb33XnwWth9ELju9HMWLk0FjlWVVzwObh9FcoKelmPNR8mZIlFG-pAYGgSwi8HufyLabXHntFavBiFtqwp_z9clSOFK1RxWvt3lywEbGgtCKve0BXOjfKWiH1qe4QKGixH-NFxidvz8Qd5WbJwyb9tChC6ZKoKPv7Jp-N5KpxkY-O2iUtINvn4xOSactUsvKHgF8ZzZjvJGzG57r606OZXaNtoElQzjAPU5xDGg5liuEJzfBhvqiWCLRmSuZ33qwp3aoBnFgEw0B85gsNe3ggABg"; - Jwt jwt = this.decoder.decode(withIssuedAt).block(); - assertThat(jwt.getClaims().get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1529942448L)); } @@ -207,11 +201,9 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenUsingCustomValidatorThenValidatorIsInvoked() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.decoder.setJwtValidator(jwtValidator); - OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description"); } @@ -220,13 +212,11 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenReadingErrorPickTheFirstErrorMessage() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.decoder.setJwtValidator(jwtValidator); - OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri"); OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description"); } @@ -235,9 +225,7 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() { Converter, Map> claimSetConverter = mock(Converter.class); this.decoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); - Jwt jwt = this.decoder.decode(this.messageReadToken).block(); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); @@ -249,9 +237,7 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenClaimSetConverterFailsThenBadJwtException() { Converter, Map> claimSetConverter = mock(Converter.class); this.decoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion")); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class); } @@ -359,7 +345,6 @@ public class NimbusReactiveJwtDecoderTests { .jwtProcessorCustomizer( (p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))) .build(); - AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block()) .isInstanceOf(BadJwtException.class) .hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing"); @@ -381,7 +366,6 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenCustomJwkSourceResolutionThenDecodes() { NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder .withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build(); - assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull(); } @@ -392,7 +376,6 @@ public class NimbusReactiveJwtDecoderTests { .jwtProcessorCustomizer( (p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))) .build(); - assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class) .hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing"); } @@ -424,7 +407,6 @@ public class NimbusReactiveJwtDecoderTests { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject") .expirationTime(Date.from(Instant.now().plusSeconds(60))).build(); SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet); - this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build(); Jwt jwt = this.decoder.decode(signedJWT.serialize()).block(); assertThat(jwt.getSubject()).isEqualTo("test-subject"); @@ -449,7 +431,6 @@ public class NimbusReactiveJwtDecoderTests { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject") .expirationTime(Date.from(Instant.now().plusSeconds(60))).build(); SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet); - this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build(); assertThatThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block()) .isInstanceOf(BadJwtException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java index 99b9d516c7..bd106ef99a 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java @@ -90,9 +90,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponse(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -100,9 +98,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponseOidc(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -110,9 +106,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponseOAuth2(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -120,7 +114,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() { prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }"); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(RuntimeException.class); } @@ -167,7 +160,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() { prepareConfigurationResponse("malformed"); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(RuntimeException.class); } @@ -187,7 +179,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() { prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer)); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(IllegalStateException.class); } @@ -209,9 +200,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); } @@ -219,7 +208,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java index 6a2960afee..312d5bdc9c 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java @@ -74,7 +74,6 @@ public class ReactiveRemoteJWKSourceTests { public void setup() { this.server = new MockWebServer(); this.source = new ReactiveRemoteJWKSource(this.server.url("/").toString()); - this.server.enqueue(new MockResponse().setBody(this.keys)); this.selector = new JWKSelector(this.matcher); } @@ -82,17 +81,14 @@ public class ReactiveRemoteJWKSourceTests { @Test public void getWhenMultipleRequestThenCached() { given(this.matcher.matches(any())).willReturn(true); - this.source.get(this.selector).block(); this.source.get(this.selector).block(); - assertThat(this.server.getRequestCount()).isEqualTo(1); } @Test public void getWhenMatchThenCreatesKeys() { given(this.matcher.matches(any())).willReturn(true); - List keys = this.source.get(this.selector).block(); assertThat(keys).hasSize(2); JWK key1 = keys.get(0); @@ -100,7 +96,6 @@ public class ReactiveRemoteJWKSourceTests { assertThat(key1.getAlgorithm().getName()).isEqualTo("RS256"); assertThat(key1.getKeyType()).isEqualTo(KeyType.RSA); assertThat(key1.getKeyUse()).isEqualTo(KeyUse.SIGNATURE); - JWK key2 = keys.get(1); assertThat(key2.getKeyID()).isEqualTo("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77"); assertThat(key2.getAlgorithm().getName()).isEqualTo("RS256"); @@ -112,7 +107,6 @@ public class ReactiveRemoteJWKSourceTests { public void getWhenNoMatchAndNoKeyIdThenEmpty() { given(this.matcher.matches(any())).willReturn(false); given(this.matcher.getKeyIDs()).willReturn(Collections.emptySet()); - assertThat(this.source.get(this.selector).block()).isEmpty(); } @@ -121,9 +115,7 @@ public class ReactiveRemoteJWKSourceTests { this.server.enqueue(new MockResponse().setBody(this.keys2)); given(this.matcher.matches(any())).willReturn(false, false, true); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated")); - List keys = this.source.get(this.selector).block(); - assertThat(keys).hasSize(1); assertThat(keys.get(0).getKeyID()).isEqualTo("rotated"); } @@ -133,9 +125,7 @@ public class ReactiveRemoteJWKSourceTests { this.server.enqueue(new MockResponse().setBody(this.keys2)); given(this.matcher.matches(any())).willReturn(false, false, false); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated")); - List keys = this.source.get(this.selector).block(); - assertThat(keys).isEmpty(); } @@ -143,7 +133,6 @@ public class ReactiveRemoteJWKSourceTests { public void getWhenNoMatchAndKeyIdMatchThenEmpty() { given(this.matcher.matches(any())).willReturn(false); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77")); - assertThat(this.source.get(this.selector).block()).isEmpty(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java index 3a7e07471c..11cfb3bcc7 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java @@ -58,7 +58,6 @@ public final class TestOAuth2AuthenticatedPrincipals { attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis"); attributes.put(OAuth2IntrospectionClaimNames.USERNAME, "jdoe"); attributesConsumer.accept(attributes); - Collection authorities = Arrays.asList(new SimpleGrantedAuthority("SCOPE_read"), new SimpleGrantedAuthority("SCOPE_write"), new SimpleGrantedAuthority("SCOPE_dolphin")); return new OAuth2IntrospectionAuthenticatedPrincipal(attributes, authorities); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java index a85e43d25b..e8c520ed09 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java @@ -43,7 +43,6 @@ public class BearerTokenAuthenticationTokenTests { @Test public void constructorWhenTokenHasValueThenConstructedCorrectly() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token"); - assertThat(token.getToken()).isEqualTo("token"); assertThat(token.getPrincipal()).isEqualTo("token"); assertThat(token.getCredentials()).isEqualTo("token"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java index ca7c70e5b3..b095788d94 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java @@ -44,7 +44,6 @@ public class BearerTokenErrorTests { @Test public void constructorWithErrorCodeWhenErrorCodeIsValidThenCreated() { BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, null, null); - assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE); assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS); assertThat(error.getDescription()).isNull(); @@ -74,7 +73,6 @@ public class BearerTokenErrorTests { public void constructorWithAllParametersWhenAllParametersAreValidThenCreated() { BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE); - assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE); assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS); assertThat(error.getDescription()).isEqualTo(TEST_DESCRIPTION); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java index 64e14fd6e2..f4fb711430 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java @@ -44,10 +44,8 @@ public class JwtAuthenticationConverterTests { @Test public void convertWhenDefaultGrantedAuthoritiesConverterSet() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -62,15 +60,11 @@ public class JwtAuthenticationConverterTests { @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Arrays .asList(new SimpleGrantedAuthority("blah")); - this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } @@ -97,10 +91,8 @@ public class JwtAuthenticationConverterTests { @Test public void convertWhenPrincipalClaimNameSet() { this.jwtAuthenticationConverter.setPrincipalClaimName("user_id"); - Jwt jwt = TestJwts.jwt().claim("user_id", "100").build(); AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); - assertThat(authentication.getName()).isEqualTo("100"); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java index abbb3be03b..2501d67a4a 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java @@ -65,23 +65,17 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt() { BearerTokenAuthenticationToken token = this.authentication(); - Jwt jwt = TestJwts.jwt().claim("name", "value").build(); - given(this.jwtDecoder.decode("token")).willReturn(jwt); given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt)); - JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token); - assertThat(authentication.getTokenAttributes()).containsEntry("name", "value"); } @Test public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class); - assertThatCode(() -> this.provider.authenticate(token)) .matches((failed) -> failed instanceof OAuth2AuthenticationException) .matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN)); @@ -90,9 +84,7 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars")); - assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class) .hasFieldOrPropertyWithValue("error.description", "Invalid token"); } @@ -101,9 +93,7 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set")); - assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class) .isNotInstanceOf(OAuth2AuthenticationException.class); } @@ -113,13 +103,10 @@ public class JwtAuthenticationProviderTests { BearerTokenAuthenticationToken token = this.authentication(); Object details = mock(Object.class); token.setDetails(details); - Jwt jwt = TestJwts.jwt().build(); JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt); - given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt); given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication); - assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details", details); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java index b47ae58732..417c2354b3 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java @@ -42,7 +42,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenJwtHasSubjectThenReturnsSubject() { Jwt jwt = builder().subject("Carl").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isEqualTo("Carl"); } @@ -50,7 +49,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenJwtHasNoSubjectThenReturnsNull() { Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isNull(); } @@ -65,7 +63,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities); - assertThat(token.getAuthorities()).isEqualTo(authorities); assertThat(token.getPrincipal()).isEqualTo(jwt); assertThat(token.getCredentials()).isEqualTo(jwt); @@ -78,7 +75,6 @@ public class JwtAuthenticationTokenTests { public void constructorWhenUsingOnlyJwtThenConstructedCorrectly() { Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getAuthorities()).isEmpty(); assertThat(token.getPrincipal()).isEqualTo(jwt); assertThat(token.getCredentials()).isEqualTo(jwt); @@ -91,7 +87,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenConstructedWithJwtThenReturnsSubject() { Jwt jwt = builder().subject("Hayden").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -100,7 +95,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().subject("Hayden").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -109,7 +103,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities, "Hayden"); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -117,7 +110,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenConstructedWithNoSubjectThenReturnsNull() { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); - assertThat(new JwtAuthenticationToken(jwt, authorities, null).getName()).isNull(); assertThat(new JwtAuthenticationToken(jwt, authorities).getName()).isNull(); assertThat(new JwtAuthenticationToken(jwt).getName()).isNull(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java index db485936f7..4d24f499e1 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java @@ -38,9 +38,7 @@ public class JwtBearerTokenAuthenticationConverterTests { @Test public void convertWhenJwtThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getToken().getTokenValue()).isEqualTo("token-value"); @@ -52,9 +50,7 @@ public class JwtBearerTokenAuthenticationConverterTests { public void convertWhenJwtWithScopeAttributeThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("scope", "message:read message:write") .header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), @@ -65,9 +61,7 @@ public class JwtBearerTokenAuthenticationConverterTests { public void convertWhenJwtWithScpAttributeThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("scp", Arrays.asList("message:read", "message:write")) .header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java index f304c0dc67..e3a2ed91ca 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java @@ -46,10 +46,8 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -57,11 +55,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"), new SimpleGrantedAuthority("ROLE_message:write")); } @@ -69,11 +65,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix(""); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"), new SimpleGrantedAuthority("message:write")); } @@ -81,20 +75,16 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -102,11 +92,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"), new SimpleGrantedAuthority("ROLE_message:write")); } @@ -114,11 +102,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix(""); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"), new SimpleGrantedAuthority("message:write")); } @@ -126,10 +112,8 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @@ -137,10 +121,8 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"), new SimpleGrantedAuthority("SCOPE_missive:write")); } @@ -149,40 +131,32 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "") .build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasNoScopeAndNoScpAttributeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @@ -190,11 +164,9 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -203,22 +175,18 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write") .build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java index 8a4e57e1b4..bd793b0f14 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java @@ -68,15 +68,12 @@ public class JwtIssuerAuthenticationManagerResolverTests { JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer)))); jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY)); - JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( issuer); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + jws.serialize()); - AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(request); assertThat(authenticationManager).isNotNull(); - AuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(request); assertThat(authenticationManager).isSameAs(cachedAuthenticationManager); } @@ -88,7 +85,6 @@ public class JwtIssuerAuthenticationManagerResolverTests { "other", "issuers"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); } @@ -100,7 +96,6 @@ public class JwtIssuerAuthenticationManagerResolverTests { (issuer) -> authenticationManager); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager); } @@ -108,17 +103,14 @@ public class JwtIssuerAuthenticationManagerResolverTests { public void resolveWhenUsingExternalSourceThenRespondsToChanges() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - Map authenticationManagers = new HashMap<>(); JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( authenticationManagers::get); assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); - AuthenticationManager authenticationManager = mock(AuthenticationManager.class); authenticationManagers.put("trusted", authenticationManager); assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager); - authenticationManagers.clear(); assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java index d0dc716d5c..12df1edc95 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java @@ -69,15 +69,12 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer)))); jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY)); - JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( issuer); MockServerWebExchange exchange = withBearerToken(jws.serialize()); - ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(exchange) .block(); assertThat(authenticationManager).isNotNull(); - ReactiveAuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(exchange) .block(); assertThat(authenticationManager).isSameAs(cachedAuthenticationManager); @@ -89,7 +86,6 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( "other", "issuers"); MockServerWebExchange exchange = withBearerToken(this.jwt); - assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); } @@ -100,24 +96,20 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( (issuer) -> Mono.just(authenticationManager)); MockServerWebExchange exchange = withBearerToken(this.jwt); - assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager); } @Test public void resolveWhenUsingExternalSourceThenRespondsToChanges() { MockServerWebExchange exchange = withBearerToken(this.jwt); - Map authenticationManagers = new HashMap<>(); JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( (issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer))); assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); - ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class); authenticationManagers.put("trusted", authenticationManager); assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager); - authenticationManagers.clear(); assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java index e0e34f1cc3..cb1dddb456 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java @@ -70,7 +70,6 @@ public class JwtReactiveAuthenticationManagerTests { @Test public void authenticateWhenWrongTypeThenEmpty() { TestingAuthenticationToken token = new TestingAuthenticationToken("foo", "bar"); - assertThat(this.manager.authenticate(token).block()).isNull(); } @@ -78,7 +77,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenEmptyJwtThenEmpty() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.empty()); - assertThat(this.manager.authenticate(token).block()).isNull(); } @@ -86,7 +84,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops"))); - assertThatCode(() -> this.manager.authenticate(token).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -96,7 +93,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars")); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class) .hasFieldOrPropertyWithValue("error.description", "Invalid token"); } @@ -106,7 +102,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set")); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class) .isNotInstanceOf(OAuth2AuthenticationException.class); } @@ -115,7 +110,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenNotJwtExceptionThenPropagates() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops"))); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class); } @@ -123,9 +117,7 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenJwtThenSuccess() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.just(this.jwt)); - Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isNotNull(); assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority) diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java index dc4cb4bf45..85ec86bdb5 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java @@ -54,11 +54,8 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(principal); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); - assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -71,7 +68,6 @@ public class OpaqueTokenAuthenticationProviderTests { .containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis") .containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe") .containsEntry("extension_field", "twenty-seven"); - assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin"); } @@ -83,13 +79,10 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(principal); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE); - assertThat(result.getAuthorities()).isEmpty(); } @@ -98,7 +91,6 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars")); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token"))) .isInstanceOf(AuthenticationServiceException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java index 2e1782bfd0..a0fb423835 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java @@ -55,11 +55,8 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(Mono.just(authority)); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); - assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -72,7 +69,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { .containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis") .containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe") .containsEntry("extension_field", "twenty-seven"); - assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin"); } @@ -84,13 +80,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(Mono.just(authority)); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE); - assertThat(result.getAuthorities()).isEmpty(); } @@ -100,7 +93,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { given(introspector.introspect(any())) .willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars"))); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block()) .isInstanceOf(AuthenticationServiceException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java index fdb39984ca..5a33768ea7 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java @@ -45,10 +45,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -56,22 +54,16 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } @Test public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -79,11 +71,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList()).build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } @@ -91,11 +80,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"), new SimpleGrantedAuthority("SCOPE_missive:write")); } @@ -104,11 +90,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "") .build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java index 0c7b24be76..7022bb254c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java @@ -44,10 +44,8 @@ public class ReactiveJwtAuthenticationConverterTests { @Test public void convertWhenDefaultGrantedAuthoritiesConverterSet() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -62,15 +60,11 @@ public class ReactiveJwtAuthenticationConverterTests { @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Flux .just(new SimpleGrantedAuthority("blah")); - this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java index bfda0ea627..dd151e6774 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java @@ -42,13 +42,10 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests { @Test public void convertWithGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Arrays .asList(new SimpleGrantedAuthority("blah")); - Collection authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter( grantedAuthoritiesConverter).convert(jwt).toStream().collect(Collectors.toList()); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java index 01d1dec49c..2ef4b005a6 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java @@ -44,7 +44,6 @@ public final class TestBearerTokenAuthentications { Collections.singletonMap("sub", "user"), authorities); OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER"))); - return new BearerTokenAuthentication(principal, token, authorities); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java index 1e3a601581..4e858e8c7d 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java @@ -102,11 +102,9 @@ public class NimbusOpaqueTokenIntrospectorTests { public void introspectWhenActiveTokenThenOk() throws Exception { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, CLIENT_SECRET); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -125,11 +123,9 @@ public class NimbusOpaqueTokenIntrospectorTests { public void introspectWhenBadClientCredentialsThenError() throws IOException { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong"); - assertThatCode(() -> introspectionClient.introspect("token")) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -141,7 +137,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class) .extracting("message").isEqualTo("Provided token isn't active"); } @@ -152,13 +147,11 @@ public class NimbusOpaqueTokenIntrospectorTests { introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true); introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")); introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L); - RestOperations restOperations = mock(RestOperations.class); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) .willReturn(response(new JSONObject(introspectedValues).toJSONString())); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")) @@ -174,7 +167,6 @@ public class NimbusOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) .willThrow(new IllegalStateException("server was unresponsive")); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class) .extracting("message").isEqualTo("server was unresponsive"); } @@ -185,7 +177,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed")); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -195,7 +186,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -205,7 +195,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -216,7 +205,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_SCOPE); - OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token"); assertThat(principal.getAuthorities()).isEmpty(); JSONArray scope = principal.getAttribute("scope"); @@ -250,10 +238,8 @@ public class NimbusOpaqueTokenIntrospectorTests { @Test public void setRequestEntityConverterWhenConverterIsNullThenExceptionIsThrown() { RestOperations restOperations = mock(RestOperations.class); - NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); - assertThatExceptionOfType(IllegalArgumentException.class) .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); } @@ -270,9 +256,7 @@ public class NimbusOpaqueTokenIntrospectorTests { NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); introspectionClient.setRequestEntityConverter(requestEntityConverter); - introspectionClient.introspect(tokenToIntrospect); - verify(requestEntityConverter).convert(tokenToIntrospect); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java index 51ffbbf947..8d452e608c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java @@ -80,11 +80,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { public void authenticateWhenActiveTokenThenOk() throws Exception { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, CLIENT_SECRET); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block(); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -103,11 +101,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { public void authenticateWhenBadClientCredentialsThenAuthenticationException() throws IOException { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, "wrong"); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -118,7 +114,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(INACTIVE_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(BadOpaqueTokenException.class).extracting("message") .isEqualTo("Provided token isn't active"); @@ -130,11 +125,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true); introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")); introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L); - WebClient webClient = mockResponse(new JSONObject(introspectedValues).toJSONString()); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block(); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")) @@ -148,7 +141,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive")); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class).extracting("message") .isEqualTo("server was unresponsive"); @@ -159,7 +151,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse("malformed"); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -169,7 +160,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(INVALID_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -179,7 +169,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(MALFORMED_ISSUER_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java index 0a49e6691a..705683350d 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java @@ -91,7 +91,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { private static final String JTI_VALUE = "jwt-id-1"; private static final Map CLAIMS; - static { CLAIMS = new HashMap<>(); CLAIMS.put(ACTIVE_CLAIM, ACTIVE_VALUE); @@ -111,7 +110,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES)) .isInstanceOf(IllegalArgumentException.class); - assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES)) .isInstanceOf(IllegalArgumentException.class); } @@ -121,7 +119,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { Collection authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null) .getAuthorities(); assertThat(authorities).isEmpty(); - authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, Collections.emptyList()).getAuthorities(); assertThat(authorities).isEmpty(); } @@ -137,7 +134,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAttributesAuthoritiesProvidedThenCreated() { OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES); - assertThat(principal.getName()).isEqualTo(CLAIMS.get(SUB_CLAIM)); assertThat(principal.getAttributes()).isEqualTo(CLAIMS); assertThat(principal.getClaims()).isEqualTo(CLAIMS); @@ -160,7 +156,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(SUBJECT, CLAIMS, AUTHORITIES); - assertThat(principal.getName()).isEqualTo(SUBJECT); assertThat(principal.getAttributes()).isEqualTo(CLAIMS); assertThat(principal.getClaims()).isEqualTo(CLAIMS); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java index 1dbe257e5e..9b7d1b474b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java @@ -47,53 +47,41 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenNoBearerTokenErrorThenStatus401AndAuthHeader() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer"); } @Test public void commenceWhenNoBearerTokenErrorAndRealmSetThenStatus401AndAuthHeaderWithRealm() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - this.authenticationEntryPoint.setRealmName("test"); this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\""); } @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\""); } @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "The access token expired", null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\""); @@ -101,14 +89,11 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, null, "https://example.com", null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\""); @@ -116,42 +101,33 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_token\""); } @Test public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\""); } @Test public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithErrorAndScope() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, null, null, "test.read test.write"); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"insufficient_scope\", scope=\"test.read test.write\""); @@ -160,15 +136,12 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInsufficientScopeAndRealmSetThenStatus403AndHeaderWithErrorAndAllDetails() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, "Insufficient scope", "https://example.com", "test.read test.write"); - this.authenticationEntryPoint.setRealmName("test"); this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo( "Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java index 1eff735717..8607a3b41f 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java @@ -87,16 +87,12 @@ public class BearerTokenAuthenticationFilterTests { @Test public void doFilterWhenBearerTokenPresentThenAuthenticates() throws ServletException, IOException { given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - ArgumentCaptor captor = ArgumentCaptor .forClass(BearerTokenAuthenticationToken.class); - verify(this.authenticationManager).authenticate(captor.capture()); - assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @@ -104,25 +100,18 @@ public class BearerTokenAuthenticationFilterTests { public void doFilterWhenUsingAuthenticationManagerResolverThenAuthenticates() throws Exception { BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManagerResolver)); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager); - filter.doFilter(this.request, this.response, this.filterChain); - ArgumentCaptor captor = ArgumentCaptor .forClass(BearerTokenAuthenticationToken.class); - verify(this.authenticationManager).authenticate(captor.capture()); - assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @Test public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate() throws ServletException, IOException { - given(this.bearerTokenResolver.resolve(this.request)).willReturn(null); - dontAuthenticate(); } @@ -130,13 +119,9 @@ public class BearerTokenAuthenticationFilterTests { public void doFilterWhenMalformedBearerTokenThenPropagatesError() throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willThrow(exception); - dontAuthenticate(); - verify(this.authenticationEntryPoint).commence(this.request, this.response, exception); } @@ -145,16 +130,12 @@ public class BearerTokenAuthenticationFilterTests { throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - verify(this.authenticationEntryPoint).commence(this.request, this.response, exception); } @@ -163,17 +144,13 @@ public class BearerTokenAuthenticationFilterTests { throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.setAuthenticationFailureHandler(this.authenticationFailureHandler); filter.doFilter(this.request, this.response, this.filterChain); - verify(this.authenticationFailureHandler).onAuthenticationFailure(this.request, this.response, exception); } @@ -213,11 +190,9 @@ public class BearerTokenAuthenticationFilterTests { } private void dontAuthenticate() throws ServletException, IOException { - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - verifyNoMoreInteractions(this.authenticationManager); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java index 568df3dd14..f1e0d6621f 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java @@ -49,7 +49,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -59,7 +58,6 @@ public class DefaultBearerTokenResolverTests { String token = TEST_TOKEN + "=="; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + token); - assertThat(this.resolver.resolve(request)).isEqualTo(token); } @@ -68,7 +66,6 @@ public class DefaultBearerTokenResolverTests { this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader(CUSTOM_HEADER, "Bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -76,14 +73,12 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("authorization", "bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(this.resolver.resolve(request)).isNull(); } @@ -91,7 +86,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes())); - assertThat(this.resolver.resolve(request)).isNull(); } @@ -99,7 +93,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer "); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -108,7 +101,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer an\"invalid\"token"); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -120,7 +112,6 @@ public class DefaultBearerTokenResolverTests { request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -131,7 +122,6 @@ public class DefaultBearerTokenResolverTests { request.addHeader("Authorization", "Bearer " + TEST_TOKEN); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -140,7 +130,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenRequestContainsTwoAccessTokenParametersThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter("access_token", "token1", "token2"); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -148,12 +137,10 @@ public class DefaultBearerTokenResolverTests { @Test public void resolveWhenFormParameterIsPresentAndSupportedThenTokenIsResolved() { this.resolver.setAllowFormEncodedBodyParameter(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -163,18 +150,15 @@ public class DefaultBearerTokenResolverTests { request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isNull(); } @Test public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() { this.resolver.setAllowUriQueryParameter(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -183,7 +167,6 @@ public class DefaultBearerTokenResolverTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java index 5be30212f0..69365fb879 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java @@ -52,14 +52,12 @@ public class HeaderBearerTokenResolverTests { public void resolveWhenTokenPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader(CORRECT_HEADER, TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenTokenNotPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(this.resolver.resolve(request)).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java index 6e8c63769d..cbfc5e942b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java @@ -48,31 +48,23 @@ public class BearerTokenAccessDeniedHandlerTests { @Test public void handleWhenNotOAuth2AuthenticatedThenStatus403() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); - this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer"); } @Test public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); - this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\""); } @@ -80,15 +72,11 @@ public class BearerTokenAccessDeniedHandlerTests { @Test public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap()); request.setUserPrincipal(token); - this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java index 272d7b9bbc..79980fb63c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java @@ -48,29 +48,23 @@ public class BearerTokenServerAccessDeniedHandlerTests { @Test public void handleWhenNotOAuth2AuthenticatedThenStatus403() { - Authentication token = new TestingAuthenticationToken("user", "pass"); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(Arrays.asList("Bearer")); } @Test public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() { - Authentication token = new TestingAuthenticationToken("user", "pass"); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")) .isEqualTo(Arrays.asList("Bearer realm=\"test\"")); @@ -78,14 +72,11 @@ public class BearerTokenServerAccessDeniedHandlerTests { @Test public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute() { - Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap()); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")) .isEqualTo(Arrays.asList("Bearer error=\"insufficient_scope\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java index 788598a31f..bafa9ed4c8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java @@ -61,19 +61,15 @@ public class ServerBearerExchangeFilterFunctionTests { @Test public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @Test public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -82,11 +78,9 @@ public class ServerBearerExchangeFilterFunctionTests { @Test public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() throws Exception { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass"); this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -94,10 +88,8 @@ public class ServerBearerExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing").build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java index 645173d860..54b4f164d8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java @@ -65,9 +65,7 @@ public class ServletBearerExchangeFilterFunctionTests { @Test public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -76,18 +74,14 @@ public class ServletBearerExchangeFilterFunctionTests { public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() { TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass"); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(context(token)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @Test public void filterWhenAuthenticatedThenAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -96,9 +90,7 @@ public class ServletBearerExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing").build(); - this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java index 9b93b9236e..b3d76dca21 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java @@ -44,7 +44,6 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenNotOAuth2AuthenticationExceptionThenBearer() { this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer"); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } @@ -52,9 +51,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenRealmNameThenHasRealmName() { this.entryPoint.setRealmName("Realm"); - this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) .isEqualTo("Bearer realm=\"Realm\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -64,9 +61,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { public void commenceWhenOAuth2AuthenticationExceptionThenContainsErrorInformation() { OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) .isEqualTo("Bearer error=\"invalid_request\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -76,9 +71,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { public void commenceWhenOAuth2ErrorCompleteThenContainsErrorInformation() { OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, "Oops", "https://example.com"); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo( "Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -89,9 +82,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { OAuth2Error oauthError = new BearerTokenError(OAuth2ErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "Oops", "https://example.com"); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo( "Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST); @@ -100,7 +91,6 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenNoSubscriberThenNothingHappens() { this.entryPoint.commence(this.exchange, new BadCredentialsException("")); - assertThat(getResponse().getHeaders()).isEmpty(); assertThat(getResponse().getStatusCode()).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java index 939c418daa..21e6bbd4dd 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java @@ -55,7 +55,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -65,7 +64,6 @@ public class ServerBearerTokenAuthenticationConverterTests { String token = TEST_TOKEN + "=="; MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer " + token); - assertThat(convertToToken(request).getToken()).isEqualTo(token); } @@ -74,7 +72,6 @@ public class ServerBearerTokenAuthenticationConverterTests { this.converter.setBearerTokenHeaderName(CUSTOM_HEADER); MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(CUSTOM_HEADER, "Bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -83,7 +80,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer "); - OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request), OAuth2AuthenticationException.class); BearerTokenError error = (BearerTokenError) expected.getError(); @@ -96,14 +92,12 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/"); - assertThat(convertToToken(request)).isNull(); } @@ -111,7 +105,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes())); - assertThat(convertToToken(request)).isNull(); } @@ -119,7 +112,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer "); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -128,7 +120,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token"); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -138,7 +129,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token"); - assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request))).doesNotThrowAnyException(); } @@ -146,7 +136,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/") .queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -154,10 +143,8 @@ public class ServerBearerTokenAuthenticationConverterTests { @Test public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() { this.converter.setAllowUriQueryParameter(true); - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -165,9 +152,7 @@ public class ServerBearerTokenAuthenticationConverterTests { @Test public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() { this.converter.setAllowUriQueryParameter(true); - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", ""); - OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request), OAuth2AuthenticationException.class); BearerTokenError error = (BearerTokenError) expected.getError(); @@ -180,7 +165,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", TEST_TOKEN); - assertThat(convertToToken(request)).isNull(); } diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java index 96bc08cfee..2b9887d8e7 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java @@ -62,22 +62,16 @@ public class OpenID4JavaConsumerTests { ConsumerManager mgr = mock(ConsumerManager.class); AuthRequest authReq = mock(AuthRequest.class); DiscoveryInformation di = mock(DiscoveryInformation.class); - given(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(authReq); given(mgr.associate(any())).willReturn(di); - OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory()); - MockHttpServletRequest request = new MockHttpServletRequest(); consumer.beginConsumption(request, "", "", ""); - assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST")) .isEqualTo(this.attributes); assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di); - // Check with empty attribute fetch list consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - request = new MockHttpServletRequest(); consumer.beginConsumption(request, "", "", ""); } @@ -94,7 +88,6 @@ public class OpenID4JavaConsumerTests { public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException() throws Exception { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - given(mgr.authenticate(ArgumentMatchers.any(), any(), any())) .willThrow(new MessageException("msg"), new ConsumerException("msg")); try { @@ -103,7 +96,6 @@ public class OpenID4JavaConsumerTests { } catch (OpenIDConsumerException expected) { } - try { consumer.beginConsumption(new MockHttpServletRequest(), "", "", ""); fail("OpenIDConsumerException was not thrown"); @@ -118,15 +110,10 @@ public class OpenID4JavaConsumerTests { OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); VerificationResult vr = mock(VerificationResult.class); DiscoveryInformation di = mock(DiscoveryInformation.class); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute(DiscoveryInformation.class.getName(), di); - OpenIDAuthenticationToken auth = consumer.endConsumption(request); - assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.FAILURE); } @@ -134,34 +121,28 @@ public class OpenID4JavaConsumerTests { public void verificationExceptionsRaiseOpenIDException() throws Exception { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))) .willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException("")); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("x=5"); - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - } @SuppressWarnings("serial") @@ -173,18 +154,13 @@ public class OpenID4JavaConsumerTests { DiscoveryInformation di = mock(DiscoveryInformation.class); Identifier id = (Identifier) () -> "id"; Message msg = mock(Message.class); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr); given(vr.getVerifiedId()).willReturn(id); given(vr.getAuthResponse()).willReturn(msg); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute(DiscoveryInformation.class.getName(), di); request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", this.attributes); - OpenIDAuthenticationToken auth = consumer.endConsumption(request); - assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.SUCCESS); } @@ -196,9 +172,7 @@ public class OpenID4JavaConsumerTests { given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true); given(msg.getExtension(AxMessage.OPENID_NS_AX)).willReturn(fr); given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y")); - List fetched = consumer.fetchAxAttributes(msg, this.attributes); - assertThat(fetched).hasSize(1); assertThat(fetched.get(0).getValues()).hasSize(2); } @@ -211,7 +185,6 @@ public class OpenID4JavaConsumerTests { given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true); given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException("")); given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y")); - consumer.fetchAxAttributes(msg, this.attributes); } diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java index d114122f43..546bb81a4e 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java @@ -75,10 +75,8 @@ public class OpenIDAuthenticationFilterTests { req.setRequestURI(REQUEST_PATH); req.setServerPort(8080); MockHttpServletResponse response = new MockHttpServletResponse(); - req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL); req.setRemoteHost("www.example.com"); - this.filter.setConsumer(new MockOpenIDConsumer() { @Override public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, @@ -89,7 +87,6 @@ public class OpenIDAuthenticationFilterTests { return REDIRECT_URL; } }); - FilterChain fc = mock(FilterChain.class); this.filter.doFilter(req, response, fc); assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL); @@ -108,7 +105,6 @@ public class OpenIDAuthenticationFilterTests { MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH); req.addParameter(paramName, paramValue); this.filter.setReturnToUrlParameters(Collections.singleton(paramName)); - URI returnTo = new URI(this.filter.buildReturnToUrl(req)); String query = returnTo.getRawQuery(); assertThat(count(query, '=')).isEqualTo(1); diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java index aac025770f..65ad76bf72 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java @@ -57,12 +57,9 @@ public class OpenIDAuthenticationProviderTests { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); provider.setAuthoritiesMapper(new NullAuthoritiesMapper()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -81,11 +78,8 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateError() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -105,11 +99,8 @@ public class OpenIDAuthenticationProviderTests { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setAuthenticationUserDetailsService( new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService())); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -128,12 +119,9 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateSetupNeeded() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -153,13 +141,9 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateSuccess() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - Authentication postAuth = provider.authenticate(preAuth); - assertThat(postAuth).isNotNull(); assertThat(postAuth instanceof OpenIDAuthenticationToken).isTrue(); assertThat(postAuth.isAuthenticated()).isTrue(); @@ -174,7 +158,6 @@ public class OpenIDAuthenticationProviderTests { @Test public void testDetectsMissingAuthoritiesPopulator() throws Exception { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown Exception"); @@ -193,7 +176,6 @@ public class OpenIDAuthenticationProviderTests { public void testDoesntSupport() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse(); } @@ -206,7 +188,6 @@ public class OpenIDAuthenticationProviderTests { public void testIgnoresUserPassAuthToken() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password"); assertThat(provider.authenticate(token)).isNull(); } @@ -220,7 +201,6 @@ public class OpenIDAuthenticationProviderTests { public void testSupports() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - assertThat(provider.supports(OpenIDAuthenticationToken.class)).isTrue(); } @@ -234,7 +214,6 @@ public class OpenIDAuthenticationProviderTests { catch (IllegalArgumentException ex) { // expected } - provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); provider.afterPropertiesSet(); diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java index 470429ec38..9dc14e37e9 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java @@ -55,9 +55,7 @@ public class JndiDnsResolverTests { @Test public void testResolveIpAddress() throws Exception { Attributes records = new BasicAttributes("A", "63.246.7.80"); - given(this.context.getAttributes("www.springsource.com", new String[] { "A" })).willReturn(records); - String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); } @@ -66,16 +64,13 @@ public class JndiDnsResolverTests { public void testResolveIpAddressNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) .willThrow(new NameNotFoundException("not found")); - this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo"); } @Test public void testResolveServiceEntry() throws Exception { BasicAttributes records = createSrvRecords(); - given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(records); - String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com"); assertThat(hostname).isEqualTo("kdc.springsource.com"); } @@ -84,7 +79,6 @@ public class JndiDnsResolverTests { public void testResolveServiceEntryNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) .willThrow(new NameNotFoundException("not found")); - this.dnsResolver.resolveServiceEntry("wrong", "secpod.de"); } @@ -94,7 +88,6 @@ public class JndiDnsResolverTests { BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80"); given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords); given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords); - String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); } diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java index e6b75ac958..4bc006bcd9 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java @@ -50,13 +50,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin", "open sesame"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties // See https://tools.ietf.org/html/rfc1945 section 11.1 for example // we are comparing against @@ -66,13 +64,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { @Test public void testNullContextHolderIsNull() throws Exception { SecurityContextHolder.getContext().setAuthentication(null); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties (shouldn't be an Authorization header) assertThat(conn.getRequestProperty("Authorization")).isNull(); } @@ -83,13 +79,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "principal", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); SecurityContextHolder.getContext().setAuthentication(anonymous); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties (shouldn't be an Authorization header) assertThat(conn.getRequestProperty("Authorization")).isNull(); } diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java index bfb1143fe6..b7512c245e 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java @@ -49,9 +49,7 @@ public class ContextPropagatingRemoteInvocationTests { Class clazz = TargetObject.class; Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class }); MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING"); - ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory(); - return (ContextPropagatingRemoteInvocation) factory.createRemoteInvocation(mi); } @@ -60,9 +58,7 @@ public class ContextPropagatingRemoteInvocationTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); - try { // Set up the wrong arguments. remoteInvocation.setArguments(new Object[] {}); @@ -72,7 +68,6 @@ public class ContextPropagatingRemoteInvocationTests { catch (IllegalArgumentException ex) { // expected } - assertThat(SecurityContextHolder.getContext().getAuthentication()) .withFailMessage("Authentication must be null").isNull(); } @@ -82,14 +77,11 @@ public class ContextPropagatingRemoteInvocationTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); - // Set to null, as ContextPropagatingRemoteInvocation already obtained // a copy and nulling is necessary to ensure the Context delivered by // ContextPropagatingRemoteInvocation is used on server-side SecurityContextHolder.clearContext(); - // The result from invoking the TargetObject should contain the // Authentication class delivered via the SecurityContextHolder assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo( @@ -99,11 +91,9 @@ public class ContextPropagatingRemoteInvocationTests { @Test public void testNullContextHolderDoesNotCauseInvocationProblems() throws Exception { SecurityContextHolder.clearContext(); // just to be explicit - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); SecurityContextHolder.clearContext(); // unnecessary, but for // explicitness - assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo("some_string Authentication empty"); } @@ -112,7 +102,6 @@ public class ContextPropagatingRemoteInvocationTests { public void testNullCredentials() throws Exception { Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", null); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); assertThat(ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull(); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java index 5c6c5f8d14..d6a5dbe45d 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java @@ -81,11 +81,8 @@ public class AnonymousPayloadInterceptorTests { @Test public void interceptWhenNoAuthenticationThenAnonymousAuthentication() { AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain(); - this.interceptor.intercept(this.exchange, chain).block(); - Authentication authentication = chain.getAuthentication(); - assertThat(authentication).isInstanceOf(AnonymousAuthenticationToken.class); } @@ -93,12 +90,9 @@ public class AnonymousPayloadInterceptorTests { public void interceptWhenAuthenticationThenOriginalAuthentication() { AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain(); TestingAuthenticationToken expected = new TestingAuthenticationToken("test", "password"); - this.interceptor.intercept(this.exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)).block(); - Authentication authentication = chain.getAuthentication(); - assertThat(authentication).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java index 061d590faf..684b3442be 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java @@ -85,12 +85,9 @@ public class AuthenticationPayloadInterceptorTests { PayloadExchange exchange = createExchange(); TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password"); given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication)); - AuthenticationPayloadInterceptorChain authenticationPayloadChain = new AuthenticationPayloadInterceptorChain(); interceptor.intercept(exchange, authenticationPayloadChain).block(); - Authentication authentication = authenticationPayloadChain.getAuthentication(); - verify(this.authenticationManager).authenticate(this.authenticationArg.capture()); assertThat(this.authenticationArg.getValue()) .isEqualToComparingFieldByField(new UsernamePasswordAuthenticationToken("user", "password")); @@ -100,21 +97,17 @@ public class AuthenticationPayloadInterceptorTests { @Test public void interceptWhenAuthenticationSuccessThenChainSubscribedOnce() { AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager); - PayloadExchange exchange = createExchange(); TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password"); given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication)); - PublisherProbe voidResult = PublisherProbe.empty(); PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class); given(chain.next(any())).willReturn(voidResult.mono()); - StepVerifier.create(interceptor.intercept(exchange, chain)) .then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete(); } private Payload createRequestPayload() { - UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); BasicAuthenticationEncoder encoder = new BasicAuthenticationEncoder(); DefaultDataBufferFactory factory = new DefaultDataBufferFactory(); @@ -122,12 +115,10 @@ public class AuthenticationPayloadInterceptorTests { MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE; Map hints = null; DataBuffer dataBuffer = encoder.encodeValue(credentials, factory, elementType, mimeType, hints); - ByteBufAllocator allocator = ByteBufAllocator.DEFAULT; CompositeByteBuf metadata = allocator.compositeBuffer(); CompositeMetadataCodec.encodeAndAddMetadata(metadata, allocator, mimeType.toString(), NettyDataBufferFactory.toByteBuf(dataBuffer)); - return DefaultPayload.create(allocator.buffer(), metadata); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java index edaac04759..a4bbd99bd9 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java @@ -60,10 +60,8 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenAuthenticationEmptyAndSubscribedThenException() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); - StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) .then(() -> this.chainResult.assertWasNotSubscribed()) .verifyError(AuthenticationCredentialsNotFoundException.class); @@ -73,9 +71,7 @@ public class AuthorizationPayloadInterceptorTests { public void interceptWhenAuthenticationNotSubscribedAndEmptyThenCompletes() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); given(this.authorizationManager.verify(any(), any())).willReturn(this.managerResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager); - StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) .then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); } @@ -83,14 +79,11 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenNotAuthorizedThenException() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthorityReactiveAuthorizationManager.hasRole("USER")); Context userContext = ReactiveSecurityContextHolder .withAuthentication(new TestingAuthenticationToken("user", "password")); - Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); - StepVerifier.create(intercept).then(() -> this.chainResult.assertWasNotSubscribed()) .verifyError(AccessDeniedException.class); } @@ -98,14 +91,11 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenAuthorizedThenContinues() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); Context userContext = ReactiveSecurityContextHolder .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); - StepVerifier.create(intercept).then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java index ba65b66254..395c528108 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java @@ -56,7 +56,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -67,7 +66,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -80,7 +78,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -93,7 +90,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz)) .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java index d41d5b2541..bae021271c 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java @@ -113,18 +113,14 @@ public class PayloadInterceptorRSocketTests { } // single interceptor - @Test public void fireAndForgetWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) .verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -133,14 +129,11 @@ public class PayloadInterceptorRSocketTests { public void fireAndForgetWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.fireAndForget(this.payload)) .then(() -> this.voidResult.assertWasNotSubscribed()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -150,7 +143,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.fireAndForget(any())).willReturn(Mono.empty()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono fireAndForget(Payload payload) { @@ -159,9 +151,7 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).fireAndForget(this.payload); @@ -171,14 +161,11 @@ public class PayloadInterceptorRSocketTests { public void requestResponseWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestResponse(this.payload)) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -188,12 +175,9 @@ public class PayloadInterceptorRSocketTests { public void requestResponseWhenInterceptorErrorsThenDelegateNotInvoked() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyZeroInteractions(this.delegate); @@ -204,7 +188,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono requestResponse(Payload payload) { @@ -213,11 +196,9 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestResponse(this.payload)) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -227,13 +208,10 @@ public class PayloadInterceptorRSocketTests { public void requestStreamWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -242,14 +220,11 @@ public class PayloadInterceptorRSocketTests { public void requestStreamWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)) .then(() -> this.payloadResult.assertNoSubscribers()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -259,7 +234,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Flux requestStream(Payload payload) { @@ -268,10 +242,8 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestStream(this.payload); @@ -281,14 +253,11 @@ public class PayloadInterceptorRSocketTests { public void requestChannelWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -298,14 +267,11 @@ public class PayloadInterceptorRSocketTests { public void requestChannelWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) .then(() -> this.payloadResult.assertNoSubscribers()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -316,7 +282,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Flux requestChannel(Publisher payload) { @@ -325,10 +290,8 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -338,13 +301,10 @@ public class PayloadInterceptorRSocketTests { public void metadataPushWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) .verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -353,13 +313,10 @@ public class PayloadInterceptorRSocketTests { public void metadataPushWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -369,7 +326,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono metadataPush(Payload payload) { @@ -378,9 +334,7 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).metadataPush(this.payload); @@ -388,18 +342,14 @@ public class PayloadInterceptorRSocketTests { } // multiple interceptors - @Test public void fireAndForgetWhenInterceptorsCompleteThenDelegateInvoked() { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); this.voidResult.assertWasSubscribed(); @@ -410,12 +360,9 @@ public class PayloadInterceptorRSocketTests { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.interceptor2).intercept(any(), any()); @@ -427,12 +374,9 @@ public class PayloadInterceptorRSocketTests { public void fireAndForgetWhenInterceptor1ErrorsThenInterceptor2AndDelegateNotInvoked() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyZeroInteractions(this.interceptor2); @@ -444,12 +388,9 @@ public class PayloadInterceptorRSocketTests { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.interceptor2).intercept(any(), any()); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java index a20686ba3e..1727033cee 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java @@ -76,9 +76,7 @@ public class PayloadSocketAcceptorInterceptorTests { @Test public void applyWhenDefaultMetadataMimeTypeThenDefaulted() { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -88,9 +86,7 @@ public class PayloadSocketAcceptorInterceptorTests { public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() { this.acceptorInterceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -98,9 +94,7 @@ public class PayloadSocketAcceptorInterceptorTests { @Test public void acceptWhenDefaultDataMimeTypeThenDefaulted() { this.acceptorInterceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -109,16 +103,11 @@ public class PayloadSocketAcceptorInterceptorTests { private PayloadExchange captureExchange() { given(this.socketAcceptor.accept(any(), any())).willReturn(Mono.just(this.rSocket)); given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); - SocketAcceptor wrappedAcceptor = this.acceptorInterceptor.apply(this.socketAcceptor); RSocket result = wrappedAcceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class); - given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty()); - result.fireAndForget(this.payload).block(); - ArgumentCaptor exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class); verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any()); return exchangeArg.getValue(); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java index 0f61bf4853..13a2e87b02 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java @@ -107,9 +107,7 @@ public class PayloadSocketAcceptorTests { @Test public void acceptWhenDefaultMetadataMimeTypeThenDefaulted() { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -119,9 +117,7 @@ public class PayloadSocketAcceptorTests { public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() { this.acceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -129,9 +125,7 @@ public class PayloadSocketAcceptorTests { @Test public void acceptWhenDefaultDataMimeTypeThenDefaulted() { this.acceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -141,9 +135,7 @@ public class PayloadSocketAcceptorTests { public void acceptWhenExplicitMimeTypeThenThenOverrideDefault() { given(this.setupPayload.metadataMimeType()).willReturn(MediaType.TEXT_PLAIN_VALUE); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.TEXT_PLAIN); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -164,24 +156,17 @@ public class PayloadSocketAcceptorTests { }; List interceptors = Arrays.asList(authenticateInterceptor); this.acceptor = new PayloadSocketAcceptor(captureSecurityContext, interceptors); - this.acceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(captureSecurityContext.getSecurityContext()).isEqualTo(expectedSecurityContext); } private PayloadExchange captureExchange() { given(this.delegate.accept(any(), any())).willReturn(Mono.just(this.rSocket)); given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); - RSocket result = this.acceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class); - given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty()); - result.fireAndForget(this.payload).block(); - ArgumentCaptor exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class); verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any()); return exchangeArg.getValue(); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java index 844747152d..df8aa2c1be 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java @@ -42,11 +42,9 @@ public class BasicAuthenticationDecoderTests { ResolvableType elementType = ResolvableType.forClass(UsernamePasswordMetadata.class); MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE; Map hints = null; - DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory, elementType, mimeType, hints); UsernamePasswordMetadata actualCredentials = decoder .decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints).block(); - assertThat(actualCredentials).isEqualToComparingFieldByField(expectedCredentials); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java index 9f77a72e41..55cd6b53b9 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java @@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials { } private static X509Certificate spCertificate() { - return certificate( "-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" + "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java index e4991ef64b..87c8c2a57d 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java @@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials { } private static X509Certificate spCertificate() { - return certificate( "-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" + "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java index 73d1bee9db..8cd0297599 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java @@ -73,14 +73,10 @@ public class DefaultSaml2AuthenticatedPrincipalTests { public void getAttributeWhenDistinctValuesThenReturnsValues() { final Boolean registered = true; final Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis()); - Map> attributes = new LinkedHashMap<>(); attributes.put("registration", Arrays.asList(registered, registeredDate)); - DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", attributes); - List registrationInfo = principal.getAttribute("registration"); - assertThat(registrationInfo).isNotNull(); assertThat((Boolean) registrationInfo.get(0)).isEqualTo(registered); assertThat((Instant) registrationInfo.get(1)).isEqualTo(registeredDate); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java index 02a3be00ad..a0095ca7a9 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java @@ -97,7 +97,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void supportsWhenSaml2AuthenticationTokenThenReturnTrue() { - assertThat(this.provider.supports(Saml2AuthenticationToken.class)) .withFailMessage( OpenSamlAuthenticationProvider.class + "should support " + Saml2AuthenticationToken.class) @@ -114,7 +113,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenUnknownDataClassThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA)); - Assertion assertion = (Assertion) XMLObjectProviderRegistrySupport.getBuilderFactory() .getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME); this.provider @@ -124,7 +122,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenXmlErrorThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA)); - Saml2AuthenticationToken token = token("invalid xml", TestSaml2X509Credentials.relyingPartyVerifyingCredential()); this.provider.authenticate(token); @@ -133,7 +130,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_DESTINATION)); - Response response = TestOpenSamlObjects.response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID); response.getAssertions().add(TestOpenSamlObjects.assertion()); TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), @@ -146,7 +142,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() { this.exception.expect( authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.")); - Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(), TestSaml2X509Credentials.assertingPartySigningCredential()); this.provider.authenticate(token); @@ -155,7 +150,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); - Response response = TestOpenSamlObjects.response(); response.getAssertions().add(TestOpenSamlObjects.assertion()); Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); @@ -165,7 +159,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_ASSERTION)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData() @@ -180,7 +173,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenMissingSubjectThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.setSubject(null); @@ -194,7 +186,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.getSubject().getNameID().setValue(null); @@ -230,7 +221,6 @@ public class OpenSamlAuthenticationProviderTests { Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); Authentication authentication = this.provider.authenticate(token); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal(); - Map expected = new LinkedHashMap<>(); expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com")); expected.put("name", Collections.singletonList("John Doe")); @@ -239,7 +229,6 @@ public class OpenSamlAuthenticationProviderTests { expected.put("registered", Collections.singletonList(true)); Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis()); expected.put("registeredDate", Collections.singletonList(registeredDate)); - assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe"); assertThat(principal.getAttributes()).isEqualTo(expected); } @@ -254,11 +243,9 @@ public class OpenSamlAuthenticationProviderTests { RELYING_PARTY_ENTITY_ID); response.getAssertions().add(assertion); Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); - Element attributeElement = element("value"); Marshaller marshaller = mock(Marshaller.class); given(marshaller.marshall(any(XMLObject.class))).willReturn(attributeElement); - try { XMLObjectProviderRegistrySupport.getMarshallerFactory() .registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller); @@ -274,7 +261,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -330,7 +316,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception { this.exception .expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -344,7 +329,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception { this.exception .expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -365,7 +349,6 @@ public class OpenSamlAuthenticationProviderTests { Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(), TestSaml2X509Credentials.relyingPartyDecryptingCredential()); Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token); - // the following code will throw an exception if authentication isn't serializable ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024); ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream); @@ -468,7 +451,6 @@ public class OpenSamlAuthenticationProviderTests { public void describeTo(Description desc) { String excepting = "Saml2AuthenticationException[code=" + code + "; description=" + description + "]"; desc.appendText(excepting); - } }; } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java index 1d17a31016..7884be64e3 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java @@ -103,7 +103,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { @Test public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() { - this.context = this.contextBuilder.relayState("Relay State Value") .relyingPartyRegistration( RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration) @@ -173,7 +172,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> { }); this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver); - this.factory.createPostAuthenticationRequest(this.context); verify(authnRequestConsumerResolver).apply(this.context); } @@ -185,7 +183,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> { }); this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver); - this.factory.createRedirectAuthenticationRequest(this.context); verify(authnRequestConsumerResolver).apply(this.context); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java index ac309a7547..4fbd188559 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java @@ -85,7 +85,6 @@ final class TestOpenSamlObjects { static { OpenSamlInitializationService.initialize(); } - private static String USERNAME = "test@saml.user"; private static String DESTINATION = "https://localhost/login/saml2/sso/idp-alias"; @@ -128,7 +127,6 @@ final class TestOpenSamlObjects { assertion.setIssuer(issuer(issuerEntityId)); assertion.setSubject(subject(username)); assertion.setConditions(conditions()); - SubjectConfirmation subjectConfirmation = subjectConfirmation(); subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId); @@ -146,11 +144,9 @@ final class TestOpenSamlObjects { static Subject subject(String principalName) { Subject subject = build(Subject.DEFAULT_ELEMENT_NAME); - if (principalName != null) { subject.setNameID(nameId(principalName)); } - return subject; } @@ -216,7 +212,6 @@ final class TestOpenSamlObjects { catch (MarshallingException | SignatureException | SecurityException ex) { throw new Saml2Exception(ex); } - return signable; } @@ -234,7 +229,6 @@ final class TestOpenSamlObjects { catch (MarshallingException | SignatureException | SecurityException ex) { throw new Saml2Exception(ex); } - return signable; } @@ -287,32 +281,25 @@ final class TestOpenSamlObjects { private static Encrypter getEncrypter(X509Certificate certificate) { String dataAlgorithm = XMLCipherParameters.AES_256; String keyAlgorithm = XMLCipherParameters.RSA_1_5; - BasicCredential dataCredential = new BasicCredential(SECRET_KEY); DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters(); dataEncryptionParameters.setEncryptionCredential(dataCredential); dataEncryptionParameters.setAlgorithm(dataAlgorithm); - Credential credential = CredentialSupport.getSimpleCredential(certificate, null); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setEncryptionCredential(credential); keyEncryptionParameters.setAlgorithm(keyAlgorithm); - Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters); Encrypter.KeyPlacement keyPlacement = Encrypter.KeyPlacement.valueOf("PEER"); encrypter.setKeyPlacement(keyPlacement); - return encrypter; } static List attributeStatements() { List attributeStatements = new ArrayList<>(); - AttributeStatementBuilder attributeStatementBuilder = new AttributeStatementBuilder(); AttributeBuilder attributeBuilder = new AttributeBuilder(); - AttributeStatement attrStmt1 = attributeStatementBuilder.buildObject(); - Attribute emailAttr = attributeBuilder.buildObject(); emailAttr.setName("email"); XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME); @@ -322,32 +309,26 @@ final class TestOpenSamlObjects { email2.setTextContent("doe.john@example.com"); emailAttr.getAttributeValues().add(email2); attrStmt1.getAttributes().add(emailAttr); - Attribute nameAttr = attributeBuilder.buildObject(); nameAttr.setName("name"); XSString name = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); name.setValue("John Doe"); nameAttr.getAttributeValues().add(name); attrStmt1.getAttributes().add(nameAttr); - Attribute ageAttr = attributeBuilder.buildObject(); ageAttr.setName("age"); XSInteger age = new XSIntegerBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); age.setValue(21); ageAttr.getAttributeValues().add(age); attrStmt1.getAttributes().add(ageAttr); - attributeStatements.add(attrStmt1); - AttributeStatement attrStmt2 = attributeStatementBuilder.buildObject(); - Attribute websiteAttr = attributeBuilder.buildObject(); websiteAttr.setName("website"); XSURI uri = new XSURIBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSURI.TYPE_NAME); uri.setValue("https://johndoe.com/"); websiteAttr.getAttributeValues().add(uri); attrStmt2.getAttributes().add(websiteAttr); - Attribute registeredAttr = attributeBuilder.buildObject(); registeredAttr.setName("registered"); XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, @@ -355,7 +336,6 @@ final class TestOpenSamlObjects { registered.setValue(new XSBooleanValue(true, false)); registeredAttr.getAttributeValues().add(registered); attrStmt2.getAttributes().add(registeredAttr); - Attribute registeredDateAttr = attributeBuilder.buildObject(); registeredDateAttr.setName("registeredDate"); XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, @@ -363,9 +343,7 @@ final class TestOpenSamlObjects { registeredDate.setValue(DateTime.parse("1970-01-01T00:00:00Z")); registeredDateAttr.getAttributeValues().add(registeredDate); attrStmt2.getAttributes().add(registeredDateAttr); - attributeStatements.add(attrStmt2); - return attributeStatements; } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java index 3d7344705d..2613e452b3 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java @@ -32,15 +32,10 @@ public class OpenSamlMetadataResolverTests { @Test public void resolveWhenRelyingPartyThenMetadataMatches() { - // given RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full() .assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build(); OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver(); - - // when String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration); - - // then assertThat(metadata).contains("") .contains("") @@ -51,17 +46,12 @@ public class OpenSamlMetadataResolverTests { @Test public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() { - // given RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() .assertingPartyDetails((party) -> party.verificationX509Credentials( (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .build(); OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver(); - - // when String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration); - - // then assertThat(metadata).contains("") .doesNotContain("") diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java index 2c6fd22f4d..8f6c444913 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java @@ -80,7 +80,6 @@ public class RelyingPartyRegistrationTests { .assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id") .singleSignOnServiceLocation("location")) .credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build(); - assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java index 4a1b693f49..a0e6aa8a0c 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java @@ -30,16 +30,13 @@ public final class TestRelyingPartyRegistrations { public static RelyingPartyRegistration.Builder relyingPartyRegistration() { String registrationId = "simplesamlphp"; - String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential(); String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; - String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php"; Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential(); String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php"; - return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId) .assertionConsumerServiceLocation(assertionConsumerServiceLocation) .credentials((c) -> c.add(signingCredential)) diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java index c88a00b68b..6ebb014b51 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java @@ -82,12 +82,9 @@ public class Saml2WebSsoAuthenticationFilterTests { @Test public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() { given(this.repository.findByRegistrationId("non-existent-id")).willReturn(null); - this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}"); - this.request.setPathInfo("/some/other/path/non-existent-id"); this.request.setParameter("SAMLResponse", "response"); - try { this.filter.attemptAuthentication(this.request, this.response); failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java index fa3c2774de..a5eac420d2 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java @@ -72,9 +72,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); this.request.setPathInfo("/saml2/authenticate/registration-id"); - this.filterChain = new MockFilterChain(); - this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id") .providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL)) .assertionConsumerServiceUrlTemplate("template") @@ -155,7 +153,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(authenticationRequest.getSamlRequest()).willReturn("saml"); given(this.repository.findByRegistrationId("registration-id")).willReturn(relyingParty); given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest); - Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository); filter.setAuthenticationRequestFactory(this.factory); filter.doFilterInternal(this.request, this.response, this.filterChain); @@ -176,7 +173,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(this.resolver.resolve(this.request)).willReturn(TestSaml2AuthenticationRequestContexts .authenticationRequestContext().relyingPartyRegistration(relyingParty).build()); given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest); - Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver, this.factory); filter.doFilterInternal(this.request, this.response, this.filterChain); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java index dbd7eecadc..f39b50ff4e 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java @@ -68,7 +68,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenRequestAndRelyingPartyNotNullThenCreateSaml2AuthenticationRequestContext() { this.request.addParameter("RelayState", "relay-state"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context).isNotNull(); assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo(RELYING_PARTY_SSO_URL); assertThat(context.getRelayState()).isEqualTo("relay-state"); @@ -82,7 +81,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenAssertionConsumerServiceUrlTemplateContainsRegistrationIdThenResolves() { this.relyingPartyBuilder.assertionConsumerServiceLocation("/saml2/authenticate/{registrationId}"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo("/saml2/authenticate/registration-id"); } @@ -90,7 +88,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenAssertionConsumerServiceUrlTemplateContainsBaseUrlThenResolves() { this.relyingPartyBuilder.assertionConsumerServiceLocation("{baseUrl}/saml2/authenticate/{registrationId}"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context.getAssertionConsumerServiceUrl()) .isEqualTo("http://localhost/saml2/authenticate/registration-id"); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java index 3cb5214a36..602e3dba48 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java @@ -67,61 +67,39 @@ public class Saml2MetadataFilterTests { @Test public void doFilterWhenMatcherSucceedsThenResolverInvoked() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/registration-id"); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); verify(this.repository).findByRegistrationId("registration-id"); } @Test public void doFilterWhenMatcherFailsThenProcessesFilterChain() throws Exception { - // given this.request.setPathInfo("/saml2/authenticate/registration-id"); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verify(this.chain).doFilter(this.request, this.response); } @Test public void doFilterWhenNoRelyingPartyRegistrationThenUnauthorized() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/invalidRegistration"); given(this.repository.findByRegistrationId("invalidRegistration")).willReturn(null); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); assertThat(this.response.getStatus()).isEqualTo(401); } @Test public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration"); RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials() .assertingPartyDetails((party) -> party.verificationX509Credentials( (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .build(); - String generatedMetadata = "test"; given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata); - this.filter = new Saml2MetadataFilter((request) -> validRegistration, this.resolver); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); assertThat(this.response.getStatus()).isEqualTo(200); assertThat(this.response.getContentAsString()).isEqualTo(generatedMetadata); @@ -130,14 +108,9 @@ public class Saml2MetadataFilterTests { @Test public void doFilterWhenCustomRequestMatcherThenUses() throws Exception { - // given this.request.setPathInfo("/path"); this.filter.setRequestMatcher(new AntPathRequestMatcher("/path")); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); verify(this.repository).findByRegistrationId("path"); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java index 038907f71f..37fad7c6c3 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java @@ -32,17 +32,12 @@ public class TldTests { @Test public void testTldVersionIsCorrect() throws Exception { String SPRING_SECURITY_VERSION = "springSecurityVersion"; - String version = System.getProperty(SPRING_SECURITY_VERSION); - File securityTld = new File("src/main/resources/META-INF/security.tld"); - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.parse(securityTld); - String tlibVersion = document.getElementsByTagName("tlib-version").item(0).getTextContent(); - assertThat(version).startsWith(tlibVersion); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java index 8e6750d31e..d203c3b017 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java @@ -78,9 +78,7 @@ public class AbstractAuthorizeTagTests { WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class); this.tag.setUrl(uri); this.request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected); - this.tag.authorizeUsingUrlCheck(); - verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any()); } @@ -93,9 +91,7 @@ public class AbstractAuthorizeTagTests { given(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)) .willReturn(Collections.singletonMap("wipe", expected)); this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - this.tag.authorizeUsingUrlCheck(); - verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any()); } @@ -109,7 +105,6 @@ public class AbstractAuthorizeTagTests { given(wac.getBeansOfType(SecurityExpressionHandler.class)) .willReturn(Collections.singletonMap("wipe", expected)); this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - assertThat(this.tag.authorize()).isTrue(); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java index cc52e670d1..84d562ddb9 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java @@ -64,13 +64,10 @@ public class AccessControlListTagTests { SecurityContextHolder.getContext().setAuthentication(this.bob); this.tag = new AccessControlListTag(); WebApplicationContext ctx = mock(WebApplicationContext.class); - this.pe = mock(PermissionEvaluator.class); - Map beanMap = new HashMap(); beanMap.put("pe", this.pe); given(ctx.getBeansOfType(PermissionEvaluator.class)).willReturn(beanMap); - MockServletContext servletCtx = new MockServletContext(); servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx); this.pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse()); @@ -86,13 +83,11 @@ public class AccessControlListTagTests { public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); } @@ -104,16 +99,13 @@ public class AccessControlListTagTests { .getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); } @@ -124,13 +116,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ,WRITE"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ,WRITE"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, "READ"); @@ -144,13 +134,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, 2)).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("1,2"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("1,2"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, 1); @@ -163,13 +151,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("1,WRITE"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("1,WRITE"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, 1); @@ -181,11 +167,9 @@ public class AccessControlListTagTests { public void bodyIsSkippedIfAclDeniesAccess() throws Exception { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(false); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isFalse(); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java index 779d9e340e..555052ff36 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java @@ -52,7 +52,6 @@ public class AuthenticationTagTests { @Test public void testOperationWhenPrincipalIsAUserDetailsInstance() throws JspException { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.authenticationTag.setProperty("name"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -63,7 +62,6 @@ public class AuthenticationTagTests { public void testOperationWhenPrincipalIsAString() throws JspException { SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES)); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -73,7 +71,6 @@ public class AuthenticationTagTests { @Test public void testNestedPropertyIsReadCorrectly() throws JspException { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.authenticationTag.setProperty("principal.username"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -84,7 +81,6 @@ public class AuthenticationTagTests { public void testOperationWhenPrincipalIsNull() throws JspException { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES)); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -93,7 +89,6 @@ public class AuthenticationTagTests { @Test public void testOperationWhenSecurityContextIsNull() throws Exception { SecurityContextHolder.getContext().setAuthentication(null); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -111,7 +106,6 @@ public class AuthenticationTagTests { public void testThrowsExceptionForUnrecognisedProperty() { SecurityContextHolder.getContext().setAuthentication(this.auth); this.authenticationTag.setProperty("qsq"); - try { this.authenticationTag.doStartTag(); this.authenticationTag.doEndTag(); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java index 7f7f54ee36..5111ff448b 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java @@ -66,11 +66,9 @@ public class AuthorizeTagTests { public void setUp() { SecurityContextHolder.getContext().setAuthentication(this.currentUser); StaticWebApplicationContext ctx = new StaticWebApplicationContext(); - BeanDefinitionBuilder webExpressionHandler = BeanDefinitionBuilder .rootBeanDefinition(DefaultWebSecurityExpressionHandler.class); webExpressionHandler.addPropertyValue("permissionEvaluator", this.permissionEvaluator); - ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition()); ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class); MockServletContext servletCtx = new MockServletContext(); @@ -85,14 +83,12 @@ public class AuthorizeTagTests { } // access attribute tests - @Test public void taglibsDocumentationHasPermissionOr() throws Exception { Object domain = new Object(); this.request.setAttribute("domain", domain); this.authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')"); given(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).willReturn(true); - assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java index ecc26b9987..51727e71dd 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java @@ -56,11 +56,8 @@ public class AbstractCsrfTagTests { @Test public void noCsrfDoesNotRender() throws JspException, UnsupportedEncodingException { - this.tag.handleReturn = "shouldNotBeRendered"; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo(""); @@ -68,14 +65,10 @@ public class AbstractCsrfTagTests { @Test public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException { - CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); - this.tag.handleReturn = "fooBarBazQux"; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo("fooBarBazQux"); @@ -84,14 +77,10 @@ public class AbstractCsrfTagTests { @Test public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException { - CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); - this.tag.handleReturn = ""; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo(""); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java index ff28f7631a..aa9b84251a 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java @@ -39,9 +39,7 @@ public class CsrfInputTagTests { @Test public void handleTokenReturnsHiddenInput() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo(""); @@ -50,9 +48,7 @@ public class CsrfInputTagTests { @Test public void handleTokenReturnsHiddenInputDifferentTokenValue() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo(""); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java index bc19a1dc98..6e07a33e72 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java @@ -39,9 +39,7 @@ public class CsrfMetaTagsTagTests { @Test public void handleTokenRendersTags() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo("" @@ -52,9 +50,7 @@ public class CsrfMetaTagsTagTests { @Test public void handleTokenRendersTagsDifferentToken() { CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo("" diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java index 580ae98979..28362616aa 100644 --- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java +++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java @@ -45,9 +45,7 @@ public class TestSecurityContextHolderTests { public void clearContextClearsBoth() { SecurityContextHolder.setContext(this.context); TestSecurityContextHolder.setContext(this.context); - TestSecurityContextHolder.clearContext(); - assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.context); assertThat(TestSecurityContextHolder.getContext()).isNotSameAs(this.context); } @@ -61,7 +59,6 @@ public class TestSecurityContextHolderTests { @Test public void setContextSetsBoth() { TestSecurityContextHolder.setContext(this.context); - assertThat(TestSecurityContextHolder.getContext()).isSameAs(this.context); assertThat(SecurityContextHolder.getContext()).isSameAs(this.context); } @@ -69,9 +66,7 @@ public class TestSecurityContextHolderTests { @Test public void setContextWithAuthentication() { Authentication authentication = mock(Authentication.class); - TestSecurityContextHolder.setAuthentication(authentication); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication); } diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java index ee400999be..5bd5b512b8 100644 --- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java @@ -46,7 +46,6 @@ public class SecurityTestExecutionListenerTests { public void reactorContextTestSecurityContextHolderExecutionListenerTestIsRegistered() { Mono name = ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) .map(Principal::getName); - StepVerifier.create(name).expectNext("user").verifyComplete(); } diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java index b3c8737b4c..d174584cb1 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java @@ -30,7 +30,6 @@ public class WithMockCustomUserSecurityContextFactory implements WithSecurityCon @Override public SecurityContext createSecurityContext(WithMockCustomUser customUser) { SecurityContext context = SecurityContextHolder.createEmptyContext(); - CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username()); Authentication auth = new UsernamePasswordAuthenticationToken(principal, "password", principal.getAuthorities()); diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java index f4655f8718..b14a95a33f 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java @@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat; /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = WithMockUserTests.Config.class) public class WithMockUserTests { diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java index d279434416..cfd2a040c7 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java @@ -40,7 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat; /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = WithUserDetailsTests.Config.class) public class WithUserDetailsTests { diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java index cb5f960882..b9e88381ad 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java @@ -20,7 +20,6 @@ package org.springframework.security.test.context.support; * @author Rob Winch * @since 5.0 */ - import java.util.concurrent.ForkJoinPool; import org.junit.After; @@ -60,20 +59,15 @@ public class ReactorContextTestExecutionListenerTests { @Test public void beforeTestMethodWhenSecurityContextEmptyThenReactorContextNull() throws Exception { this.listener.beforeTestMethod(this.testContext); - Mono result = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(result).verifyComplete(); } @Test public void beforeTestMethodWhenNullAuthenticationThenReactorContextNull() throws Exception { TestSecurityContextHolder.setContext(new SecurityContextImpl()); - this.listener.beforeTestMethod(this.testContext); - Mono result = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(result).verifyComplete(); } @@ -82,9 +76,7 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(expectedAuthentication); - this.listener.beforeTestMethod(this.testContext); - assertAuthentication(expectedAuthentication); } @@ -94,9 +86,7 @@ public class ReactorContextTestExecutionListenerTests { "ROLE_USER"); SecurityContext context = new CustomContext(expectedAuthentication); TestSecurityContextHolder.setContext(context); - this.listener.beforeTestMethod(this.testContext); - assertSecurityContext(context); } @@ -108,13 +98,10 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - Mono authentication = Mono.just("any") .flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication)); - StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete(); } @@ -125,39 +112,31 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - Mono authentication = Mono.just("any") .flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)) .subscriberContext(ReactiveSecurityContextHolder.clearContext()); - StepVerifier.create(authentication).verifyComplete(); } @Test public void afterTestMethodWhenSecurityContextEmptyThenNoError() throws Exception { this.listener.beforeTestMethod(this.testContext); - this.listener.afterTestMethod(this.testContext); } @Test public void afterTestMethodWhenSetupThenReactorContextNull() throws Exception { beforeTestMethodWhenAuthenticationThenReactorContextHasAuthentication(); - this.listener.afterTestMethod(this.testContext); - assertThat(Mono.subscriberContext().block().isEmpty()).isTrue(); } @Test public void afterTestMethodWhenDifferentHookIsRegistered() throws Exception { Object obj = new Object(); - Hooks.onLastOperator("CUSTOM_HOOK", (p) -> Mono.just(obj)); this.listener.afterTestMethod(this.testContext); - Object result = Mono.subscriberContext().block(); assertThat(result).isEqualTo(obj); } @@ -176,22 +155,18 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - ForkJoinPool.commonPool().submit(() -> assertAuthentication(contextHolder)).join(); } public void assertAuthentication(Authentication expected) { Mono authentication = ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication); - StepVerifier.create(authentication).expectNext(expected).verifyComplete(); } private void assertSecurityContext(SecurityContext expected) { Mono securityContext = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(securityContext).expectNext(expected).verifyComplete(); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java index 451d0be461..94780c93db 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java @@ -32,7 +32,6 @@ public class WithAnonymousUserTests { public void defaults() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -40,7 +39,6 @@ public class WithAnonymousUserTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -48,7 +46,6 @@ public class WithAnonymousUserTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java index d1750ba6ca..56b90ca9fe 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java @@ -49,7 +49,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName()) .isEqualTo(this.withUser.value()); } @@ -60,7 +59,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName()) .isEqualTo(this.withUser.username()); } @@ -71,7 +69,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER", "CUSTOM" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities()) .extracting("authority").containsOnly("ROLE_USER", "ROLE_CUSTOM"); } @@ -82,7 +79,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" }); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities()) .extracting("authority").containsOnly("USER", "CUSTOM"); } @@ -92,7 +88,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.value()).willReturn("valueUser"); given(this.withUser.roles()).willReturn(new String[] { "CUSTOM" }); given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" }); - this.factory.createSecurityContext(this.withUser); } @@ -101,7 +96,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.value()).willReturn("valueUser"); given(this.withUser.roles()).willReturn(new String[] { "ROLE_FAIL" }); given(this.withUser.authorities()).willReturn(new String[] {}); - this.factory.createSecurityContext(this.withUser); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java index b64c85ef7a..763cfdf9b2 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java @@ -32,10 +32,8 @@ public class WithMockUserTests { assertThat(mockUser.password()).isEqualTo("password"); assertThat(mockUser.roles()).containsOnly("USER"); assertThat(mockUser.setupBefore()).isEqualByComparingTo(TestExecutionEvent.TEST_METHOD); - WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -43,7 +41,6 @@ public class WithMockUserTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -51,7 +48,6 @@ public class WithMockUserTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java index 975b8b1ba2..e4849015f3 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java @@ -79,7 +79,6 @@ public class WithSecurityContextTestExcecutionListenerTests { Class testClass = FakeTest.class; given(this.testContext.getTestClass()).willReturn(testClass); given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation")); - this.listener.beforeTestMethod(this.testContext); } @@ -89,9 +88,7 @@ public class WithSecurityContextTestExcecutionListenerTests { Class testClass = FakeTest.class; given(this.testContext.getApplicationContext()).willThrow(new IllegalStateException()); given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser")); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user"); } @@ -100,11 +97,8 @@ public class WithSecurityContextTestExcecutionListenerTests { public void withSecurityContextAfterSqlScripts() { SqlScriptsTestExecutionListener sql = new SqlScriptsTestExecutionListener(); WithSecurityContextTestExecutionListener security = new WithSecurityContextTestExecutionListener(); - List listeners = Arrays.asList(security, sql); - AnnotationAwareOrderComparator.sort(listeners); - assertThat(listeners).containsExactly(sql, security); } @@ -113,13 +107,10 @@ public class WithSecurityContextTestExcecutionListenerTests { public void orderOverridden() { AbstractTestExecutionListener otherListener = new AbstractTestExecutionListener() { }; - List listeners = new ArrayList<>(); listeners.add(otherListener); listeners.add(this.listener); - AnnotationAwareOrderComparator.sort(listeners); - assertThat(listeners).containsSequence(this.listener, otherListener); } @@ -131,9 +122,7 @@ public class WithSecurityContextTestExcecutionListenerTests { TestContext testContext = mock(TestContext.class); given(testContext.getTestMethod()).willReturn(method); given(testContext.getApplicationContext()).willThrow(new IllegalStateException("")); - this.listener.beforeTestMethod(testContext); - assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal()) .isInstanceOf(WithSuperClassWithSecurityContext.class); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java index 10bc6fd566..64186a5b96 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java @@ -80,9 +80,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserDefault"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull(); verify(this.testContext, never()).setAttribute( eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class)); @@ -93,9 +91,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestMethod"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull(); verify(this.testContext, never()).setAttribute( eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class)); @@ -106,9 +102,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestExecution"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull(); verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), ArgumentMatchers.>any()); @@ -120,9 +114,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestExecution"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - ArgumentCaptor> supplierCaptor = ArgumentCaptor.forClass(Supplier.class); verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), supplierCaptor.capture()); @@ -136,7 +128,6 @@ public class WithSecurityContextTestExecutionListenerTests { given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); // do not set a UserDetailsService Bean so it would fail if looked up given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); // bean lookup of UserDetailsService would fail if it has already been looked up } @@ -144,7 +135,6 @@ public class WithSecurityContextTestExecutionListenerTests { @Test public void beforeTestExecutionWhenTestContextNullThenSecurityContextNotSet() { this.listener.beforeTestExecution(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -155,9 +145,7 @@ public class WithSecurityContextTestExecutionListenerTests { Supplier supplier = () -> securityContext; given(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME)) .willReturn(supplier); - this.listener.beforeTestExecution(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()) .isEqualTo(securityContext.getAuthentication()); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java index 56a4812de6..5a2d710699 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java @@ -68,7 +68,6 @@ public class WithUserDetailsSecurityContextFactoryTests { @Test(expected = IllegalArgumentException.class) public void createSecurityContextEmptyValue() { - given(this.withUserDetails.value()).willReturn(""); this.factory.createSecurityContext(this.withUserDetails); } @@ -80,7 +79,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.beans.getBean(UserDetailsService.class)).willReturn(this.userDetailsService); given(this.withUserDetails.value()).willReturn(username); given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -98,7 +96,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.withUserDetails.userDetailsServiceBeanName()).willReturn(beanName); given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails); given(this.beans.getBean(beanName, UserDetailsService.class)).willReturn(this.userDetailsService); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -111,7 +108,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.withUserDetails.value()).willReturn(username); given(this.beans.getBean(ReactiveUserDetailsService.class)).willReturn(this.reactiveUserDetailsService); given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails)); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -127,7 +123,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.beans.getBean(beanName, ReactiveUserDetailsService.class)) .willReturn(this.reactiveUserDetailsService); given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails)); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java index abc94bff08..b2d041d980 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java @@ -29,10 +29,8 @@ public class WithUserDetailsTests { public void defaults() { WithUserDetails userDetails = AnnotationUtils.findAnnotation(Annotated.class, WithUserDetails.class); assertThat(userDetails.value()).isEqualTo("user"); - WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -40,7 +38,6 @@ public class WithUserDetailsTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -48,7 +45,6 @@ public class WithUserDetailsTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java index e984952640..5389b138f2 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java @@ -43,11 +43,9 @@ abstract class AbstractMockServerConfigurersTests { protected void assertPrincipalCreatedFromUserDetails(Principal principal, UserDetails originalUserDetails) { assertThat(principal).isInstanceOf(UsernamePasswordAuthenticationToken.class); - UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken) principal; assertThat(authentication.getCredentials()).isEqualTo(originalUserDetails.getPassword()); assertThat(authentication.getAuthorities()).containsOnlyElementsOf(originalUserDetails.getAuthorities()); - UserDetails userDetails = (UserDetails) authentication.getPrincipal(); assertThat(userDetails.getPassword()).isEqualTo(authentication.getCredentials()); assertThat(authentication.getAuthorities()).containsOnlyElementsOf(userDetails.getAuthorities()); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java index 022a7a7ba0..4ddd34771d 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java @@ -59,7 +59,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe @Test public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()).get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -74,7 +73,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe .mutateWith( SecurityMockServerConfigurers.mockOpaqueToken().authorities(this.authority1, this.authority2)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1, this.authority2); @@ -87,7 +85,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken() .attributes((attributes) -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -99,7 +96,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(); this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -110,24 +106,20 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() { OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals .active((a) -> a.put("scope", "user")); - this.client .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken() .attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()) .getAttribute(OAuth2IntrospectionClaimNames.SUBJECT)) .isEqualTo(principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT)); - this.client .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal) .attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar"))) .get().exchange().expectStatus().isOk(); - context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); token = (BearerTokenAuthentication) context.getAuthentication(); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java index f5e4425ec6..97735c1ab9 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java @@ -49,7 +49,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer @WithMockUser public void withMockUserWhenOnMethodThenSuccess() { this.client.get().exchange().expectStatus().isOk(); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -64,9 +63,7 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer .apply(SecurityMockServerConfigurers.springSecurity()) .apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient() .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build(); - this.client.get().exchange().expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -77,7 +74,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer "ROLE_USER"); this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange() .expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -88,11 +84,8 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer "ROLE_USER"); this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange() .expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); - this.client.get().exchange().expectStatus().isOk(); - assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build()); } @@ -101,7 +94,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer public void withMockUserWhenOnMethodAndRequestIsExecutedOnDifferentThreadThenSuccess() { Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -110,16 +102,12 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer public void withMockUserAndWithCallOnSeparateThreadWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER"); - ForkJoinPool.commonPool() .submit(() -> this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)) .get().exchange().expectStatus().isOk()) .join(); - this.controller.assertPrincipalIsEqualTo(authentication); - ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join(); - assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build()); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java index 433f8b3483..a96f00493a 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java @@ -51,7 +51,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo public void wheMockUserWhenClassAnnotatedThenSuccess() { this.client.get().exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((response) -> assertThat(response.getResponseBody()).contains("\"username\":\"user\"")); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -61,7 +60,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() { this.client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith( (response) -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\"")); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -72,7 +70,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo .expectStatus().isOk().expectBody(String.class) .consumeWith((response) -> assertThat(response.getResponseBody()) .contains("\"username\":\"mutateWith-mockUser\"")); - Principal principal = this.controller.removePrincipal(); assertPrincipalCreatedFromUserDetails(principal, this.userBuilder.username("mutateWith-mockUser").build()); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java index f11b965214..7a0aa28c8b 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java @@ -63,7 +63,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon @Test public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()).get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication(); @@ -78,7 +77,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon String name = new String("user"); this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.subject(name))).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication(); @@ -90,7 +88,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon this.client.mutateWith(SecurityMockServerConfigurers.mockJwt() .jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1, this.authority2); @@ -102,7 +99,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon .mutateWith( SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities"))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly( new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities")); @@ -115,7 +111,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")) .authorities((jwt) -> Arrays.asList(this.authority1))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1); } @@ -125,7 +120,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build(); this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(originalToken)).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication(); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java index 2bdaf7367c..902ea2a0fa 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java @@ -75,7 +75,6 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenUsingDefaultsThenException() throws Exception { - WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler()); assertThatCode(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder)) .isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration"); @@ -83,10 +82,8 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient() throws Exception { - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client") .exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -96,12 +93,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenClientRegistrationThenUses() throws Exception { - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("registration-id").clientId("client-id").build(); this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client().clientRegistration(clientRegistration)) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -111,12 +106,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception { - this.client .mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id") .clientRegistration((c) -> c.clientId("client-id"))) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -136,12 +129,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenAccessTokenThenUses() throws Exception { - OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); this.client .mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id").accessToken(accessToken)) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -153,11 +144,9 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client") .exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client"); - client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class), diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java index 8028d88803..0820d65d50 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java @@ -72,7 +72,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token).isNotNull(); assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test"); @@ -86,7 +85,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/client").exchange() .expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test"); @@ -100,7 +98,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS .mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .authorities(new SimpleGrantedAuthority("SCOPE_admin"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat((Collection) token.getPrincipal().getAuthorities()) .contains(new SimpleGrantedAuthority("SCOPE_admin")); @@ -112,7 +109,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS .mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .attributes((a) -> a.put("iss", "https://idp.example.org"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org"); } @@ -121,16 +117,12 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get() .uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getName()).isEqualTo("test-subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get() .uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client.getPrincipalName()).isEqualTo("test-subject"); } @@ -139,17 +131,13 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("sub", "subject"), "sub"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User) .attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk(); - token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar"); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java index 8f7927893f..b9361bfbdd 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java @@ -73,7 +73,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token).isNotNull(); assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test"); @@ -88,7 +87,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() { this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/client").exchange() .expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test"); @@ -102,7 +100,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer .mutateWith(SecurityMockServerConfigurers.mockOidcLogin() .authorities(new SimpleGrantedAuthority("SCOPE_admin"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat((Collection) token.getPrincipal().getAuthorities()) .contains(new SimpleGrantedAuthority("SCOPE_admin")); @@ -114,7 +111,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer .mutateWith(SecurityMockServerConfigurers.mockOidcLogin() .idToken((i) -> i.issuer("https://idp.example.org"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org"); } @@ -124,7 +120,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer this.client .mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken((u) -> u.email("email@email"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("email", "email@email"); } @@ -134,16 +129,12 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token") .exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getName()).isEqualTo("test-subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get() .uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client.getPrincipalName()).isEqualTo("test-subject"); } @@ -153,18 +144,14 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), TestOidcIdTokens.idToken().build()); - this.client.mutateWith( SecurityMockServerConfigurers.mockOidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)).get() .uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject"); - this.client.mutateWith( SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))).get() .uri("/token").exchange().expectStatus().isOk(); - token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar"); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java index fd5ccb3699..3b11ff0c73 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java @@ -68,9 +68,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig @Test public void mockUserWhenDefaultsThenSuccess() { this.client.mutateWith(SecurityMockServerConfigurers.mockUser()).get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -81,9 +79,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig .apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockUser()) .configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build(); this.client.get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -91,9 +87,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig public void mockUserStringWhenLocalThenSuccess() { this.client.mutateWith(SecurityMockServerConfigurers.mockUser(this.userBuilder.build().getUsername())).get() .exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -103,9 +97,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig this.client .mutateWith(SecurityMockServerConfigurers.mockUser("admin").password("secret").roles("USER", "ADMIN")) .get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -114,9 +106,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig UserDetails userDetails = this.userBuilder.build(); this.client.mutateWith(SecurityMockServerConfigurers.mockUser(userDetails)).get().exchange().expectStatus() .isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -124,9 +114,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig public void csrfWhenMutateWithThenDisablesCsrf() { this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody() .consumeWith((b) -> assertThat(new String(b.getResponseBody())).contains("CSRF")); - this.client.mutateWith(SecurityMockServerConfigurers.csrf()).post().exchange().expectStatus().isOk(); - } @Test @@ -134,9 +122,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig this.client = WebTestClient.bindToController(this.controller).webFilter(new CsrfWebFilter()) .apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.csrf()) .configureClient().build(); - this.client.get().exchange().expectStatus().isOk(); - } } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java index 397f04b404..ebca73b566 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java @@ -45,7 +45,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration @WebAppConfiguration @@ -66,7 +65,6 @@ public class Sec2935Tests { public void postProcessorUserNoUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated()); } @@ -74,7 +72,6 @@ public class Sec2935Tests { public void postProcessorUserOtherUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("user2")); } @@ -84,7 +81,6 @@ public class Sec2935Tests { public void postProcessorUserWithMockUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("user")); } @@ -94,10 +90,8 @@ public class Sec2935Tests { public void defaultRequest() throws Exception { this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .defaultRequest(get("/").with(user("default"))).build(); - this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("default")); } @@ -108,10 +102,8 @@ public class Sec2935Tests { public void defaultRequestOverridesWithMockUser() throws Exception { this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .defaultRequest(get("/").with(user("default"))).build(); - this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("default")); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java index 0337afee88..e236a9295f 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java @@ -54,7 +54,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { MockHttpServletRequest request = formLogin().buildRequest(this.servletContext); CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("user"); assertThat(request.getParameter("password")).isEqualTo("password"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -67,10 +66,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void custom() { MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret") .buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("admin"); assertThat(request.getParameter("password")).isEqualTo("secret"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -82,10 +79,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void customWithUriVars() { MockHttpServletRequest request = formLogin().loginProcessingUrl("/uri-login/{var1}/{var2}", "val1", "val2") .user("username", "admin").password("password", "secret").buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("admin"); assertThat(request.getParameter("password")).isEqualTo("secret"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -104,7 +99,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0)); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()) .defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build(); - MvcResult mvcResult = mockMvc.perform(formLogin()).andReturn(); assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(mvcResult.getRequest().getHeader("Accept")) @@ -121,7 +115,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void usesAcceptMediaForContentNegotiation() { MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret") .buildRequest(this.servletContext); - assertThat(request.getHeader("Accept")).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java index 438f3d19c3..dfdcd71507 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java @@ -52,10 +52,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { @Test public void defaults() { MockHttpServletRequest request = logout().buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/logout"); @@ -64,10 +62,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { @Test public void custom() { MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/admin/logout"); @@ -77,10 +73,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { public void customWithUriVars() { MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2") .buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/uri-logout/val1/val2"); @@ -97,7 +91,6 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0)); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()) .defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build(); - MvcResult mvcResult = mockMvc.perform(logout()).andReturn(); assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(mvcResult.getRequest().getHeader("Accept")) diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java index a6aaf08a74..b73620e033 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java @@ -74,7 +74,6 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests { @Test public void userDetails() { authentication(this.authentication).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java index 827bd15101..22b3ccb895 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java @@ -45,20 +45,16 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests { @Test public void x509SingleCertificate() { MockHttpServletRequest postProcessedRequest = x509(this.certificate).postProcessRequest(this.request); - X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest .getAttribute("javax.servlet.request.X509Certificate"); - assertThat(certificates).containsOnly(this.certificate); } @Test public void x509ResourceName() throws Exception { MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(this.request); - X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest .getAttribute("javax.servlet.request.X509Certificate"); - assertThat(certificates).hasSize(1); assertThat(certificates[0].getSubjectDN().getName()) .isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework"); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java index 3c09347f52..7118bf8889 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java @@ -155,12 +155,10 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests { public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception { // @formatter:off this.mockMvc.perform(post("/").with(csrf())); - MockHttpServletRequest request = new MockHttpServletRequest(); HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository(); CsrfToken token = repo.generateToken(request); repo.saveToken(token, request, new MockHttpServletResponse()); - MockHttpServletRequestBuilder requestWithCsrf = post("/") .param(token.getParameterName(), token.getToken()) .session((MockHttpSession) request.getSession()); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java index 9f9653ff25..5c06373a90 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java @@ -55,7 +55,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { public void setup() { this.password = "password"; this.request = new MockHttpServletRequest(); - this.entryPoint = new DigestAuthenticationEntryPoint(); this.entryPoint.setKey("key"); this.entryPoint.setRealmName("Spring Security"); @@ -74,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { @Test public void digestWithFilter() throws Exception { MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo("user"); } @@ -82,7 +80,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { public void digestWithFilterCustomUsername() throws Exception { String username = "admin"; MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -92,7 +89,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { this.password = "secret"; MockHttpServletRequest postProcessedRequest = digest(username).password(this.password) .postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -102,7 +98,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { this.entryPoint.setRealmName("Custom"); MockHttpServletRequest postProcessedRequest = digest(username).realm(this.entryPoint.getRealmName()) .postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -111,7 +106,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { String username = "admin"; MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid") .postProcessRequest(this.request); - assertThat(extractUser()).isNull(); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java index dfa8792001..5b7dd1a042 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java @@ -95,7 +95,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { @Test public void jwtWhenUsingDefaultsThenProducesDefaultJwtAuthentication() { jwt().postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -111,7 +110,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() { String name = new String("user"); jwt().jwt((jwt) -> jwt.subject(name)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -124,7 +122,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2) .postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -135,7 +132,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { @Test public void jwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -147,7 +143,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")) .authorities((jwt) -> Arrays.asList(this.authority1)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -158,7 +153,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() { Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build(); jwt().jwt(originalToken).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java index 7e17a95223..3483c3105c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java @@ -93,14 +93,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenUsingDefaultsThenException() throws Exception { - assertThatCode(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest())) .isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration"); } @Test public void oauth2ClientWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/access-token").with(oauth2Client("registration-id"))) .andExpect(content().string("access-token")); this.mvc.perform(get("/client-id").with(oauth2Client("registration-id"))) @@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenClientRegistrationThenUses() throws Exception { - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("registration-id").clientId("client-id").build(); this.mvc.perform(get("/client-id").with(oauth2Client().clientRegistration(clientRegistration))) @@ -118,7 +115,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception { - this.mvc.perform(get("/client-id") .with(oauth2Client("registration-id").clientRegistration((c) -> c.clientId("client-id")))) .andExpect(content().string("client-id")); @@ -141,7 +137,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception { this.mvc.perform(get("/client-id").with(oauth2Client("registration-id"))) .andExpect(content().string("test-client")); - OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub", TestOAuth2AccessTokens.noScopes()); OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java index d92b97c398..f5307845af 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java @@ -88,14 +88,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { @Test public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(oauth2Login())).andExpect(content().string("user")); this.mvc.perform(get("/admin/id-token/name").with(oauth2Login())).andExpect(status().isForbidden()); } @Test public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/client-id").with(oauth2Login())).andExpect(content().string("test-client")); } @@ -119,10 +117,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute"); this.mvc.perform(get("/attributes/custom-attribute").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/name").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/client-name").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); } @@ -138,7 +134,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("username", "user"), "username"); - this.mvc.perform(get("/attributes/sub") .with(oauth2Login().attributes((a) -> a.put("sub", "bar")).oauth2User(oauth2User))) .andExpect(status().isOk()).andExpect(content().string("no-attribute")); @@ -193,14 +188,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { @GetMapping("/attributes/{attribute}") String attributes(@AuthenticationPrincipal OAuth2User oauth2User, @PathVariable("attribute") String attribute) { - return Optional.ofNullable((String) oauth2User.getAttribute(attribute)).orElse("no-attribute"); } @GetMapping("/admin/scopes") List scopes( @AuthenticationPrincipal(expression = "authorities") Collection authorities) { - return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java index 7de780a095..91fa711355 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java @@ -94,14 +94,12 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { @Test public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(oidcLogin())).andExpect(content().string("user")); this.mvc.perform(get("/admin/id-token/name").with(oidcLogin())).andExpect(status().isForbidden()); } @Test public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/access-token").with(oidcLogin())).andExpect(content().string("access-token")); } @@ -128,12 +126,9 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute"); - this.mvc.perform(get("/id-token/custom-attribute").with(oidcLogin().oidcUser(oidcUser))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/name").with(oidcLogin().oidcUser(oidcUser))).andExpect(content().string("test-subject")); - this.mvc.perform(get("/client-name").with(oidcLogin().oidcUser(oidcUser))) .andExpect(content().string("test-subject")); } @@ -143,7 +138,6 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), TestOidcIdTokens.idToken().build()); - this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser))) .andExpect(status().isOk()).andExpect(content().string("subject")); this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar")))) diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java index 46f9b54f37..764f51ec1c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java @@ -82,7 +82,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { @Test public void opaqueTokenWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(opaqueToken())).andExpect(content().string("user")); this.mvc.perform(get("/admin/scopes").with(opaqueToken())).andExpect(status().isForbidden()); } @@ -100,7 +99,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { OAuth2AuthenticatedPrincipal principal = mock(OAuth2AuthenticatedPrincipal.class); given(principal.getName()).willReturn("ben"); given(principal.getAuthorities()).willReturn(authorities); - this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben")); } @@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals .active((a) -> a.put("scope", "user")); - this.mvc.perform(get("/opaque-token/sub") .with(opaqueToken().attributes((a) -> a.put("sub", "foo")).principal(principal))) .andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub"))); @@ -147,14 +144,12 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { @GetMapping("/opaque-token/{attribute}") String tokenAttribute(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal, @PathVariable("attribute") String attribute) { - return principal.getAttribute(attribute); } @GetMapping("/admin/scopes") List scopes( @AuthenticationPrincipal(expression = "authorities") Collection authorities) { - return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java index 8e3e099300..6f2521f37c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java @@ -73,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests { @Test public void userDetails() { securityContext(this.expectedContext).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java index 0472d593aa..0eb7913127 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java @@ -68,9 +68,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests { @Test public void testSecurityContextSaves() { TestSecurityContextHolder.setContext(this.context); - testSecurityContext().postProcessRequest(this.request); - verify(this.repository).saveContext(eq(this.context), eq(this.request), any(HttpServletResponse.class)); } @@ -78,7 +76,6 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests { @Test public void testSecurityContextNoContext() { testSecurityContext().postProcessRequest(this.request); - verify(this.repository, never()).saveContext(any(SecurityContext.class), eq(this.request), any(HttpServletResponse.class)); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java index c471fdc396..0f05f727c9 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java @@ -75,7 +75,6 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests { @Test public void userDetails() { user(this.userDetails).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java index 37c3457c02..1c6fb34678 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java @@ -81,9 +81,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userWithDefaults() { String username = "userabc"; - user(username).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -96,9 +94,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userWithCustom() { String username = "customuser"; - user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -112,9 +108,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userCustomAuthoritiesVarargs() { String username = "customuser"; - user(username).authorities(this.authority1, this.authority2).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -130,9 +124,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userCustomAuthoritiesList() { String username = "customuser"; - user(username).authorities(Arrays.asList(this.authority1, this.authority2)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java index 6e2857091b..a4c3f8869c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java @@ -69,7 +69,6 @@ public class Gh3409Tests { this.mockMvc .perform(get("/public/") .with(securityContext(new SecurityContextImpl()))); - this.mockMvc .perform(get("/public/")) .andExpect(unauthenticated()); @@ -82,7 +81,6 @@ public class Gh3409Tests { this.mockMvc .perform(get("/") .with(securityContext(new SecurityContextImpl()))); - this.mockMvc .perform(get("/")) .andExpect(unauthenticated()); @@ -104,7 +102,6 @@ public class Gh3409Tests { .formLogin().and() .httpBasic(); // @formatter:on - } } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java index 9c27fd80c2..675a57dba2 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java @@ -63,10 +63,8 @@ public class SecurityMockMvcConfigurerTests { public void beforeMockMvcCreatedOverrideBean() throws Exception { returnFilterBean(); SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.filter); verify(this.servletContext).setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, this.filter); } @@ -75,27 +73,22 @@ public class SecurityMockMvcConfigurerTests { public void beforeMockMvcCreatedBean() throws Exception { returnFilterBean(); SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.beanFilter); } @Test public void beforeMockMvcCreatedNoBean() throws Exception { SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.filter); } @Test(expected = IllegalStateException.class) public void beforeMockMvcCreatedNoFilter() { SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java index 8e62492aa7..089e5dc8b1 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java @@ -59,7 +59,6 @@ public class SecurityMockMvcConfigurersTests { public void applySpringSecurityWhenAddFilterFirstThenFilterFirst() throws Exception { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(this.noOpFilter) .apply(springSecurity()).build(); - mockMvc.perform(get("/")).andExpect(status().isOk()); } @@ -73,7 +72,6 @@ public class SecurityMockMvcConfigurersTests { public void applySpringSecurityWhenAddFilterSecondThenSecurityFirst() throws Exception { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).apply(springSecurity()) .addFilters(this.noOpFilter).build(); - mockMvc.perform(get("/")).andExpect(status().is4xxClientError()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java index ecc20e3f92..d58e832673 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java @@ -115,7 +115,6 @@ public class CustomConfigAuthenticationTests { return new InMemoryUserDetailsManager(user); } // @formatter:on - @Bean SecurityContextRepository securityContextRepository() { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java index a469d38530..874e6c9f1c 100644 --- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java @@ -98,7 +98,6 @@ public class WebTestUtilsTests { } // getSecurityContextRepository - @Test public void getSecurityContextRepositoryNoWac() { assertThat(WebTestUtils.getSecurityContextRepository(this.request)) @@ -131,31 +130,26 @@ public class WebTestUtilsTests { @Test public void findFilterNoMatchingFilters() { loadConfig(PartialSecurityConfig.class); - assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull(); } @Test public void findFilterNoSpringSecurityFilterChainInContext() { loadConfig(NoSecurityConfig.class); - CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository()); FilterChainProxy springSecurityFilterChain = new FilterChainProxy( new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind)); this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain); - assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind); } @Test public void findFilterExplicitWithSecurityFilterInContext() { loadConfig(SecurityConfigWithDefaults.class); - CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository()); FilterChainProxy springSecurityFilterChain = new FilterChainProxy( new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind)); this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain); - assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind); } diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java index c9eedad606..5a2e9b0a32 100644 --- a/web/src/test/java/org/springframework/security/MockFilterConfig.java +++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java @@ -39,7 +39,6 @@ public class MockFilterConfig implements FilterConfig { @Override public String getInitParameter(String arg0) { Object result = this.map.get(arg0); - if (result != null) { return (String) result; } diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java index 32971f6513..ff368d2d49 100644 --- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java @@ -36,9 +36,7 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://context.blah.com/context/remainder"); - assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); } @@ -50,9 +48,7 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://https://context.blah.com/context/remainder"); - assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); } @@ -63,7 +59,6 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://redirectme.somewhere.else"); } diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java index 56a21a1dc8..c5586308dc 100644 --- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java @@ -106,7 +106,6 @@ public class FilterChainProxyTests { this.fcp.doFilter(this.request, this.response, this.chain); assertThat(this.fcp.getFilterChains()).hasSize(1); assertThat(this.fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(this.filter); - verifyZeroInteractions(this.filter); // The actual filter chain should be invoked though verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -116,7 +115,6 @@ public class FilterChainProxyTests { public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception { given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); this.fcp.doFilter(this.request, this.response, this.chain); - verify(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -126,10 +124,8 @@ public class FilterChainProxyTests { public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception { List noFilters = Collections.emptyList(); this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, noFilters)); - given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); this.fcp.doFilter(this.request, this.response, this.chain); - verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -197,9 +193,7 @@ public class FilterChainProxyTests { return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, this.chain); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -212,14 +206,12 @@ public class FilterChainProxyTests { throw new ServletException("oops"); }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - try { this.fcp.doFilter(this.request, this.response, this.chain); fail("Expected Exception"); } catch (ServletException success) { } - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -236,15 +228,12 @@ public class FilterChainProxyTests { return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, innerChain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected); return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, this.chain); - verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java index 046d52fb7b..bd3bb1f5fa 100644 --- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java @@ -48,7 +48,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld/some/more/segments.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); FilterInvocation fi = new FilterInvocation(request, response, chain); @@ -66,21 +65,18 @@ public class FilterInvocationTests { public void testRejectsNullFilterChain() { MockHttpServletRequest request = new MockHttpServletRequest(null, null); MockHttpServletResponse response = new MockHttpServletResponse(); - new FilterInvocation(request, response, null); } @Test(expected = IllegalArgumentException.class) public void testRejectsNullServletRequest() { MockHttpServletResponse response = new MockHttpServletResponse(); - new FilterInvocation(null, response, mock(FilterChain.class)); } @Test(expected = IllegalArgumentException.class) public void testRejectsNullServletResponse() { MockHttpServletRequest request = new MockHttpServletRequest(null, null); - new FilterInvocation(request, null, mock(FilterChain.class)); } @@ -94,7 +90,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar"); @@ -111,7 +106,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld"); diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java index 326a889de8..aad10c3947 100644 --- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java +++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java @@ -43,26 +43,22 @@ public class PortMapperImplTests { @Test public void testDetectsEmptyMap() { PortMapperImpl portMapper = new PortMapperImpl(); - try { portMapper.setPortMappings(new HashMap<>()); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testDetectsNullMap() { PortMapperImpl portMapper = new PortMapperImpl(); - try { portMapper.setPortMappings(null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -77,13 +73,11 @@ public class PortMapperImplTests { PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("79", "80559"); - try { portMapper.setPortMappings(map); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -98,9 +92,7 @@ public class PortMapperImplTests { PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("79", "442"); - portMapper.setPortMappings(map); - assertThat(portMapper.lookupHttpPort(442)).isEqualTo(Integer.valueOf(79)); assertThat(Integer.valueOf(442)).isEqualTo(portMapper.lookupHttpsPort(79)); } diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java index 80240082a7..db99268419 100644 --- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java +++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java @@ -33,7 +33,6 @@ public class PortResolverImplTests { @Test public void testDetectsBuggyIeHttpRequest() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(8443); request.setScheme("HTtP"); // proves case insensitive handling @@ -43,7 +42,6 @@ public class PortResolverImplTests { @Test public void testDetectsBuggyIeHttpsRequest() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(8080); request.setScheme("HTtPs"); // proves case insensitive handling @@ -53,13 +51,11 @@ public class PortResolverImplTests { @Test public void testDetectsEmptyPortMapper() { PortResolverImpl pr = new PortResolverImpl(); - try { pr.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -74,7 +70,6 @@ public class PortResolverImplTests { @Test public void testNormalOperation() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerPort(1021); diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java index 438ece3d85..54dcc2b891 100644 --- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java @@ -101,10 +101,8 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests { public void deniesAccessIfAccessDecisionManagerDoes() { Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX"); DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor); - willThrow(new AccessDeniedException("")).given(this.adm).decide(any(Authentication.class), anyObject(), anyList()); - assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java index 6063aab348..cc97879021 100644 --- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java @@ -67,10 +67,8 @@ public class DelegatingAccessDeniedHandlerTests { public void moreSpecificDoesNotInvokeLessSpecific() throws Exception { this.handlers.put(CsrfException.class, this.handler1); this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3); - AccessDeniedException accessDeniedException = new AccessDeniedException(""); this.handler.handle(this.request, this.response, accessDeniedException); - verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); verify(this.handler3).handle(this.request, this.response, accessDeniedException); @@ -81,10 +79,8 @@ public class DelegatingAccessDeniedHandlerTests { this.handlers.put(InvalidCsrfTokenException.class, this.handler1); this.handlers.put(MissingCsrfTokenException.class, this.handler2); this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3); - AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123"); this.handler.handle(this.request, this.response, accessDeniedException); - verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); verify(this.handler2).handle(this.request, this.response, accessDeniedException); diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java index 1506d493ce..62a9a127ff 100644 --- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java @@ -69,14 +69,11 @@ public class ExceptionTranslationFilterTests { private static String getSavedRequestUrl(HttpServletRequest request) { HttpSession session = request.getSession(false); - if (session == null) { return null; } - HttpSessionRequestCache rc = new HttpSessionRequestCache(); SavedRequest sr = rc.getRequest(request, new MockHttpServletResponse()); - return sr.getRedirectUrl(); } @@ -90,22 +87,18 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl()); assertThat(filter.getAuthenticationTrustResolver()).isNotNull(); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp"); @@ -122,18 +115,15 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is remembered SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication( new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); SecurityContextHolder.setContext(securityContext); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -147,24 +137,19 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.clearContext(); - // Setup a new AccessDeniedHandlerImpl that will do a "forward" AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl(); adh.setErrorPage("/error.jsp"); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.setAccessDeniedHandler(adh); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); assertThat(response.getStatus()).isEqualTo(403); @@ -177,23 +162,19 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter( (req, res, ae) -> res.sendError(403, ae.getMessage())); filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl()); assertThat(filter.getAuthenticationTrustResolver()).isNotNull(); - LocaleContextHolder.setDefaultLocale(Locale.GERMAN); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); @@ -211,12 +192,10 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.afterPropertiesSet(); @@ -237,12 +216,10 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Test HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache); @@ -269,11 +246,9 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); assertThat(filter.getAuthenticationEntryPoint()).isSameAs(this.mockEntryPoint); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, mock(FilterChain.class)); } @@ -281,12 +256,10 @@ public class ExceptionTranslationFilterTests { @Test public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception { ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); - filter.afterPropertiesSet(); Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() }; for (Exception e : exceptions) { FilterChain fc = mock(FilterChain.class); - willThrow(e).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); try { filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc); @@ -309,10 +282,8 @@ public class ExceptionTranslationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); - assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class) .hasCauseInstanceOf(AccessDeniedException.class); - verifyZeroInteractions(this.mockEntryPoint); } diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java index f5e160c855..c3bfbd4c7e 100644 --- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java @@ -58,9 +58,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { given(matcher.matches(this.request)).willReturn(false); this.deniedHandlers.put(matcher, handler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(this.accessDeniedHandler).handle(this.request, null, null); verify(handler, never()).handle(this.request, null, null); } @@ -75,9 +73,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { this.deniedHandlers.put(firstMatcher, firstHandler); this.deniedHandlers.put(secondMatcher, secondHandler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(firstHandler).handle(this.request, null, null); verify(secondHandler, never()).handle(this.request, null, null); verify(this.accessDeniedHandler, never()).handle(this.request, null, null); @@ -95,9 +91,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { this.deniedHandlers.put(firstMatcher, firstHandler); this.deniedHandlers.put(secondMatcher, secondHandler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(secondHandler).handle(this.request, null, null); verify(firstHandler, never()).handle(this.request, null, null); verify(this.accessDeniedHandler, never()).handle(this.request, null, null); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java index 41d60e69c7..b31987dec3 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java @@ -47,7 +47,6 @@ public class ChannelDecisionManagerImplTests { @Test public void testCannotSetEmptyChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.setChannelProcessors(new Vector()); cdm.afterPropertiesSet(); @@ -63,20 +62,17 @@ public class ChannelDecisionManagerImplTests { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); List list = new Vector(); list.add("THIS IS NOT A CHANNELPROCESSOR"); - try { cdm.setChannelProcessors(list); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testCannotSetNullChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.setChannelProcessors(null); cdm.afterPropertiesSet(); @@ -97,13 +93,10 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - List cad = SecurityConfig.createList("xyz"); - cdm.decide(fi, cad); assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -116,11 +109,9 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - cdm.decide(fi, SecurityConfig.createList(new String[] { "abc", "ANY_CHANNEL" })); assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -135,11 +126,9 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT")); assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -154,7 +143,6 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - assertThat(cdm.supports(new SecurityConfig("xyz"))).isTrue(); assertThat(cdm.supports(new SecurityConfig("abc"))).isTrue(); assertThat(cdm.supports(new SecurityConfig("UNSUPPORTED"))).isFalse(); @@ -164,21 +152,18 @@ public class ChannelDecisionManagerImplTests { public void testGettersSetters() { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); assertThat(cdm.getChannelProcessors()).isNull(); - MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false); MockChannelProcessor cpAbc = new MockChannelProcessor("abc", false); List list = new Vector(); list.add(cpXyz); list.add(cpAbc); cdm.setChannelProcessors(list); - assertThat(cdm.getChannelProcessors()).isEqualTo(list); } @Test public void testStartupFailsWithEmptyChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -202,17 +187,13 @@ public class ChannelDecisionManagerImplTests { @Override public void decide(FilterInvocation invocation, Collection config) throws IOException { Iterator iter = config.iterator(); - if (this.failIfCalled) { fail("Should not have called this channel processor: " + this.configAttribute); } - while (iter.hasNext()) { ConfigAttribute attr = (ConfigAttribute) iter.next(); - if (attr.getAttribute().equals(this.configAttribute)) { invocation.getHttpResponse().sendRedirect("/redirected"); - return; } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java index f539e6eafe..76ff193adf 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java @@ -43,10 +43,8 @@ public class ChannelProcessingFilterTests { @Test(expected = IllegalArgumentException.class) public void testDetectsMissingChannelDecisionManager() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK"); filter.setSecurityMetadataSource(fids); - filter.afterPropertiesSet(); } @@ -61,12 +59,9 @@ public class ChannelProcessingFilterTests { public void testDetectsSupportedConfigAttribute() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY"); - filter.setSecurityMetadataSource(fids); - filter.afterPropertiesSet(); } @@ -74,10 +69,8 @@ public class ChannelProcessingFilterTests { public void testDetectsUnsupportedConfigAttribute() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); filter.afterPropertiesSet(); } @@ -86,17 +79,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenManagerDoesCommitResponse() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -104,17 +92,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenManagerDoesNotCommitResponse() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -122,17 +105,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenNullConfigAttributeReturned() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "NOT_USED"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/PATH_NOT_MATCHING_CONFIG_ATTRIBUTE"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -141,12 +119,9 @@ public class ChannelProcessingFilterTests { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK")); assertThat(filter.getChannelDecisionManager() != null).isTrue(); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", false, "MOCK"); - filter.setSecurityMetadataSource(fids); assertThat(filter.getSecurityMetadataSource()).isSameAs(fids); - filter.afterPropertiesSet(); } @@ -192,7 +167,6 @@ public class ChannelProcessingFilterTests { @Override public Collection getAttributes(Object object) throws IllegalArgumentException { FilterInvocation fi = (FilterInvocation) object; - if (this.servletPath.equals(fi.getHttpRequest().getServletPath())) { return this.toReturn; } @@ -206,7 +180,6 @@ public class ChannelProcessingFilterTests { if (!this.provideIterator) { return null; } - return this.toReturn; } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java index e9752b8f57..487e1a5cf9 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java @@ -45,13 +45,10 @@ public class InsecureChannelProcessorTests { request.setServletPath("/servlet"); request.setScheme("http"); request.setServerPort(8080); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL")); - assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -65,14 +62,11 @@ public class InsecureChannelProcessorTests { request.setScheme("https"); request.setSecure(true); request.setServerPort(8443); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL" })); - assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -80,13 +74,11 @@ public class InsecureChannelProcessorTests { public void testDecideRejectsNulls() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.afterPropertiesSet(); - try { processor.decide(null, null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -96,7 +88,6 @@ public class InsecureChannelProcessorTests { assertThat(processor.getInsecureKeyword()).isEqualTo("REQUIRES_INSECURE_CHANNEL"); processor.setInsecureKeyword("X"); assertThat(processor.getInsecureKeyword()).isEqualTo("X"); - assertThat(processor.getEntryPoint() != null).isTrue(); processor.setEntryPoint(null); assertThat(processor.getEntryPoint() == null).isTrue(); @@ -106,7 +97,6 @@ public class InsecureChannelProcessorTests { public void testMissingEntryPoint() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setEntryPoint(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -120,7 +110,6 @@ public class InsecureChannelProcessorTests { public void testMissingSecureChannelKeyword() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setInsecureKeyword(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -128,9 +117,7 @@ public class InsecureChannelProcessorTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).isEqualTo("insecureKeyword required"); } - processor.setInsecureKeyword(""); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java index bf67247ff3..f858d11c5b 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java @@ -43,7 +43,6 @@ public class RetryWithHttpEntryPointTests { @Test public void testDetectsMissingPortMapper() { RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); - try { ep.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); @@ -55,7 +54,6 @@ public class RetryWithHttpEntryPointTests { @Test public void testDetectsMissingPortResolver() { RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); - try { ep.setPortResolver(null); fail("Should have thrown IllegalArgumentException"); @@ -85,13 +83,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello/pathInfo.html?open=true"); } @@ -102,13 +97,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello"); } @@ -120,13 +112,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("www.example.com"); request.setServerPort(8768); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(8768, 1234)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true"); } @@ -138,18 +127,14 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(9999); - MockHttpServletResponse response = new MockHttpServletResponse(); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.setPortMapper(portMapper); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java index 3fdf255079..29274cb3ea 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java @@ -39,7 +39,6 @@ public class RetryWithHttpsEntryPointTests { @Test public void testDetectsMissingPortMapper() { RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); - try { ep.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); @@ -51,7 +50,6 @@ public class RetryWithHttpsEntryPointTests { @Test public void testDetectsMissingPortResolver() { RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); - try { ep.setPortResolver(null); fail("Should have thrown IllegalArgumentException"); @@ -76,13 +74,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); @@ -94,13 +89,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); } @@ -112,13 +104,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(8768); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(8768, 1234)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true"); } @@ -130,18 +119,14 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(8888); - MockHttpServletResponse response = new MockHttpServletResponse(); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.setPortMapper(portMapper); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java index 9c472da817..e66b411c55 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java @@ -46,13 +46,10 @@ public class SecureChannelProcessorTests { request.setScheme("https"); request.setSecure(true); request.setServerPort(8443); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - SecureChannelProcessor processor = new SecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL")); - assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -65,14 +62,11 @@ public class SecureChannelProcessorTests { request.setServletPath("/servlet"); request.setScheme("http"); request.setServerPort(8080); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - SecureChannelProcessor processor = new SecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" })); - assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -80,13 +74,11 @@ public class SecureChannelProcessorTests { public void testDecideRejectsNulls() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.afterPropertiesSet(); - try { processor.decide(null, null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -96,7 +88,6 @@ public class SecureChannelProcessorTests { assertThat(processor.getSecureKeyword()).isEqualTo("REQUIRES_SECURE_CHANNEL"); processor.setSecureKeyword("X"); assertThat(processor.getSecureKeyword()).isEqualTo("X"); - assertThat(processor.getEntryPoint() != null).isTrue(); processor.setEntryPoint(null); assertThat(processor.getEntryPoint() == null).isTrue(); @@ -106,7 +97,6 @@ public class SecureChannelProcessorTests { public void testMissingEntryPoint() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setEntryPoint(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -120,7 +110,6 @@ public class SecureChannelProcessorTests { public void testMissingSecureChannelKeyword() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setSecureKeyword(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -128,9 +117,7 @@ public class SecureChannelProcessorTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).isEqualTo("secureKeyword required"); } - processor.setSecureKeyword(""); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java index 0244b48aa6..0e1dec1d1b 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java @@ -65,14 +65,12 @@ public class AbstractVariableEvaluationContextPostProcessorTests { @Test public void extractVariables() { this.context = this.processor.postProcess(this.context, this.invocation); - assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); } @Test public void extractVariablesOnlyUsedOnce() { this.context = this.processor.postProcess(this.context, this.invocation); - assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); this.processor.results = Collections.emptyMap(); assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java index 16a5f0e164..b23e67c89f 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java @@ -69,7 +69,6 @@ public class DefaultWebSecurityExpressionHandlerTests { bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A"); appContext.registerBeanDefinition("role", bean); this.handler.setApplicationContext(appContext); - EvaluationContext ctx = this.handler.createEvaluationContext(mock(Authentication.class), mock(FilterInvocation.class)); ExpressionParser parser = this.handler.getExpressionParser(); @@ -85,11 +84,9 @@ public class DefaultWebSecurityExpressionHandlerTests { @Test public void createEvaluationContextCustomTrustResolver() { this.handler.setTrustResolver(this.trustResolver); - Expression expression = this.handler.getExpressionParser().parseExpression("anonymous"); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.invocation); assertThat(expression.getValue(context, Boolean.class)).isFalse(); - verify(this.trustResolver).isAnonymous(this.authentication); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java index bb9a8e6734..355dd768df 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java @@ -56,7 +56,6 @@ public class DelegatingEvaluationContextTests { public void getRootObject() { TypedValue expected = mock(TypedValue.class); given(this.delegate.getRootObject()).willReturn(expected); - assertThat(this.context.getRootObject()).isEqualTo(expected); } @@ -64,7 +63,6 @@ public class DelegatingEvaluationContextTests { public void getConstructorResolvers() { List expected = new ArrayList<>(); given(this.delegate.getConstructorResolvers()).willReturn(expected); - assertThat(this.context.getConstructorResolvers()).isEqualTo(expected); } @@ -72,7 +70,6 @@ public class DelegatingEvaluationContextTests { public void getMethodResolvers() { List expected = new ArrayList<>(); given(this.delegate.getMethodResolvers()).willReturn(expected); - assertThat(this.context.getMethodResolvers()).isEqualTo(expected); } @@ -80,16 +77,13 @@ public class DelegatingEvaluationContextTests { public void getPropertyAccessors() { List expected = new ArrayList<>(); given(this.delegate.getPropertyAccessors()).willReturn(expected); - assertThat(this.context.getPropertyAccessors()).isEqualTo(expected); } @Test public void getTypeLocator() { - TypeLocator expected = mock(TypeLocator.class); given(this.delegate.getTypeLocator()).willReturn(expected); - assertThat(this.context.getTypeLocator()).isEqualTo(expected); } @@ -97,7 +91,6 @@ public class DelegatingEvaluationContextTests { public void getTypeConverter() { TypeConverter expected = mock(TypeConverter.class); given(this.delegate.getTypeConverter()).willReturn(expected); - assertThat(this.context.getTypeConverter()).isEqualTo(expected); } @@ -105,7 +98,6 @@ public class DelegatingEvaluationContextTests { public void getTypeComparator() { TypeComparator expected = mock(TypeComparator.class); given(this.delegate.getTypeComparator()).willReturn(expected); - assertThat(this.context.getTypeComparator()).isEqualTo(expected); } @@ -113,7 +105,6 @@ public class DelegatingEvaluationContextTests { public void getOperatorOverloader() { OperatorOverloader expected = mock(OperatorOverloader.class); given(this.delegate.getOperatorOverloader()).willReturn(expected); - assertThat(this.context.getOperatorOverloader()).isEqualTo(expected); } @@ -121,7 +112,6 @@ public class DelegatingEvaluationContextTests { public void getBeanResolver() { BeanResolver expected = mock(BeanResolver.class); given(this.delegate.getBeanResolver()).willReturn(expected); - assertThat(this.context.getBeanResolver()).isEqualTo(expected); } @@ -129,9 +119,7 @@ public class DelegatingEvaluationContextTests { public void setVariable() { String name = "name"; String value = "value"; - this.context.setVariable(name, value); - verify(this.delegate).setVariable(name, value); } @@ -140,7 +128,6 @@ public class DelegatingEvaluationContextTests { String name = "name"; String expected = "expected"; given(this.delegate.lookupVariable(name)).willReturn(expected); - assertThat(this.context.lookupVariable(name)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java index fdca0484e6..8f8a5ab887 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java @@ -55,7 +55,6 @@ public class WebExpressionVoterTests { .isTrue(); assertThat(voter.supports(FilterInvocation.class)).isTrue(); assertThat(voter.supports(MethodInvocation.class)).isFalse(); - } @Test @@ -83,9 +82,7 @@ public class WebExpressionVoterTests { ArrayList attributes = new ArrayList(); attributes.addAll(SecurityConfig.createList("A", "B", "C")); attributes.add(weca); - assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - // Second time false assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java index 0e973ade90..f6394360fc 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java @@ -44,9 +44,7 @@ public class WebSecurityExpressionRootTests { request.setRemoteAddr("192.168.1.1"); WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class), new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class))); - assertThat(root.hasIpAddress("192.168.1.1")).isTrue(); - // IPv6 Address request.setRemoteAddr("fa:db8:85a3::8a2e:370:7334"); assertThat(root.hasIpAddress("fa:db8:85a3::8a2e:370:7334")).isTrue(); @@ -62,7 +60,6 @@ public class WebSecurityExpressionRootTests { request.setRemoteAddr("192.168.1." + i); assertThat(root.hasIpAddress("192.168.1.0/24")).isTrue(); } - request.setRemoteAddr("192.168.1.127"); // 25 = FF FF FF 80 assertThat(root.hasIpAddress("192.168.1.0/25")).isTrue(); @@ -75,7 +72,6 @@ public class WebSecurityExpressionRootTests { assertThat(root.hasIpAddress("192.168.1.224/27")).isTrue(); assertThat(root.hasIpAddress("192.168.1.240/27")).isTrue(); assertThat(root.hasIpAddress("192.168.1.255/32")).isTrue(); - request.setRemoteAddr("202.24.199.127"); assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue(); request.setRemoteAddr("202.25.179.135"); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java index 5f207669bc..c054e9a483 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java @@ -54,9 +54,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupNotRequiringExactMatchSucceedsIfNotMatching() { createFids("/secure/super/**", null); - FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null, null, null); - assertThat(this.fids.getAttributes(fi)).isEqualTo(this.def); } @@ -67,9 +65,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() { createFids("/secure/super/**", null); - FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -77,9 +73,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupRequiringExactMatchIsSuccessful() { createFids("/SeCurE/super/**", null); - FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -87,9 +81,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() { createFids("/someAdminPage.html**", null); - FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, "a=/test", null); - Collection response = this.fids.getAttributes(fi); assertThat(response); // see SEC-161 (it should truncate after ? // sign).isEqualTo(def) @@ -103,7 +95,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void httpMethodLookupSucceeds() { createFids("/somepage**", "GET"); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(this.def); @@ -112,7 +103,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void generalMatchIsUsedIfNoMethodSpecificMatchExists() { createFids("/somepage**", null); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(this.def); @@ -121,7 +111,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void requestWithDifferentHttpMethodDoesntMatch() { createFids("/somepage**", "GET"); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isNull(); @@ -132,11 +121,9 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() { LinkedHashMap> requestMap = new LinkedHashMap<>(); Collection userAttrs = SecurityConfig.createList("A"); - requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs); requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B")); this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap); - FilterInvocation fi = createFilterInvocation("/user", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(userAttrs); @@ -148,14 +135,10 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void extraQuestionMarkStillMatches() { createFids("/someAdminPage.html*", null); - FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); - fi = createFilterInvocation("/someAdminPage.html", null, "?", null); - response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -168,7 +151,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { request.setServletPath(servletPath); request.setPathInfo(pathInfo); request.setQueryString(queryString); - return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java index 37199a0c8f..dcd759048a 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java @@ -117,13 +117,9 @@ public class FilterSecurityInterceptorTests { // Setup a Context Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); SecurityContextHolder.getContext().setAuthentication(token); - FilterInvocation fi = createinvocation(); - given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - this.interceptor.invoke(fi); - // SEC-1697 verify(this.publisher, never()).publishEvent(any(AuthorizedEvent.class)); } @@ -132,24 +128,19 @@ public class FilterSecurityInterceptorTests { public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception { Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); SecurityContextHolder.getContext().setAuthentication(token); - FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - try { this.interceptor.invoke(fi); fail("Expected exception"); } catch (RuntimeException expected) { } - verifyZeroInteractions(aim); } @@ -161,29 +152,23 @@ public class FilterSecurityInterceptorTests { Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); token.setAuthenticated(true); ctx.setAuthentication(token); - RunAsManager runAsManager = mock(RunAsManager.class); given(runAsManager.buildRunAs(eq(token), any(), anyCollection())) .willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass())); this.interceptor.setRunAsManager(runAsManager); - FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - try { this.interceptor.invoke(fi); fail("Expected exception"); } catch (RuntimeException expected) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); @@ -195,9 +180,7 @@ public class FilterSecurityInterceptorTests { this.interceptor.setObserveOncePerRequest(false); MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest(); - this.interceptor.doFilter(request, response, new MockFilterChain()); - assertThat(request.getAttributeNames().hasMoreElements()).isFalse(); } @@ -205,10 +188,8 @@ public class FilterSecurityInterceptorTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - FilterChain chain = mock(FilterChain.class); FilterInvocation fi = new FilterInvocation(request, response, chain); - return fi; } diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java index 40576c0a41..37211f6fa2 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java @@ -31,7 +31,6 @@ public class RequestKeyTests { public void equalsWorksWithNullHttpMethod() { RequestKey key1 = new RequestKey("/someurl"); RequestKey key2 = new RequestKey("/someurl"); - assertThat(key2).isEqualTo(key1); key1 = new RequestKey("/someurl", "GET"); assertThat(key1.equals(key2)).isFalse(); @@ -42,7 +41,6 @@ public class RequestKeyTests { public void keysWithSameUrlAndHttpMethodAreEqual() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/someurl", "GET"); - assertThat(key2).isEqualTo(key1); } @@ -50,7 +48,6 @@ public class RequestKeyTests { public void keysWithSameUrlAndDifferentHttpMethodAreNotEqual() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/someurl", "POST"); - assertThat(key1.equals(key2)).isFalse(); assertThat(key2.equals(key1)).isFalse(); } @@ -59,7 +56,6 @@ public class RequestKeyTests { public void keysWithDifferentUrlsAreNotEquals() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/anotherurl", "GET"); - assertThat(key1.equals(key2)).isFalse(); assertThat(key2.equals(key1)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index d815881514..0cdee2f548 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -71,13 +71,11 @@ public class AbstractAuthenticationProcessingFilterTests { private MockHttpServletRequest createMockAuthenticationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/j_mock_post"); request.setScheme("http"); request.setServerName("www.example.com"); request.setRequestURI("/mycontext/j_mock_post"); request.setContextPath("/mycontext"); - return request; } @@ -101,10 +99,8 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockAuthenticationFilter filter = new MockAuthenticationFilter(); filter.setFilterProcessesUrl("/login"); - DefaultHttpFirewall firewall = new DefaultHttpFirewall(); request.setServletPath("/login;jsessionid=I8MIONOSTHOR"); - // the firewall ensures that path parameters are ignored HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request); assertThat(filter.requiresAuthentication(firewallRequest, response)).isTrue(); @@ -116,20 +112,16 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletRequest request = createMockAuthenticationRequest(); request.setServletPath("/j_OTHER_LOCATION"); request.setRequestURI("/mycontext/j_OTHER_LOCATION"); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_OTHER_LOCATION"); filter.setAuthenticationSuccessHandler(this.successHandler); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -143,7 +135,6 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setFilterProcessesUrl("/p"); filter.afterPropertiesSet(); - assertThat(filter.getRememberMeServices()).isNotNull(); filter.setRememberMeServices( new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService())); @@ -157,18 +148,14 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletRequest request = createMockAuthenticationRequest(); request.setServletPath("/some.file.html"); request.setRequestURI("/mycontext/some.file.html"); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will be invoked, as our request is // for a page the filter isn't monitoring MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to deny access MockAuthenticationFilter filter = new MockAuthenticationFilter(false); - // Test filter.doFilter(request, response, chain); } @@ -178,25 +165,20 @@ public class AbstractAuthenticationProcessingFilterTests { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); - filter.setFilterProcessesUrl("/j_mock_post"); filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -211,24 +193,19 @@ public class AbstractAuthenticationProcessingFilterTests { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post", mock(AuthenticationManager.class)); - filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -245,24 +222,19 @@ public class AbstractAuthenticationProcessingFilterTests { request.setServletPath("/j_eradicate_corona_virus"); request.setRequestURI("/mycontext/j_eradicate_corona_virus"); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter( new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class)); - filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -279,7 +251,6 @@ public class AbstractAuthenticationProcessingFilterTests { this.successHandler.setDefaultTargetUrl("/"); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setFilterProcessesUrl("/login"); - try { filter.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -295,7 +266,6 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationFailureHandler(this.failureHandler); filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationSuccessHandler(this.successHandler); - try { filter.setFilterProcessesUrl(null); fail("Should have thrown IllegalArgumentException"); @@ -309,38 +279,31 @@ public class AbstractAuthenticationProcessingFilterTests { public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationSuccessHandler(this.successHandler); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test"); - // Now try again but this time have filter deny access // Setup our HTTP request // Setup our expectation that the filter chain will not be invoked, as we redirect // to authenticationFailureUrl chain = new MockFilterChain(false); response = new MockHttpServletResponse(); - // Setup our test object, to deny access filter = new MockAuthenticationFilter(false); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationFailureHandler(this.failureHandler); - // Test filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -350,27 +313,21 @@ public class AbstractAuthenticationProcessingFilterTests { public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will be invoked, as we want to go // to the location requested in the session MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class); filter.setAuthenticationSuccessHandler(successHandler); - // Test filter.doFilter(request, response, chain); - verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); } @@ -378,26 +335,20 @@ public class AbstractAuthenticationProcessingFilterTests { public void testFailedAuthenticationInvokesFailureHandler() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to authenticationFailureUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to deny access MockAuthenticationFilter filter = new MockAuthenticationFilter(false); AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); - // Test filter.doFilter(request, response, chain); - verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -407,18 +358,14 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterConfig config = new MockFilterConfig(null, null); MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Reject authentication, so exception would normally be stored in session MockAuthenticationFilter filter = new MockAuthenticationFilter(false); this.failureHandler.setAllowSessionCreation(false); filter.setAuthenticationFailureHandler(this.failureHandler); - filter.doFilter(request, response, chain); - assertThat(request.getSession(false)).isNull(); } @@ -428,17 +375,13 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterConfig config = new MockFilterConfig(null, null); MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - MockAuthenticationFilter filter = new MockAuthenticationFilter(false); this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(this.successHandler); - filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @@ -448,19 +391,15 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void loginErrorWithInternAuthenticationServiceExceptionLogsError() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - Log logger = mock(Log.class); MockAuthenticationFilter filter = new MockAuthenticationFilter(false); ReflectionTestUtils.setField(filter, "logger", logger); filter.exceptionToThrow = new InternalAuthenticationServiceException("Mock requested to do so"); this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(this.successHandler); - filter.doFilter(request, response, chain); - verify(logger).error(anyString(), eq(filter.exceptionToThrow)); assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java index cf5985a017..e0e18ff2c5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java @@ -74,16 +74,13 @@ public class AnonymousAuthenticationFilterTests { // Put an Authentication object into the SecurityContextHolder Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A"); SecurityContextHolder.getContext().setAuthentication(originalAuth); - AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); - // Test MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("x"); executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(), new MockFilterChain(true)); - // Ensure filter didn't change our original object assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(originalAuth); } @@ -93,12 +90,10 @@ public class AnonymousAuthenticationFilterTests { AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("x"); executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(), new MockFilterChain(true)); - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); assertThat(auth.getPrincipal()).isEqualTo("anonymousUsername"); assertThat(AuthorityUtils.authorityListToSet(auth.getAuthorities())).contains("ROLE_ANONYMOUS"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java index 8a36219287..36a439e57e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java @@ -89,12 +89,10 @@ public class AuthenticationFilterTests { public void filterWhenDefaultsAndNoAuthenticationThenContinues() throws Exception { AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationManager); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -104,12 +102,10 @@ public class AuthenticationFilterTests { public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() throws Exception { AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationManagerResolver); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -122,12 +118,10 @@ public class AuthenticationFilterTests { given(this.authenticationManager.authenticate(any())).willReturn(authentication); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.authenticationManager).authenticate(any(Authentication.class)); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -139,15 +133,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.authenticationManager).authenticate(any(Authentication.class)); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -158,15 +149,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed")); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -177,15 +165,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed")); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -195,11 +180,9 @@ public class AuthenticationFilterTests { given(this.authenticationConverter.convert(any())).willReturn(null); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, new MockHttpServletResponse(), chain); - verifyZeroInteractions(this.authenticationManagerResolver); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -210,16 +193,13 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setSuccessHandler(this.successHandler); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.successHandler).onAuthenticationSuccess(any(), any(), any(), eq(authentication)); verifyZeroInteractions(this.failureHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -230,11 +210,9 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(null); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setSuccessHandler(this.successHandler); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); @@ -244,7 +222,6 @@ public class AuthenticationFilterTests { catch (ServletException ex) { verifyZeroInteractions(this.successHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); - throw ex; } } @@ -252,16 +229,13 @@ public class AuthenticationFilterTests { @Test public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() throws Exception { given(this.requestMatcher.matches(any())).willReturn(false); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setRequestMatcher(this.requestMatcher); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationConverter, this.authenticationManagerResolver, this.successHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -272,18 +246,15 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - MockHttpSession session = new MockHttpSession(); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = new MockFilterChain(); - String sessionId = session.getId(); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); filter.doFilter(request, response, chain); - assertThat(session.getId()).isNotEqualTo(sessionId); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java index 2a3293e94a..825c9ca6b4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java @@ -60,9 +60,7 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -71,10 +69,8 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login"); filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -83,11 +79,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login"); request.setContextPath("/context"); filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -96,9 +90,7 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -107,12 +99,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login"); request.setQueryString("error"); - filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -136,12 +125,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login"); request.setQueryString("not"); - filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -162,7 +148,6 @@ public class DefaultLoginPageGeneratingFilterTests { String message = messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA); request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message)); - filter.doFilter(request, new MockHttpServletResponse(), this.chain); } @@ -172,14 +157,11 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(); filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL); filter.setOauth2LoginEnabled(true); - String clientName = "Google < > \" \' &"; filter.setOauth2AuthenticationUrlToClientName( Collections.singletonMap("/oauth2/authorization/google", clientName)); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()) .contains("Google < > " ' &"); } @@ -189,13 +171,10 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(); filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL); filter.setSaml2LoginEnabled(true); - String clientName = "Google < > \" \' &"; filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName)); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()).contains("Login with SAML 2.0"); assertThat(response.getContentAsString()) .contains("Google < > " ' &"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java index 0033fa13f1..c2abbe1a44 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java @@ -61,7 +61,6 @@ public class DelegatingAuthenticationEntryPointContextTests { verify(this.firstAEP).commence(request, null, null); verify(this.defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - } @Test @@ -73,7 +72,6 @@ public class DelegatingAuthenticationEntryPointContextTests { verify(this.defaultAEP).commence(request, null, null); verify(this.firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java index ff9068b8f6..fa93a45b63 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java @@ -63,9 +63,7 @@ public class DelegatingAuthenticationEntryPointTests { RequestMatcher firstRM = mock(RequestMatcher.class); given(firstRM.matches(this.request)).willReturn(false); this.entryPoints.put(firstRM, firstAEP); - this.daep.commence(this.request, null, null); - verify(this.defaultEntryPoint).commence(this.request, null, null); verify(firstAEP, never()).commence(this.request, null, null); } @@ -79,9 +77,7 @@ public class DelegatingAuthenticationEntryPointTests { given(firstRM.matches(this.request)).willReturn(true); this.entryPoints.put(firstRM, firstAEP); this.entryPoints.put(secondRM, secondAEP); - this.daep.commence(this.request, null, null); - verify(firstAEP).commence(this.request, null, null); verify(secondAEP, never()).commence(this.request, null, null); verify(this.defaultEntryPoint, never()).commence(this.request, null, null); @@ -98,9 +94,7 @@ public class DelegatingAuthenticationEntryPointTests { given(secondRM.matches(this.request)).willReturn(true); this.entryPoints.put(firstRM, firstAEP); this.entryPoints.put(secondRM, secondAEP); - this.daep.commence(this.request, null, null); - verify(secondAEP).commence(this.request, null, null); verify(firstAEP, never()).commence(this.request, null, null); verify(this.defaultEntryPoint, never()).commence(this.request, null, null); diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java index e896523bb6..196028a094 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java @@ -79,10 +79,8 @@ public class DelegatingAuthenticationFailureHandlerTests { public void handleByDefaultHandler() throws Exception { this.handlers.put(BadCredentialsException.class, this.handler1); this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new AccountExpiredException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler1, this.handler2); verify(this.defaultHandler).onAuthenticationFailure(this.request, this.response, exception); } @@ -92,10 +90,8 @@ public class DelegatingAuthenticationFailureHandlerTests { this.handlers.put(BadCredentialsException.class, this.handler1); // same type this.handlers.put(AccountStatusException.class, this.handler2); this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new BadCredentialsException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler2, this.defaultHandler); verify(this.handler1).onAuthenticationFailure(this.request, this.response, exception); } @@ -106,43 +102,32 @@ public class DelegatingAuthenticationFailureHandlerTests { this.handlers.put(AccountStatusException.class, this.handler2); // super type of // CredentialsExpiredException this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new CredentialsExpiredException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler1, this.defaultHandler); verify(this.handler2).onAuthenticationFailure(this.request, this.response, exception); } @Test public void handlersIsNull() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("handlers cannot be null or empty"); - new DelegatingAuthenticationFailureHandler(null, this.defaultHandler); - } @Test public void handlersIsEmpty() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("handlers cannot be null or empty"); - new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - } @Test public void defaultHandlerIsNull() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("defaultHandler cannot be null"); - this.handlers.put(BadCredentialsException.class, this.handler1); new DelegatingAuthenticationFailureHandler(this.handlers, null); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java index bbcc57781a..d1bd83afc0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java @@ -37,7 +37,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests { fh.setDefaultFailureUrl("/failed"); MockHttpServletResponse response = new MockHttpServletResponse(); fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException("")); - assertThat(response.getRedirectedUrl()).isEqualTo("/failed"); } @@ -50,7 +49,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests { fh.setDefaultFailureUrl("/failed"); MockHttpServletResponse response = new MockHttpServletResponse(); fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException("")); - assertThat(response.getRedirectedUrl()).isEqualTo("/badcreds"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java index 8102ea6e5f..7fa410ecbb 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java @@ -48,13 +48,10 @@ public class ForwardAuthenticaionSuccessHandlerTests { @Test public void responseIsForwarded() throws Exception { ForwardAuthenticationSuccessHandler fash = new ForwardAuthenticationSuccessHandler("/forwardUrl"); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = mock(Authentication.class); - fash.onAuthenticationSuccess(request, response, authentication); - assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java index 4701fe1ad5..343726228a 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java @@ -48,13 +48,10 @@ public class ForwardAuthenticationFailureHandlerTests { @Test public void responseIsForwarded() throws Exception { ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl"); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); AuthenticationException e = mock(AuthenticationException.class); - fafh.onAuthenticationFailure(request, response, e); - assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java index f3ec882629..150c4e1951 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java @@ -58,7 +58,6 @@ public class HttpStatusEntryPointTests { @Test public void unauthorized() throws Exception { this.entryPoint.commence(this.request, this.response, this.authException); - assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java index 0754b7803c..72d6942ac3 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java @@ -61,7 +61,6 @@ public class LoginUrlAuthenticationEntryPointTests { assertThat(ep.getLoginFormUrl()).isEqualTo("/hello"); assertThat(ep.getPortMapper() != null).isTrue(); assertThat(ep.getPortResolver() != null).isTrue(); - ep.setForceHttps(false); assertThat(ep.isForceHttps()).isFalse(); ep.setForceHttps(true); @@ -79,44 +78,36 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); - request.setServerPort(8080); response = new MockHttpServletResponse(); ep.setPortResolver(new MockPortResolver(8080, 8443)); ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello"); - // Now test an unusual custom HTTP:HTTPS is handled properly request.setServerPort(8888); response = new MockHttpServletResponse(); ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello"); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); response = new MockHttpServletResponse(); - ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(portMapper); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:9999/bigWebApp/hello"); } @@ -129,19 +120,15 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); - request.setServerPort(8443); response = new MockHttpServletResponse(); ep.setPortResolver(new MockPortResolver(8080, 8443)); @@ -155,7 +142,6 @@ public class LoginUrlAuthenticationEntryPointTests { ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); request.setContextPath("/bigWebApp"); @@ -163,9 +149,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("localhost"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello"); } @@ -176,7 +160,6 @@ public class LoginUrlAuthenticationEntryPointTests { ep.setPortResolver(new MockPortResolver(8888, 1234)); ep.setForceHttps(true); ep.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); request.setContextPath("/bigWebApp"); @@ -184,11 +167,8 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("localhost"); request.setContextPath("/bigWebApp"); request.setServerPort(8888); // NB: Port we can't resolve - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); - // Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port // mapping assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost:8888/bigWebApp/hello"); @@ -207,9 +187,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getForwardedUrl()).isEqualTo("/hello"); } @@ -228,9 +206,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/some_path"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java index b8e50844d9..61bfc56446 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java @@ -35,11 +35,9 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests { @Test public void defaultUrlMuststartWithSlashOrHttpScheme() { SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler(); - handler.setDefaultTargetUrl("/acceptableRelativeUrl"); handler.setDefaultTargetUrl("https://some.site.org/index.html"); handler.setDefaultTargetUrl("https://some.site.org/index.html"); - try { handler.setDefaultTargetUrl("missingSlash"); fail("Shouldn't accept default target without leading slash"); @@ -58,12 +56,10 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests { MockHttpServletResponse response = new MockHttpServletResponse(); given(savedRequest.getRedirectUrl()).willReturn(redirectUrl); given(requestCache.getRequest(request, response)).willReturn(savedRequest); - SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler(); handler.setRequestCache(requestCache); handler.setRedirectStrategy(redirectStrategy); handler.onAuthenticationSuccess(request, response, mock(Authentication.class)); - verify(redirectStrategy).sendRedirect(request, response, redirectUrl); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java index ad536450f6..732ecc0f41 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java @@ -40,7 +40,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests { assertThat(afh.getRedirectStrategy()).isSameAs(rs); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class)); assertThat(response.getStatus()).isEqualTo(401); } @@ -51,9 +50,7 @@ public class SimpleUrlAuthenticationFailureHandlerTests { afh.setDefaultFailureUrl("/target"); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - AuthenticationException e = mock(AuthenticationException.class); - afh.onAuthenticationFailure(request, response, e); assertThat(request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isSameAs(e); assertThat(response.getRedirectedUrl()).isEqualTo("/target"); @@ -66,7 +63,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests { assertThat(afh.isAllowSessionCreation()).isFalse(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class)); assertThat(request.getSession(false)).isNull(); } @@ -77,11 +73,9 @@ public class SimpleUrlAuthenticationFailureHandlerTests { SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target"); afh.setUseForward(true); assertThat(afh.isUseForward()).isTrue(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); AuthenticationException e = mock(AuthenticationException.class); - afh.onAuthenticationFailure(request, response, e); assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java index d4e54686d2..1088261612 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java @@ -34,12 +34,9 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { @Test public void defaultTargetUrlIsUsedIfNoOtherInformationSet() throws Exception { SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); - assertThat(response.getRedirectedUrl()).isEqualTo("/"); } @@ -50,7 +47,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); response.setCommitted(true); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isNull(); } @@ -64,10 +60,8 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setParameter("targetUrl", "/target"); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isEqualTo("/defaultTarget"); - // Try with parameter set ash.setTargetUrlParameter("targetUrl"); response = new MockHttpServletResponse(); @@ -82,7 +76,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletResponse response = new MockHttpServletResponse(); ash.setUseReferer(true); request.addHeader("Referer", "https://www.springsource.com/"); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.springsource.com/"); } @@ -96,9 +89,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { ash.setDefaultTargetUrl("https://monkeymachine.co.uk/"); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); - assertThat(response.getRedirectedUrl()).isEqualTo("https://monkeymachine.co.uk/"); } @@ -113,14 +104,12 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { @Test public void setTargetUrlParameterEmptyTargetUrlParameter() { SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(); - try { ash.setTargetUrlParameter(""); fail("Expected Exception"); } catch (IllegalArgumentException success) { } - try { ash.setTargetUrlParameter(" "); fail("Expected Exception"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java index 157e42fb12..cfc5c35666 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java @@ -44,11 +44,9 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); // filter.init(null); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1"); @@ -59,10 +57,8 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "dokdo"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter( createAuthenticationManager()); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result).isNotNull(); } @@ -71,7 +67,6 @@ public class UsernamePasswordAuthenticationFilterTests { public void testNullPasswordHandledGracefully() { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull(); @@ -81,7 +76,6 @@ public class UsernamePasswordAuthenticationFilterTests { public void testNullUsernameHandledGracefully() { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull(); @@ -93,11 +87,9 @@ public class UsernamePasswordAuthenticationFilterTests { filter.setAuthenticationManager(createAuthenticationManager()); filter.setUsernameParameter("x"); filter.setPasswordParameter("y"); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter("x", "rod"); request.addParameter("y", "koala"); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result).isNotNull(); assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1"); @@ -108,10 +100,8 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod "); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result.getName()).isEqualTo("rod"); } @@ -124,7 +114,6 @@ public class UsernamePasswordAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); filter.setAuthenticationManager(am); - try { filter.attemptAuthentication(request, new MockHttpServletResponse()); fail("Expected AuthenticationException"); @@ -140,13 +129,10 @@ public class UsernamePasswordAuthenticationFilterTests { public void noSessionIsCreatedIfAllowSessionCreationIsFalse() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("POST"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAllowSessionCreation(false); filter.setAuthenticationManager(createAuthenticationManager()); - filter.attemptAuthentication(request, new MockHttpServletResponse()); - assertThat(request.getSession(false)).isNull(); } @@ -154,7 +140,6 @@ public class UsernamePasswordAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java index 5db6228a6d..422311985a 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java @@ -59,11 +59,8 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersSuccessfullyWithArray() { LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class); LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class); - LogoutHandler handler = new CompositeLogoutHandler(securityContextLogoutHandler, csrfLogoutHandler); - handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); - verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), @@ -74,12 +71,9 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersSuccessfully() { LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class); LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class); - List logoutHandlers = Arrays.asList(securityContextLogoutHandler, csrfLogoutHandler); LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers); - handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); - verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), @@ -90,22 +84,17 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersThrowException() { LogoutHandler firstLogoutHandler = mock(LogoutHandler.class); LogoutHandler secondLogoutHandler = mock(LogoutHandler.class); - willThrow(new IllegalArgumentException()).given(firstLogoutHandler).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); - List logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler); LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers); - try { handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); fail("Expected Exception"); } catch (IllegalArgumentException success) { } - InOrder logoutHandlersInOrder = inOrder(firstLogoutHandler, secondLogoutHandler); - logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class), diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java index 288edf36de..82e547d356 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java @@ -81,9 +81,7 @@ public class DelegatingLogoutSuccessHandlerTests { public void onLogoutSuccessFirstMatches() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); given(this.matcher.matches(this.request)).willReturn(true); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.handler).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.matcher2, this.handler2, this.defaultHandler); } @@ -92,9 +90,7 @@ public class DelegatingLogoutSuccessHandlerTests { public void onLogoutSuccessSecondMatches() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); given(this.matcher2.matches(this.request)).willReturn(true); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.handler2).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.handler, this.defaultHandler); } @@ -102,18 +98,14 @@ public class DelegatingLogoutSuccessHandlerTests { @Test public void onLogoutSuccessDefault() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.defaultHandler).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.handler, this.handler2); } @Test public void onLogoutSuccessNoMatchDefaultNull() throws Exception { - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verifyZeroInteractions(this.handler, this.handler2, this.defaultHandler); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java index d4a95a3b71..4dfc0d8c73 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java @@ -40,20 +40,16 @@ public class ForwardLogoutSuccessHandlerTests { @Test public void invalidTargetUrl() { String targetUrl = "not.valid"; - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); - new ForwardLogoutSuccessHandler(targetUrl); } @Test public void emptyTargetUrl() { String targetUrl = " "; - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); - new ForwardLogoutSuccessHandler(targetUrl); } @@ -61,13 +57,10 @@ public class ForwardLogoutSuccessHandlerTests { public void logoutSuccessIsHandled() throws Exception { String targetUrl = "/login?logout"; ForwardLogoutSuccessHandler handler = new ForwardLogoutSuccessHandler(targetUrl); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = mock(Authentication.class); - handler.onLogoutSuccess(request, response, authentication); - assertThat(response.getForwardedUrl()).isEqualTo(targetUrl); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java index 716c164db1..da1211f284 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java @@ -53,7 +53,6 @@ public class HeaderWriterLogoutHandlerTests { public void constructorWhenHeaderWriterIsNullThenThrowsException() { this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("headerWriter cannot be null"); - new HeaderWriterLogoutHandler(null); } @@ -62,7 +61,6 @@ public class HeaderWriterLogoutHandlerTests { HeaderWriter headerWriter = mock(HeaderWriter.class); HeaderWriterLogoutHandler handler = new HeaderWriterLogoutHandler(headerWriter); handler.logout(this.request, this.response, mock(Authentication.class)); - verify(headerWriter).writeHeaders(this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java index d4e399c6b7..2065a83fed 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java @@ -35,12 +35,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { @Test public void testDefaultHttpStatusBeingReturned() throws Exception { final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - lsh.onLogoutSuccess(request, response, mock(Authentication.class)); - assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); assertThat(response.getForwardedUrl()).isNull(); @@ -51,12 +48,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { public void testCustomHttpStatusBeingReturned() throws Exception { final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler( HttpStatus.NO_CONTENT); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - lsh.onLogoutSuccess(request, response, mock(Authentication.class)); - assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); assertThat(response.getForwardedUrl()).isNull(); @@ -65,7 +59,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { @Test public void testThatSettNullHttpStatusThrowsException() { - try { new HttpStatusReturningLogoutSuccessHandler(null); } @@ -73,7 +66,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { assertThat(ex).hasMessage("The provided HttpStatus must not be null."); return; } - fail("Expected an IllegalArgumentException to be thrown."); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java index cc0067351f..814b009fff 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java @@ -41,11 +41,9 @@ public class LogoutHandlerTests { public void testRequiresLogoutUrlWorksWithPathParams() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setRequestURI("/context/logout;someparam=blah?param=blah"); request.setServletPath("/logout;someparam=blah"); request.setQueryString("otherparam=blah"); - DefaultHttpFirewall fw = new DefaultHttpFirewall(); assertThat(this.filter.requiresLogout(fw.getFirewalledRequest(request), response)).isTrue(); } @@ -55,11 +53,9 @@ public class LogoutHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/logout"); request.setRequestURI("/context/logout?param=blah"); request.setQueryString("otherparam=blah"); - assertThat(this.filter.requiresLogout(request, response)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java index 31c2b4372d..69ecf1ccf6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java @@ -37,9 +37,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests { LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler(); LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher(); handler.setApplicationEventPublisher(eventPublisher); - handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(Authentication.class)); - assertThat(eventPublisher.flag).isTrue(); } @@ -48,9 +46,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests { LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler(); LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher(); handler.setApplicationEventPublisher(eventPublisher); - handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), null); - assertThat(eventPublisher.flag).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java index 34b73a69bf..c5a0024de5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java @@ -46,9 +46,7 @@ public class SecurityContextLogoutHandlerTests { public void setUp() { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.handler = new SecurityContextLogoutHandler(); - SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication( new TestingAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); @@ -74,7 +72,6 @@ public class SecurityContextLogoutHandlerTests { SecurityContext beforeContext = SecurityContextHolder.getContext(); Authentication beforeAuthentication = beforeContext.getAuthentication(); this.handler.logout(this.request, this.response, SecurityContextHolder.getContext().getAuthentication()); - assertThat(beforeContext.getAuthentication()).isNotNull(); assertThat(beforeContext.getAuthentication()).isSameAs(beforeAuthentication); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java index ec318a9f33..d305e844e5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java @@ -144,9 +144,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.principal = null; filter.setCheckForPrincipalChanges(true); - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -156,9 +154,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { SecurityContextHolder.getContext().setAuthentication(authentication); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.principal = null; - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(authentication); } @@ -170,16 +166,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = principal; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -192,16 +185,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = "newUser"; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -214,7 +204,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setAuthenticationSuccessHandler(new ForwardAuthenticationSuccessHandler("/forwardUrl")); filter.setCheckForPrincipalChanges(true); @@ -222,9 +211,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); } @@ -234,7 +221,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler("/forwardUrl")); filter.setCheckForPrincipalChanges(true); @@ -243,9 +229,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { .willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid")); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isNotNull(); @@ -260,16 +244,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = principal; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -282,7 +263,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = new User(currentPrincipal.getUsername(), currentPrincipal.getPassword(), @@ -290,9 +270,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -305,16 +283,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = new Object(); AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -326,7 +301,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() { @Override protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) { @@ -338,9 +312,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -352,7 +324,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() { @Override protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) { @@ -364,9 +335,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -375,16 +344,12 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/no-matching")); - AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -393,18 +358,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/**")); - AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); - } private void testDoFilter(boolean grantAccess) throws Exception { @@ -417,7 +377,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); AuthenticationManager am = mock(AuthenticationManager.class); - if (!grantAccess) { given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); } @@ -425,7 +384,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); } - filter.setAuthenticationManager(am); filter.afterPropertiesSet(); return filter; diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java index cac4b9c717..19d682a852 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java @@ -37,7 +37,6 @@ public class PreAuthenticatedAuthenticationProviderTests { @Test(expected = IllegalArgumentException.class) public final void afterPropertiesSet() { PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); - provider.afterPropertiesSet(); } @@ -120,7 +119,6 @@ public class PreAuthenticatedAuthenticationProviderTests { if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) { return aUserDetails; } - throw new UsernameNotFoundException("notfound"); }; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java index ae98ada53d..36089ccd66 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java @@ -68,12 +68,10 @@ public class PreAuthenticatedAuthenticationTokenTests { assertThat(token.getDetails()).isNull(); assertThat(token.getAuthorities()).isNotNull(); Collection resultColl = token.getAuthorities(); - assertThat( - - gas.containsAll(resultColl) && resultColl.containsAll(gas)).withFailMessage( + assertThat(gas.containsAll(resultColl) && resultColl.containsAll(gas)) + .withFailMessage( "GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas) - .isTrue(); - + .isTrue(); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java index 0faaa7393e..6f66962c71 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java @@ -71,11 +71,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests { assertThat(ud.isCredentialsNonExpired()).isTrue(); assertThat(ud.isEnabled()).isTrue(); assertThat(userName).isEqualTo(ud.getUsername()); - // Password is not saved by // PreAuthenticatedGrantedAuthoritiesUserDetailsService // assertThat(password).isEqualTo(ud.getPassword()); - assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)).withFailMessage( "GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas) .isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java index d5e8c7778f..be8e7da266 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java @@ -50,7 +50,6 @@ public class RequestAttributeAuthenticationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); - filter.doFilter(request, response, chain); } @@ -62,7 +61,6 @@ public class RequestAttributeAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat"); @@ -78,7 +76,6 @@ public class RequestAttributeAuthenticationFilterTests { RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); filter.setPrincipalEnvironmentVariable("myUsernameVariable"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman"); @@ -94,7 +91,6 @@ public class RequestAttributeAuthenticationFilterTests { filter.setCredentialsEnvironmentVariable("myCredentialsVariable"); request.setAttribute("REMOTE_USER", "cat"); request.setAttribute("myCredentialsVariable", "catspassword"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword"); @@ -130,7 +126,6 @@ public class RequestAttributeAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); } @@ -152,7 +147,6 @@ public class RequestAttributeAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java index feff5b00fb..9742f2675b 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java @@ -52,7 +52,6 @@ public class RequestHeaderAuthenticationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); - filter.doFilter(request, response, chain); } @@ -64,7 +63,6 @@ public class RequestHeaderAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat"); @@ -80,7 +78,6 @@ public class RequestHeaderAuthenticationFilterTests { RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); filter.setPrincipalRequestHeader("myUsernameHeader"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman"); @@ -96,7 +93,6 @@ public class RequestHeaderAuthenticationFilterTests { filter.setCredentialsRequestHeader("myCredentialsHeader"); request.addHeader("SM_USER", "cat"); request.addHeader("myCredentialsHeader", "catspassword"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword"); @@ -131,7 +127,6 @@ public class RequestHeaderAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); } @@ -153,7 +148,6 @@ public class RequestHeaderAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java index 13cab85518..694827cc1e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java @@ -125,7 +125,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { List gas = details.getGrantedAuthorities(); assertThat(gas).as("Granted authorities should not be null").isNotNull(); assertThat(gas).hasSize(expectedRoles.length); - Collection expectedRolesColl = Arrays.asList(expectedRoles); Collection gasRolesSet = new HashSet<>(); for (GrantedAuthority grantedAuthority : gas) { @@ -140,7 +139,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles)); result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper()); - try { result.afterPropertiesSet(); } @@ -167,7 +165,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { private HttpServletRequest getRequest(final String userName, final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet<>(Arrays.asList(aRoles)); @Override diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java index e5e5fd9343..fcc462dfb8 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java @@ -49,7 +49,6 @@ public class J2eePreAuthenticatedProcessingFilterTests { private HttpServletRequest getRequest(final String aUserName, final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet<>(Arrays.asList(aRoles)); @Override diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java index fc2dd00f04..55c8b8fab4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java @@ -35,7 +35,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests { List ROLE1TO4_EXPECTED_ROLES = Arrays.asList("Role1", "Role2", "Role3", "Role4"); final Resource webXml = new ClassPathResource("webxml/Role1-4.web.xml"); WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever(); - rolesRetriever.setResourceLoader(new ResourceLoader() { @Override public ClassLoader getClassLoader() { @@ -47,7 +46,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests { return webXml; } }); - rolesRetriever.afterPropertiesSet(); Set j2eeRoles = rolesRetriever.getMappableAttributes(); assertThat(j2eeRoles).containsAll(ROLE1TO4_EXPECTED_ROLES); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java index 54a3ade07f..87b2e2e7bb 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java @@ -52,17 +52,14 @@ public class WebSpherePreAuthenticatedProcessingFilterTests { WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(helper); assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo("jerry"); assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A"); - AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - filter.setAuthenticationManager(am); WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource( helper); ads.setWebSphereGroups2GrantedAuthoritiesMapper(new SimpleAttributes2GrantedAuthoritiesMapper()); filter.setAuthenticationDetailsSource(ads); - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java index f290fc34a6..3c9c844424 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java @@ -94,10 +94,8 @@ public final class X509TestUtils { + "lcKwXuDRBWciODK/xWhvQbaegGJ1BtXcEHtvNjrUJLwSMDSr+U5oUYdMohG0h1iJ\n" + "R+JQc49I33o2cTc77wfEWLtVdXAyYY4GSJR6VfgvV40x85ItaNS3HHfT/aXU1x4m\n" + "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n" + "-----END CERTIFICATE-----"; - ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); - return (X509Certificate) cf.generateCertificate(in); } @@ -134,7 +132,6 @@ public final class X509TestUtils { + "-----END CERTIFICATE-----\n"; ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); - return (X509Certificate) cf.generateCertificate(in); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java index 2556a59e57..91607d8d6d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java @@ -90,12 +90,10 @@ public class AbstractRememberMeServicesTests { public void cookieShouldBeCorrectlyEncodedAndDecoded() { String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" }; MockRememberMeServices services = new MockRememberMeServices(this.uds); - String encoded = services.encodeCookie(cookie); // '=' aren't allowed in version 0 cookies. assertThat(encoded).doesNotEndWith("="); String[] decoded = services.decodeCookie(encoded); - assertThat(decoded).containsExactly("name:with:colon", "cookie", "tokens", "blah"); } @@ -103,11 +101,9 @@ public class AbstractRememberMeServicesTests { public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() { String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens", "blah" }; MockRememberMeServices services = new MockRememberMeServices(this.uds); - String[] decoded = services.decodeCookie(services.encodeCookie(cookie)); assertThat(decoded).hasSize(4); assertThat(decoded[0]).isEqualTo("https://id.openid.zz"); - // Check https (SEC-1410) cookie[0] = "https://id.openid.zz"; decoded = services.decodeCookie(services.encodeCookie(cookie)); @@ -120,12 +116,9 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(services.autoLogin(request, response)).isNull(); - // shouldn't try to invalidate our cookie assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull(); - request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); // set non-login cookie @@ -139,14 +132,10 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.afterPropertiesSet(); assertThat(services.getUserDetailsService()).isNotNull(); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNotNull(); } @@ -155,7 +144,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ")); Authentication result = services.autoLogin(request, response); assertThat(result).isNull(); @@ -167,7 +155,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "")); Authentication result = services.autoLogin(request, response); assertThat(result).isNull(); @@ -177,16 +164,12 @@ public class AbstractRememberMeServicesTests { @Test public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() { MockRememberMeServices services = new MockRememberMeServices(new MockUserDetailsService(joe, true)); - MockHttpServletRequest request = new MockHttpServletRequest(); // Wrong number of tokens request.setCookies(createLoginCookie("cookie:1")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -194,15 +177,11 @@ public class AbstractRememberMeServicesTests { public void autoLoginShouldFailIfUserNotFound() { this.uds.setThrowException(true); MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -211,15 +190,11 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setUserDetailsChecker(new AccountStatusUserDetailsChecker()); this.uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities()); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -227,14 +202,11 @@ public class AbstractRememberMeServicesTests { public void loginFailShouldCancelCookie() { this.uds.setThrowException(true); MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.loginFail(request, response); - assertCookieCancelled(response); } @@ -242,20 +214,15 @@ public class AbstractRememberMeServicesTests { public void logoutShouldCancelCookie() { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); } @@ -265,20 +232,15 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); services.setUseSecureCookie(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); assertThat(returnedCookie.getSecure()).isEqualTo(true); @@ -288,21 +250,16 @@ public class AbstractRememberMeServicesTests { public void cancelledCookieShouldUseRequestIsSecure() { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); request.setSecure(true); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); assertThat(returnedCookie.getSecure()).isEqualTo(true); @@ -311,53 +268,43 @@ public class AbstractRememberMeServicesTests { @Test(expected = CookieTheftException.class) public void cookieTheftExceptionShouldBeRethrown() { MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) { throw new CookieTheftException("Pretending cookie was stolen"); } }; - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.autoLogin(request, response); } @Test public void loginSuccessCallsOnLoginSuccessCorrectly() { MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication auth = new UsernamePasswordAuthenticationToken("joe", "password"); - // No parameter set services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isFalse(); - // Parameter set to true services = new MockRememberMeServices(this.uds); request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isTrue(); - // Different parameter name, set to true services = new MockRememberMeServices(this.uds); services.setParameter("my_parameter"); request.setParameter("my_parameter", "true"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isTrue(); - // Parameter set to false services = new MockRememberMeServices(this.uds); request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isFalse(); - // alwaysRemember set to true services = new MockRememberMeServices(this.uds); services.setAlwaysRemember(true); @@ -371,7 +318,6 @@ public class AbstractRememberMeServicesTests { MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected String encodeCookie(String[] cookieTokens) { return cookieTokens[0]; @@ -380,7 +326,6 @@ public class AbstractRememberMeServicesTests { services.setCookieName("mycookiename"); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie("mycookiename"); - assertThat(cookie).isNotNull(); assertThat(cookie.getValue()).isEqualTo("mycookie"); assertThat(cookie.getName()).isEqualTo("mycookiename"); @@ -393,9 +338,7 @@ public class AbstractRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); - MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected String encodeCookie(String[] cookieTokens) { return cookieTokens[0]; @@ -412,7 +355,6 @@ public class AbstractRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); - MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); @@ -425,9 +367,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, 0, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isEqualTo(1); } @@ -438,9 +378,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, -1, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isEqualTo(1); } @@ -451,9 +389,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, 1, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isZero(); } @@ -463,12 +399,10 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookieName("mycookiename"); services.setCookieDomain("spring.io"); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie("mycookiename"); - assertThat(cookie).isNotNull(); assertThat(cookie.getDomain()).isEqualTo("spring.io"); } @@ -477,7 +411,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":"))); - return new Cookie[] { cookie }; } @@ -515,9 +448,7 @@ public class AbstractRememberMeServicesTests { if (cookieTokens.length != 3) { throw new InvalidCookieException("deliberate exception"); } - UserDetails user = getUserDetailsService().loadUserByUsername("joe"); - return user; } @@ -543,7 +474,6 @@ public class AbstractRememberMeServicesTests { if (this.throwException) { throw new UsernameNotFoundException("as requested by mock"); } - return this.toReturn; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java index 6aaa1617cb..97546514d0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java @@ -94,9 +94,7 @@ public class JdbcTokenRepositoryImplTests { Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis()); PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser", "joesseries", "atoken", currentDate); this.repo.createNewToken(token); - Map results = this.template.queryForMap("select * from persistent_logins"); - assertThat(results.get("last_used")).isEqualTo(currentDate); assertThat(results.get("username")).isEqualTo("joeuser"); assertThat(results.get("series")).isEqualTo("joesseries"); @@ -105,11 +103,9 @@ public class JdbcTokenRepositoryImplTests { @Test public void retrievingTokenReturnsCorrectData() { - this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); PersistentRememberMeToken token = this.repo.getTokenForSeries("joesseries"); - assertThat(token.getUsername()).isEqualTo("joeuser"); assertThat(token.getSeries()).isEqualTo("joesseries"); assertThat(token.getTokenValue()).isEqualTo("atoken"); @@ -122,11 +118,9 @@ public class JdbcTokenRepositoryImplTests { + "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')"); this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); - // List results = // template.queryForList("select * from persistent_logins where series = // 'joesseries'"); - assertThat(this.repo.getTokenForSeries("joesseries")).isNull(); } @@ -146,16 +140,12 @@ public class JdbcTokenRepositoryImplTests { + "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')"); this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); - // List results = // template.queryForList("select * from persistent_logins where series = // 'joesseries'"); - this.repo.removeUserTokens("joeuser"); - List> results = this.template .queryForList("select * from persistent_logins where username = 'joeuser'"); - assertThat(results).isEmpty(); } @@ -165,10 +155,8 @@ public class JdbcTokenRepositoryImplTests { this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')"); this.repo.updateToken("joesseries", "newtoken", new Date()); - Map results = this.template .queryForMap("select * from persistent_logins where series = 'joesseries'"); - assertThat(results.get("username")).isEqualTo("joeuser"); assertThat(results.get("series")).isEqualTo("joesseries"); assertThat(results.get("token")).isEqualTo("newtoken"); @@ -183,7 +171,6 @@ public class JdbcTokenRepositoryImplTests { this.repo.setDataSource(dataSource); this.repo.setCreateTableOnStartup(true); this.repo.initDao(); - this.template.queryForList("select username,series,token,last_used from persistent_logins"); } @@ -194,9 +181,7 @@ public class JdbcTokenRepositoryImplTests { Date lastUsed = new Date(1424841314059L); JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl(); repository.setJdbcTemplate(template); - repository.updateToken("series", "token", lastUsed); - verify(template).update(anyString(), anyString(), eq(lastUsed), anyString()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java index 2ad5f33561..aa73bc10e6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java @@ -35,7 +35,6 @@ public class NullRememberMeServicesTests { assertThat(services.autoLogin(null, null)).isNull(); services.loginFail(null, null); services.loginSuccess(null, null, null); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java index 6d0bbd2371..d9796b9089 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java @@ -69,7 +69,6 @@ public class PersistentTokenBasedRememberMeServicesTests { this.services = create(new PersistentRememberMeToken("joe", "series", "token", new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100))); this.services.setTokenValiditySeconds(1); - this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(), new MockHttpServletResponse()); } @@ -107,9 +106,7 @@ public class PersistentTokenBasedRememberMeServicesTests { new UsernamePasswordAuthenticationToken("joe", "password")); assertThat(this.repo.getStoredToken().getSeries().length()).isEqualTo(16); assertThat(this.repo.getStoredToken().getTokenValue().length()).isEqualTo(16); - String[] cookie = this.services.decodeCookie(response.getCookie("mycookiename").getValue()); - assertThat(cookie[0]).isEqualTo(this.repo.getStoredToken().getSeries()); assertThat(cookie[1]).isEqualTo(this.repo.getStoredToken().getTokenValue()); } @@ -125,7 +122,6 @@ public class PersistentTokenBasedRememberMeServicesTests { Cookie returnedCookie = response.getCookie("mycookiename"); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); - // SEC-1280 this.services.logout(request, response, null); } @@ -135,7 +131,6 @@ public class PersistentTokenBasedRememberMeServicesTests { PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false), this.repo); - services.setCookieName("mycookiename"); return services; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java index 595a5c8353..124ff6ecba 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java @@ -78,18 +78,15 @@ public class RememberMeAuthenticationFilterTests { // Put an Authentication object into the SecurityContextHolder Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A"); SecurityContextHolder.getContext().setAuthentication(originalAuth); - // Setup our filter correctly RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), new MockRememberMeServices(this.remembered)); filter.afterPropertiesSet(); - // Test MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - // Ensure filter didn't change our original object assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -99,16 +96,13 @@ public class RememberMeAuthenticationFilterTests { public void testOperationWhenNoAuthenticationInContextHolder() throws Exception { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(this.remembered)).willReturn(this.remembered); - RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(this.remembered)); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - // Ensure filter setup with our remembered authentication object assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.remembered); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -119,7 +113,6 @@ public class RememberMeAuthenticationFilterTests { final Authentication failedAuth = new TestingAuthenticationToken("failed", ""); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); - RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(this.remembered)) { @Override @@ -131,12 +124,10 @@ public class RememberMeAuthenticationFilterTests { }; filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class)); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(failedAuth); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -153,9 +144,7 @@ public class RememberMeAuthenticationFilterTests { FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, response, fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/target"); - // Should return after success handler is invoked, so chain should not proceed verifyZeroInteractions(fc); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java index 516dba5a08..d6b32b0ae4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java @@ -78,7 +78,6 @@ public class TokenBasedRememberMeServicesTests { private long determineExpiryTimeFromBased64EncodedToken(String validToken) { String cookieAsPlainText = new String(Base64.decodeBase64(validToken.getBytes())); String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, ":"); - if (cookieTokens.length == 3) { try { return Long.parseLong(cookieTokens[1]); @@ -86,7 +85,6 @@ public class TokenBasedRememberMeServicesTests { catch (NumberFormatException ignored) { } } - return -1; } @@ -96,14 +94,12 @@ public class TokenBasedRememberMeServicesTests { // password + ":" + key) String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key); String tokenValue = username + ":" + expiryTime + ":" + signatureValue; - return new String(Base64.encodeBase64(tokenValue.getBytes())); } @Test public void autoLoginReturnsNullIfNoCookiePresented() { MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(new MockHttpServletRequest(), response); assertThat(result).isNull(); // No cookie set @@ -116,9 +112,7 @@ public class TokenBasedRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(request, response); - assertThat(result).isNull(); assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull(); } @@ -130,9 +124,7 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); @@ -145,10 +137,8 @@ public class TokenBasedRememberMeServicesTests { new String(Base64.encodeBase64("x".getBytes()))); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -160,10 +150,8 @@ public class TokenBasedRememberMeServicesTests { "NOT_BASE_64_ENCODED"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -177,11 +165,8 @@ public class TokenBasedRememberMeServicesTests { "WRONG_KEY")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -193,10 +178,8 @@ public class TokenBasedRememberMeServicesTests { new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes()))); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -210,11 +193,8 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -228,9 +208,7 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - this.services.autoLogin(request, response); } @@ -242,11 +220,8 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(request, response); - assertThat(result).isNotNull(); assertThat(result.getPrincipal()).isEqualTo(this.user); } @@ -254,13 +229,10 @@ public class TokenBasedRememberMeServicesTests { @Test public void testGettersSetters() { assertThat(this.services.getUserDetailsService()).isEqualTo(this.uds); - assertThat(this.services.getKey()).isEqualTo("key"); - assertThat(this.services.getParameter()).isEqualTo(AbstractRememberMeServices.DEFAULT_PARAMETER); this.services.setParameter("some_param"); assertThat(this.services.getParameter()).isEqualTo("some_param"); - this.services.setTokenValiditySeconds(12); assertThat(this.services.getTokenValiditySeconds()).isEqualTo(12); } @@ -270,7 +242,6 @@ public class TokenBasedRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginFail(request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isZero(); @@ -282,10 +253,8 @@ public class TokenBasedRememberMeServicesTests { new AbstractRememberMeServicesTests.MockUserDetailsService(null, false)); MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false"); - MockHttpServletResponse response = new MockHttpServletResponse(); services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNull(); } @@ -296,11 +265,9 @@ public class TokenBasedRememberMeServicesTests { this.services.setTokenValiditySeconds(500000000); MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); String expiryTime = this.services.decodeCookie(cookie.getValue())[1]; long expectedExpiryTime = 1000L * 500000000; @@ -316,11 +283,9 @@ public class TokenBasedRememberMeServicesTests { public void loginSuccessNormalWithUserDetailsBasedPrincipalSetsExpectedCookie() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds()); @@ -340,12 +305,10 @@ public class TokenBasedRememberMeServicesTests { public void negativeValidityPeriodIsSetOnCookieButExpiryTimeRemainsAtTwoWeeks() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.setTokenValiditySeconds(-1); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); // Check the expiry time is within 50ms of two weeks from current time diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java index 087c6bc578..5c75c28c8e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java @@ -76,7 +76,6 @@ public class CompositeSessionAuthenticationStrategyTests { CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy( Arrays.asList(this.strategy1, this.strategy2)); strategy.onAuthentication(this.authentication, this.request, this.response); - verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response); verify(this.strategy2).onAuthentication(this.authentication, this.request, this.response); } @@ -85,17 +84,14 @@ public class CompositeSessionAuthenticationStrategyTests { public void delegateShortCircuits() { willThrow(new SessionAuthenticationException("oops")).given(this.strategy1) .onAuthentication(this.authentication, this.request, this.response); - CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy( Arrays.asList(this.strategy1, this.strategy2)); - try { strategy.onAuthentication(this.authentication, this.request, this.response); fail("Expected Exception"); } catch (SessionAuthenticationException success) { } - verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response); verify(this.strategy2, times(0)).onAuthentication(this.authentication, this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java index 0f10d0e19c..7e69cbfd5d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java @@ -67,7 +67,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { this.response = new MockHttpServletResponse(); this.sessionInformation = new SessionInformation(this.authentication.getPrincipal(), "unique", new Date(1374766134216L)); - this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry); } @@ -82,9 +81,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.emptyList()); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - // no exception } @@ -96,9 +93,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - // no exception } @@ -108,7 +103,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); } @@ -117,9 +111,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(this.sessionInformation.isExpired()).isTrue(); } @@ -130,9 +122,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) .willReturn(Arrays.asList(moreRecentSessionInfo, this.sessionInformation)); this.strategy.setMaximumSessions(2); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(this.sessionInformation.isExpired()).isTrue(); } @@ -145,9 +135,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())).willReturn( Arrays.asList(oldestSessionInfo, secondOldestSessionInfo, this.sessionInformation)); this.strategy.setMaximumSessions(2); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(oldestSessionInfo.isExpired()).isTrue(); assertThat(secondOldestSessionInfo.isExpired()).isTrue(); assertThat(this.sessionInformation.isExpired()).isFalse(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java index 668b651805..34d88f80ae 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java @@ -64,7 +64,6 @@ public class RegisterSessionAuthenticationStrategyTests { @Test public void onAuthenticationRegistersSession() { this.authenticationStrategy.onAuthentication(this.authentication, this.request, this.response); - verify(this.registry).registerNewSession(this.request.getSession().getId(), this.authentication.getPrincipal()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java index 71401bf5ad..55a43482a9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java @@ -84,30 +84,24 @@ public class SwitchUserFilterTests { request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("POST"); - return request; } private Authentication switchToUser(String name) { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter("myUsernameParameter", name); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUsernameParameter("myUsernameParameter"); filter.setUserDetailsService(new MockUserDetailsService()); - return filter.attemptSwitchUser(request); - } private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchAuthorityRole(switchAuthorityRole); - return filter.attemptSwitchUser(request); } @@ -115,10 +109,8 @@ public class SwitchUserFilterTests { public void requiresExitUserMatchesCorrectly() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isTrue(); } @@ -127,10 +119,8 @@ public class SwitchUserFilterTests { public void requiresExitUserWhenEndsWithThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isFalse(); } @@ -138,13 +128,11 @@ public class SwitchUserFilterTests { // gh-4183 public void requiresExitUserWhenGetThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("GET"); - assertThat(filter.requiresExitUser(request)).isFalse(); } @@ -152,10 +140,8 @@ public class SwitchUserFilterTests { public void requiresExitUserWhenMatcherThenWorks() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserMatcher(AnyRequestMatcher.INSTANCE); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isTrue(); } @@ -163,10 +149,8 @@ public class SwitchUserFilterTests { public void requiresSwitchMatchesCorrectly() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/j_spring_security_my_switch_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/j_spring_security_my_switch_user"); - assertThat(filter.requiresSwitchUser(request)).isTrue(); } @@ -175,10 +159,8 @@ public class SwitchUserFilterTests { public void requiresSwitchUserWhenEndsWithThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresSwitchUser(request)).isFalse(); } @@ -186,13 +168,11 @@ public class SwitchUserFilterTests { // gh-4183 public void requiresSwitchUserWhenGetThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("GET"); - assertThat(filter.requiresSwitchUser(request)).isFalse(); } @@ -200,19 +180,15 @@ public class SwitchUserFilterTests { public void requiresSwitchUserWhenMatcherThenWorks() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserMatcher(AnyRequestMatcher.INSTANCE); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresSwitchUser(request)).isTrue(); } @Test(expected = UsernameNotFoundException.class) public void attemptSwitchToUnknownUserFails() { - MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.attemptSwitchUser(request); @@ -253,14 +229,11 @@ public class SwitchUserFilterTests { filter.setTargetUrl("/target"); filter.setUserDetailsService(new MockUserDetailsService()); filter.afterPropertiesSet(); - // Check it with no url set (should get a text response) FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - assertThat(response.getErrorMessage()).isNotNull(); - // Now check for the redirect request.setContextPath("/mywebapp"); request.setRequestURI("/mywebapp/login/impersonate"); @@ -270,11 +243,9 @@ public class SwitchUserFilterTests { filter.setSwitchFailureUrl("/switchfailed"); filter.afterPropertiesSet(); response = new MockHttpServletResponse(); - chain = mock(FilterChain.class); filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/mywebapp/switchfailed"); assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed"); } @@ -303,7 +274,6 @@ public class SwitchUserFilterTests { request.setContextPath("/webapp"); SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); - request.setRequestURI("/webapp/login/impersonate;jsessionid=8JHDUD723J8"); assertThat(filter.requiresSwitchUser(request)).isTrue(); } @@ -313,32 +283,25 @@ public class SwitchUserFilterTests { // original user UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50", ROLES_12); - // set current user (Admin) List adminAuths = new ArrayList<>(); adminAuths.addAll(ROLES_12); adminAuths.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source)); UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50", adminAuths); - SecurityContextHolder.getContext().setAuthentication(admin); - MockHttpServletRequest request = createMockSwitchRequest(); request.setRequestURI("/logout/impersonate"); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setExitUserUrl("/logout/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl")); - // run 'exit' FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - // check current user, should be back to original user (dano) Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication(); assertThat(targetAuth).isNotNull(); @@ -349,20 +312,16 @@ public class SwitchUserFilterTests { public void exitUserWithNoCurrentUserFails() throws Exception { // no current user in secure context SecurityContextHolder.clearContext(); - MockHttpServletRequest request = createMockSwitchRequest(); request.setRequestURI("/logout/impersonate"); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setExitUserUrl("/logout/impersonate"); - // run 'exit', expect fail due to no current user FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); } @@ -372,18 +331,14 @@ public class SwitchUserFilterTests { request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); request.setRequestURI("/webapp/login/impersonate"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl")); filter.setUserDetailsService(new MockUserDetailsService()); - FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/webapp/someOtherUrl"); } @@ -392,12 +347,10 @@ public class SwitchUserFilterTests { // set current user UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = createMockSwitchRequest(); request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); request.setRequestURI("/webapp/login/impersonate"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler( @@ -407,14 +360,10 @@ public class SwitchUserFilterTests { switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector); filter.setSuccessHandler(switchSuccessHandler); filter.setUserDetailsService(new MockUserDetailsService()); - FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl"); } @@ -423,28 +372,22 @@ public class SwitchUserFilterTests { // set current user UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - // http request MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/webapp/login/impersonate"); request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); - // http response MockHttpServletResponse response = new MockHttpServletResponse(); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchUserUrl("/login/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl")); - FilterChain chain = mock(FilterChain.class); - // test updates user token and context filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - // check current user Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication(); assertThat(targetAuth).isNotNull(); @@ -456,10 +399,8 @@ public class SwitchUserFilterTests { public void modificationOfAuthoritiesWorks() { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchUserAuthorityChanger((targetUser, currentAuthentication, authoritiesToBeGranted) -> { @@ -467,7 +408,6 @@ public class SwitchUserFilterTests { auths.add(new SimpleGrantedAuthority("ROLE_NEW")); return auths; }); - Authentication result = filter.attemptSwitchUser(request); assertThat(result != null).isTrue(); assertThat(result.getAuthorities()).hasSize(2); @@ -483,16 +423,13 @@ public class SwitchUserFilterTests { SecurityContextHolder.getContext().setAuthentication(source); SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord")); Authentication switched = switchToUser("dano"); - SwitchUserGrantedAuthority switchedFrom = null; - for (GrantedAuthority ga : switched.getAuthorities()) { if (ga instanceof SwitchUserGrantedAuthority) { switchedFrom = (SwitchUserGrantedAuthority) ga; break; } } - assertThat(switchedFrom).isNotNull(); assertThat(source).isSameAs(switchedFrom.getSource()); } @@ -509,23 +446,19 @@ public class SwitchUserFilterTests { @Test public void switchAuthorityRoleCanBeChanged() { String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR"; - // original user UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("orig", "hawaii50", ROLES_12); SecurityContextHolder.getContext().setAuthentication(source); SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord")); Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole); - SwitchUserGrantedAuthority switchedFrom = null; - for (GrantedAuthority ga : switched.getAuthorities()) { if (ga instanceof SwitchUserGrantedAuthority) { switchedFrom = (SwitchUserGrantedAuthority) ga; break; } } - assertThat(switchedFrom).isNotNull(); assertThat(switchedFrom.getSource()).isSameAs(source); assertThat(switchAuthorityRole).isEqualTo(switchedFrom.getAuthority()); diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java index f8c1de66a8..7e93bd73ab 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java @@ -38,7 +38,6 @@ public class DefaultLogoutPageGeneratingFilterTests { @Test public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilter(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect(content().string("\n" + "\n" + " \n" + " \n" + " \n" @@ -58,7 +57,6 @@ public class DefaultLogoutPageGeneratingFilterTests { public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception { this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1")); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect( content().string(containsString(""))); } @@ -66,7 +64,6 @@ public class DefaultLogoutPageGeneratingFilterTests { @Test public void doFilterWhenRequestContextThenActionContainsRequestContext() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); - mockMvc.perform(get("/context/logout").contextPath("/context")) .andExpect(content().string(containsString("action=\"/context/logout\""))); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java index a06829f66b..ab86511eb7 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java @@ -58,7 +58,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); @@ -70,7 +69,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); @@ -81,7 +79,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer someOtherToken"); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verifyZeroInteractions(this.authenticationDetailsSource); assertThat(authentication).isNull(); } @@ -98,7 +95,6 @@ public class BasicAuthenticationConverterTests { public void testWhenInvalidBase64ThenError() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic NOT_VALID_BASE64"); - this.converter.convert(request); } @@ -108,7 +104,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java index 91cf5cf819..2050d9267f 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java @@ -36,7 +36,6 @@ public class BasicAuthenticationEntryPointTests { @Test public void testDetectsMissingRealmName() { BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint(); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -56,21 +55,14 @@ public class BasicAuthenticationEntryPointTests { @Test public void testNormalOperation() throws Exception { BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint(); - ep.setRealmName("hello"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // ep.afterPropertiesSet(); - ep.commence(request, response, new DisabledException("These are the jokes kid")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.UNAUTHORIZED.getReasonPhrase()); - assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\""); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java index 39a7ac7655..d31d44ffe9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java @@ -67,11 +67,9 @@ public class BasicAuthenticationFilterTests { rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); } @@ -82,16 +80,12 @@ public class BasicAuthenticationFilterTests { @Test public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/some_file.html"); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -110,10 +104,8 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); @@ -126,7 +118,6 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); // The filter chain shouldn't proceed @@ -141,12 +132,10 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -159,12 +148,10 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -176,11 +163,9 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -188,13 +173,11 @@ public class BasicAuthenticationFilterTests { @Test public void testOtherAuthorizationSchemeIsIgnored() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME"); request.setServletPath("/some_file.html"); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -216,32 +199,23 @@ public class BasicAuthenticationFilterTests { request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); final MockHttpServletResponse response1 = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response1, chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); - // NOW PERFORM FAILED AUTHENTICATION - token = "otherUser:WRONG_PASSWORD"; request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); final MockHttpServletResponse response2 = new MockHttpServletResponse(); - chain = mock(FilterChain.class); this.filter.doFilter(request, response2, chain); - verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); request.setServletPath("/some_file.html"); - // Test - the filter chain will not be invoked, as we get a 401 forbidden response MockHttpServletResponse response = response2; - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -253,14 +227,11 @@ public class BasicAuthenticationFilterTests { request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); - this.filter = new BasicAuthenticationFilter(this.manager); assertThat(this.filter.isIgnoreFailure()).isTrue(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test - the filter chain will be invoked, as we've set ignoreFailure = true assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -274,10 +245,8 @@ public class BasicAuthenticationFilterTests { request.setSession(new MockHttpSession()); assertThat(this.filter.isIgnoreFailure()).isFalse(); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - // Test - the filter chain will not be invoked, as we get a 401 forbidden response verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -287,50 +256,38 @@ public class BasicAuthenticationFilterTests { // SEC-2054 @Test public void skippedOnErrorDispatch() throws Exception { - String token = "bad:credentials"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(200); } @Test public void doFilterWhenTokenAndFilterCharsetMatchDefaultThenAuthenticated() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -340,33 +297,25 @@ public class BasicAuthenticationFilterTests { @Test public void doFilterWhenTokenAndFilterCharsetMatchNonDefaultThenAuthenticated() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); this.filter.setCredentialsCharset("ISO-8859-1"); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.ISO_8859_1)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -376,33 +325,25 @@ public class BasicAuthenticationFilterTests { @Test public void doFilterWhenTokenAndFilterCharsetDoNotMatchThenUnauthorized() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); this.filter.setCredentialsCharset("ISO-8859-1"); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -415,7 +356,6 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java index 4d13ededfd..f2731df602 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java @@ -38,7 +38,6 @@ public class DigestAuthUtilsTests { String unsplit = "username=\"rod\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\""; String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("username")).isEqualTo("rod"); assertThat(headerMap.get("realm")).isEqualTo("Contacts Realm"); assertThat(headerMap.get("nonce")) @@ -57,7 +56,6 @@ public class DigestAuthUtilsTests { String unsplit = "username=\"rod\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\""; String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null); - assertThat(headerMap.get("username")).isEqualTo("\"rod\""); assertThat(headerMap.get("realm")).isEqualTo("\"Contacts Realm\""); assertThat(headerMap.get("nonce")) @@ -97,39 +95,30 @@ public class DigestAuthUtilsTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("", "="); // empty string fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("sdch=dfgf", null); // null fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("fvfv=dcdc", ""); // empty string fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("dfdc=dcdc", "BIGGER_THAN_ONE_CHARACTER"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -137,7 +126,6 @@ public class DigestAuthUtilsTests { public void testSplitWorksWithDifferentDelimiters() { assertThat(DigestAuthUtils.split("18/rod", "/")).hasSize(2); assertThat(DigestAuthUtils.split("18/rod", "!")).isNull(); - // only guarantees to split at FIRST delimiter, not EACH delimiter assertThat(DigestAuthUtils.split("18|rod|foo|bar", "|")).hasSize(2); } @@ -145,9 +133,7 @@ public class DigestAuthUtilsTests { public void testAuthorizationHeaderWithCommasIsSplitCorrectly() { String header = "Digest username=\"hamilton,bob\", realm=\"bobs,ok,realm\", nonce=\"the,nonce\", " + "uri=\"the,Uri\", response=\"the,response,Digest\", qop=theqop, nc=thenc, cnonce=\"the,cnonce\""; - String[] parts = DigestAuthUtils.splitIgnoringQuotes(header, ','); - assertThat(parts).hasSize(8); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java index adfe482442..3f6b2c61f9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java @@ -42,11 +42,9 @@ public class DigestAuthenticationEntryPointTests { // format of nonce is: // base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key)) assertThat(Base64.isArrayByteBase64(nonce.getBytes())).isTrue(); - String decodedNonce = new String(Base64.decodeBase64(nonce.getBytes())); String[] nonceTokens = StringUtils.delimitedListToStringArray(decodedNonce, ":"); assertThat(nonceTokens).hasSize(2); - String expectedNonceSignature = DigestUtils.md5Hex(nonceTokens[0] + ":" + "key"); assertThat(nonceTokens[1]).isEqualTo(expectedNonceSignature); } @@ -55,7 +53,6 @@ public class DigestAuthenticationEntryPointTests { public void testDetectsMissingKey() throws Exception { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("realm"); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -70,7 +67,6 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setKey("dcdc"); ep.setNonceValiditySeconds(12); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -97,29 +93,21 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("hello"); ep.setKey("key"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); - ep.commence(request, response, new DisabledException("foobar")); - // Check response is properly formed assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest "); - // Break up response header String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("realm")).isEqualTo("hello"); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("stale")).isNull(); - checkNonceValid(headerMap.get("nonce")); } @@ -128,29 +116,21 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("hello"); ep.setKey("key"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); - ep.commence(request, response, new NonceExpiredException("expired nonce")); - // Check response is properly formed assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest "); - // Break up response header String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("realm")).isEqualTo("hello"); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("stale")).isEqualTo("true"); - checkNonceValid(headerMap.get("nonce")); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java index f3bef133b8..f716b3991d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java @@ -90,11 +90,8 @@ public class DigestAuthenticationFilterTests { private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, final boolean expectChainToProceed) throws ServletException, IOException { final MockHttpServletResponse response = new MockHttpServletResponse(); - final FilterChain chain = mock(FilterChain.class); - filter.doFilter(request, response, chain); - verify(chain, times(expectChainToProceed ? 1 : 0)).doFilter(request, response); return response; } @@ -107,7 +104,6 @@ public class DigestAuthenticationFilterTests { long expiryTime = System.currentTimeMillis() + (validitySeconds * 1000); String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key); String nonceValue = expiryTime + ":" + signatureValue; - return new String(Base64.encodeBase64(nonceValue.getBytes())); } @@ -119,19 +115,15 @@ public class DigestAuthenticationFilterTests { @Before public void setUp() { SecurityContextHolder.clearContext(); - // Create User Details Service UserDetailsService uds = (username) -> new User("rod,ok", "koala", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName(REALM); ep.setKey(KEY); - this.filter = new DigestAuthenticationFilter(); this.filter.setUserDetailsService(uds); this.filter.setAuthenticationEntryPoint(ep); - this.request = new MockHttpServletRequest("GET", REQUEST_URI); this.request.setServletPath(REQUEST_URI); } @@ -141,17 +133,12 @@ public class DigestAuthenticationFilterTests { String nonce = generateNonce(0); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - Thread.sleep(1000); // ensures token expired - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); - String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); @@ -163,12 +150,9 @@ public class DigestAuthenticationFilterTests { String badNonce = generateNonce(60, "badkey"); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, badNonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(response.getStatus()).isEqualTo(401); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -176,7 +160,6 @@ public class DigestAuthenticationFilterTests { @Test public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception { executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -185,10 +168,8 @@ public class DigestAuthenticationFilterTests { DigestAuthenticationFilter filter = new DigestAuthenticationFilter(); filter.setUserDetailsService(mock(UserDetailsService.class)); assertThat(filter.getUserDetailsService() != null).isTrue(); - filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint()); assertThat(filter.getAuthenticationEntryPoint() != null).isTrue(); - filter.setUserCache(null); assertThat(filter.getUserCache()).isNull(); filter.setUserCache(new NullUserCache()); @@ -198,11 +179,8 @@ public class DigestAuthenticationFilterTests { @Test public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception { String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON"; - this.request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes()))); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(response.getStatus()).isEqualTo(401); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -210,9 +188,7 @@ public class DigestAuthenticationFilterTests { @Test public void testMalformedHeaderReturnsForbidden() throws Exception { this.request.addHeader("Authorization", "Digest scsdcsdc"); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -220,15 +196,11 @@ public class DigestAuthenticationFilterTests { @Test public void testNonBase64EncodedNonceReturnsForbidden() throws Exception { String nonce = "NOT_BASE_64_ENCODED"; - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -238,12 +210,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -253,12 +222,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -268,12 +234,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -283,12 +246,9 @@ public class DigestAuthenticationFilterTests { String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD); String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -298,12 +258,9 @@ public class DigestAuthenticationFilterTests { public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -314,13 +271,10 @@ public class DigestAuthenticationFilterTests { public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - this.filter.setCreateAuthenticatedToken(true); executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -332,9 +286,7 @@ public class DigestAuthenticationFilterTests { @Test public void otherAuthorizationSchemeIsIgnored() throws Exception { this.request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME"); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -356,24 +308,17 @@ public class DigestAuthenticationFilterTests { public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); - // Now retry, giving an invalid nonce responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request = new MockHttpServletRequest(); this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - // Check we lost our previous authentication assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); @@ -382,15 +327,11 @@ public class DigestAuthenticationFilterTests { @Test public void wrongCnonceBasedOnDigestReturnsForbidden() throws Exception { String cnonce = "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION"; - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE"); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -400,12 +341,9 @@ public class DigestAuthenticationFilterTests { String password = "WRONG_PASSWORD"; String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -415,12 +353,9 @@ public class DigestAuthenticationFilterTests { String realm = "WRONG_REALM"; String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -429,12 +364,9 @@ public class DigestAuthenticationFilterTests { public void wrongUsernameReturnsForbidden() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -446,18 +378,13 @@ public class DigestAuthenticationFilterTests { TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER"); existingContext.setAuthentication(existingAuthentication); - SecurityContextHolder.setContext(existingContext); - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - this.filter.setCreateAuthenticatedToken(true); executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication()); } diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java index e6bd2892d6..fef74d42e1 100644 --- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java @@ -91,26 +91,20 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); registry.getSessionInformation(session.getId()).expireNow(); - // Setup our test fixture and registry to want this session to be expired - SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy( "/expired.jsp"); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy); filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() }); filter.afterPropertiesSet(); - FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); // Expect that the filter chain will not be invoked, as we redirect to expiredUrl verifyZeroInteractions(fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp"); } @@ -120,18 +114,14 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); registry.getSessionInformation(session.getId()).expireNow(); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); - FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); verifyZeroInteractions(fc); - assertThat(response.getContentAsString()) .isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " + "attempted as the same user)."); @@ -148,23 +138,17 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain fc = mock(FilterChain.class); - // Setup our test fixture SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy( "/expired.jsp"); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy); - Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest(); - Thread.sleep(1000); - filter.doFilter(request, response, fc); - verify(fc).doFilter(request, response); assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue(); } @@ -173,22 +157,17 @@ public class ConcurrentSessionFilterTests { public void doFilterWhenNoSessionThenChainIsContinued() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - MockFilterChain chain = new MockFilterChain(); - filter.doFilter(request, response, chain); - assertThat(chain.getRequest()).isNotNull(); } @@ -197,18 +176,13 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockHttpSession()); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - MockFilterChain chain = new MockFilterChain(); - filter.doFilter(request, response, chain); - assertThat(chain.getRequest()).isNotNull(); } @@ -218,20 +192,16 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - filter.doFilter(request, response, new MockFilterChain()); - verify(redirect).sendRedirect(request, response, expiredUrl); } @@ -241,27 +211,21 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - final String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") { - @Override protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) { return expiredUrl; } - }; filter.setRedirectStrategy(redirect); - filter.doFilter(request, response, new MockFilterChain()); - verify(redirect).sendRedirect(request, response, expiredUrl); } @@ -271,17 +235,13 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); - filter.doFilter(request, response, new MockFilterChain()); - assertThat(response.getContentAsString()).contains( "This session has been expired (possibly due to multiple concurrent logins being attempted as the same user)."); } @@ -293,32 +253,26 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); filter.setLogoutHandlers(new LogoutHandler[] { handler }); - filter.doFilter(request, response, new MockFilterChain()); - verify(handler).logout(eq(request), eq(response), any()); } @Test(expected = IllegalArgumentException.class) public void setLogoutHandlersWhenNullThenThrowsException() { ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl()); - filter.setLogoutHandlers((List) null); } @Test(expected = IllegalArgumentException.class) public void setLogoutHandlersWhenEmptyThenThrowsException() { ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl()); - filter.setLogoutHandlers(new LogoutHandler[0]); } diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java index 1eac035d61..93a753af16 100644 --- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java +++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java @@ -60,15 +60,11 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenDefaultContextThenRegistersSpringSecurityFilterChain() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verifyNoAddListener(context); @@ -78,16 +74,11 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenConfigurationClassThenAddsContextLoaderListener() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verify(context).addListener(any(ContextLoaderListener.class)); @@ -97,20 +88,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenEnableHttpSessionEventPublisherIsTrueThenAddsHttpSessionEventPublisher() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected boolean enableHttpSessionEventPublisher() { return true; } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verify(context).addListener(HttpSessionEventPublisher.class.getName()); @@ -120,20 +106,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenCustomSecurityDispatcherTypesThenUses() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected EnumSet getSecurityDispatcherTypes() { return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns( EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD), false, "/*"); verify(registration).setAsyncSupported(true); @@ -144,23 +125,18 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenCustomDispatcherWebApplicationContextSuffixThenUses() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected String getDispatcherWebApplicationContextSuffix() { return "dispatcher"; } }.onStartup(context); - DelegatingFilterProxy proxy = proxyCaptor.getValue(); assertThat(proxy.getContextAttribute()) .isEqualTo("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain"); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verifyNoAddListener(context); @@ -169,7 +145,6 @@ public class AbstractSecurityWebApplicationInitializerTests { @Test public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() { ServletContext context = mock(ServletContext.class); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { }.onStartup(context)).isInstanceOf(IllegalStateException.class) .hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. " @@ -182,22 +157,17 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter2 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter1))).willReturn(registration); given(context.addFilter(anyString(), eq(filter2))).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { insertFilters(context, filter1, filter2); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration, times(3)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration, times(3)).setAsyncSupported(true); verifyNoAddListener(context); @@ -210,11 +180,8 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter1 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -222,9 +189,7 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage( "Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once."); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); } @@ -233,11 +198,8 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenInsertFiltersEmptyThenException() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -245,7 +207,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessage("filters cannot be null or empty"); - assertProxyDefaults(proxyCaptor.getValue()); } @@ -254,12 +215,9 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter))).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -267,7 +225,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("filters cannot contain null values"); - verify(context, times(2)).addFilter(anyString(), any(Filter.class)); } @@ -277,20 +234,16 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter2 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter1))).willReturn(registration); given(context.addFilter(anyString(), eq(filter2))).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { appendFilters(context, filter1, filter2); } }.onStartup(context); - verify(registration, times(1)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration, times(2)).addMappingForUrlPatterns(DEFAULT_DISPATCH, true, "/*"); verify(registration, times(3)).setAsyncSupported(true); @@ -303,11 +256,8 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter1 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -315,9 +265,7 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage( "Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once."); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); } @@ -326,11 +274,8 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenAppendFiltersEmptyThenException() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -338,7 +283,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessage("filters cannot be null or empty"); - assertProxyDefaults(proxyCaptor.getValue()); } @@ -347,12 +291,9 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter))).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -360,7 +301,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("filters cannot contain null values"); - verify(context, times(2)).addFilter(anyString(), any(Filter.class)); } @@ -368,20 +308,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenDefaultsThenSessionTrackingModes() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - ArgumentCaptor> modesCaptor = ArgumentCaptor .forClass(new HashSet() { }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); - new AbstractSecurityWebApplicationInitializer() { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - Set modes = modesCaptor.getValue(); assertThat(modes).hasSize(1); assertThat(modes).containsExactly(SessionTrackingMode.COOKIE); @@ -391,24 +326,19 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenSessionTrackingModesConfiguredThenUsed() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - ArgumentCaptor> modesCaptor = ArgumentCaptor .forClass(new HashSet() { }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); - new AbstractSecurityWebApplicationInitializer() { @Override public Set getSessionTrackingModes() { return Collections.singleton(SessionTrackingMode.SSL); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - Set modes = modesCaptor.getValue(); assertThat(modes).hasSize(1); assertThat(modes).containsExactly(SessionTrackingMode.SSL); diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java index f8e06e9c5e..c3ef02ed5f 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java @@ -71,11 +71,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); repo.loadContext(holder); - reset(request); holder.getRequest().startAsync(); holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST); - // ensure that sendError did cause interaction with the HttpSession verify(request, never()).getSession(anyBoolean()); verify(request, never()).getSession(); @@ -88,11 +86,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); repo.loadContext(holder); - reset(request); holder.getRequest().startAsync(request, response); holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST); - // ensure that sendError did cause interaction with the HttpSession verify(request, never()).getSession(anyBoolean()); verify(request, never()).getSession(); @@ -156,12 +152,10 @@ public class HttpSessionSecurityContextRepositoryTests { request.setSession(session); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); assertThat(repo.loadContext(holder)).isSameAs(ctx); - // Modify context contents. Same user, different role SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B")); repo.saveContext(ctx, holder.getRequest(), holder.getResponse()); - // Must be called even though the value in the local VM is already the same verify(session).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx); } @@ -224,7 +218,6 @@ public class HttpSessionSecurityContextRepositoryTests { SecurityContextHolder.getContext().setAuthentication(this.testToken); holder.getResponse().sendError(404); assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext()); - assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue(); repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); // Check it's still the same @@ -441,13 +434,10 @@ public class HttpSessionSecurityContextRepositoryTests { ctxInSession.setAuthentication(this.testToken); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession); - HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); repo.loadContext(holder); - ctxInSession.setAuthentication(null); repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse()); - assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) .isNull(); } @@ -459,7 +449,6 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletRequest request = new MockHttpServletRequest(); final String sessionId = ";jsessionid=id"; MockHttpServletResponse response = new MockHttpServletResponse() { - @Override public String encodeRedirectUrl(String url) { return url + sessionId; @@ -506,9 +495,7 @@ public class HttpSessionSecurityContextRepositoryTests { repo.loadContext(holder); AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class); repo.setTrustResolver(trustResolver); - repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse()); - verify(trustResolver).isAnonymous(contextToSave.getAuthentication()); } @@ -529,10 +516,8 @@ public class HttpSessionSecurityContextRepositoryTests { assertThat(request.getSession(false)).isNull(); // Simulate authentication during the request context.setAuthentication(this.testToken); - repo.saveContext(context, new HttpServletRequestWrapper(holder.getRequest()), new HttpServletResponseWrapper(holder.getResponse())); - assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) .isEqualTo(context); @@ -545,7 +530,6 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(this.testToken); - repo.saveContext(context, request, response); } @@ -556,12 +540,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeTransientAuthentication authentication = new SomeTransientAuthentication(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } @@ -573,12 +554,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeTransientAuthenticationSubclass authentication = new SomeTransientAuthenticationSubclass(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } @@ -590,12 +568,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeOtherTransientAuthentication authentication = new SomeOtherTransientAuthentication(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java index 611e221817..4a30bf3f89 100644 --- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java @@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat; * @author Rob Winch * */ - @RunWith(MockitoJUnitRunner.class) public class SaveContextOnUpdateOrErrorResponseWrapperTests { diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java index 7dea43d79a..2bbfe08032 100644 --- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java @@ -56,7 +56,6 @@ public class SecurityContextPersistenceFilterTests { final MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(); SecurityContextHolder.getContext().setAuthentication(this.testToken); - filter.doFilter(request, response, chain); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -76,7 +75,6 @@ public class SecurityContextPersistenceFilterTests { } catch (IOException expected) { } - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -91,17 +89,13 @@ public class SecurityContextPersistenceFilterTests { scBefore.setAuthentication(beforeAuth); final SecurityContextRepository repo = mock(SecurityContextRepository.class); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo); - given(repo.loadContext(any(HttpRequestResponseHolder.class))).willReturn(scBefore); - final FilterChain chain = (request1, response1) -> { assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(beforeAuth); // Change the context here SecurityContextHolder.setContext(scExpectedAfter); }; - filter.doFilter(request, response, chain); - verify(repo).saveContext(scExpectedAfter, request, response); } @@ -112,7 +106,6 @@ public class SecurityContextPersistenceFilterTests { final MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter( mock(SecurityContextRepository.class)); - request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE); filter.doFilter(request, response, chain); verify(chain).doFilter(request, response); diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java index 88681cca87..7a27f811b3 100644 --- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java @@ -62,10 +62,8 @@ public class SecurityContextCallableProcessingInterceptorTests { SecurityContextHolder.setContext(this.securityContext); interceptor.beforeConcurrentHandling(this.webRequest, this.callable); SecurityContextHolder.clearContext(); - interceptor.preProcess(this.webRequest, this.callable); assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext); - interceptor.postProcess(this.webRequest, this.callable, null); assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext); } @@ -74,10 +72,8 @@ public class SecurityContextCallableProcessingInterceptorTests { public void specificSecurityContext() throws Exception { SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor( this.securityContext); - interceptor.preProcess(this.webRequest, this.callable); assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext); - interceptor.postProcess(this.webRequest, this.callable, null); assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext); } diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java index 2f35a7e449..09fc283ec3 100644 --- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java @@ -72,16 +72,13 @@ public class WebAsyncManagerIntegrationFilterTests { @Before public void setUp() { this.filterChain = new MockFilterChain(); - this.threadFactory = new JoinableThreadFactory(); SimpleAsyncTaskExecutor executor = new SimpleAsyncTaskExecutor(); executor.setThreadFactory(this.threadFactory); - this.asyncManager = WebAsyncUtils.getAsyncManager(this.request); this.asyncManager.setAsyncWebRequest(this.asyncWebRequest); this.asyncManager.setTaskExecutor(executor); given(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).willReturn(this.asyncManager); - this.filter = new WebAsyncManagerIntegrationFilter(); } @@ -101,7 +98,6 @@ public class WebAsyncManagerIntegrationFilterTests { } }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); - VerifyingCallable verifyingCallable = new VerifyingCallable(); this.asyncManager.startCallableProcessing(verifyingCallable); this.threadFactory.join(); @@ -120,7 +116,6 @@ public class WebAsyncManagerIntegrationFilterTests { }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); SecurityContextHolder.setContext(this.securityContext); - VerifyingCallable verifyingCallable = new VerifyingCallable(); this.asyncManager.startCallableProcessing(verifyingCallable); this.threadFactory.join(); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java index 6f0aa4fddf..ffd64a0ff3 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java @@ -49,7 +49,6 @@ public class CookieCsrfTokenRepositoryTests { @Test public void generateToken() { CsrfToken generateToken = this.repository.generateToken(this.request); - assertThat(generateToken).isNotNull(); assertThat(generateToken.getHeaderName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_HEADER_NAME); assertThat(generateToken.getParameterName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_PARAMETER_NAME); @@ -62,9 +61,7 @@ public class CookieCsrfTokenRepositoryTests { String parameterName = "paramName"; this.repository.setHeaderName(headerName); this.repository.setParameterName(parameterName); - CsrfToken generateToken = this.repository.generateToken(this.request); - assertThat(generateToken).isNotNull(); assertThat(generateToken.getHeaderName()).isEqualTo(headerName); assertThat(generateToken.getParameterName()).isEqualTo(parameterName); @@ -75,9 +72,7 @@ public class CookieCsrfTokenRepositoryTests { public void saveToken() { CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getMaxAge()).isEqualTo(-1); assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); @@ -91,9 +86,7 @@ public class CookieCsrfTokenRepositoryTests { this.request.setSecure(true); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isTrue(); } @@ -103,9 +96,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setSecure(Boolean.TRUE); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isTrue(); } @@ -115,9 +106,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setSecure(Boolean.FALSE); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isFalse(); } @@ -125,9 +114,7 @@ public class CookieCsrfTokenRepositoryTests { public void saveTokenNull() { this.request.setSecure(true); this.repository.saveToken(null, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getMaxAge()).isZero(); assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); @@ -140,9 +127,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookieHttpOnly(true); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isTrue(); } @@ -151,9 +136,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookieHttpOnly(false); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isFalse(); } @@ -162,9 +145,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository = CookieCsrfTokenRepository.withHttpOnlyFalse(); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isFalse(); } @@ -174,9 +155,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.repository.getCookiePath()); } @@ -186,9 +165,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); } @@ -198,9 +175,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); } @@ -208,12 +183,9 @@ public class CookieCsrfTokenRepositoryTests { public void saveTokenWithCookieDomain() { String domainName = "example.com"; this.repository.setCookieDomain(domainName); - CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getDomain()).isEqualTo(domainName); } @@ -225,26 +197,21 @@ public class CookieCsrfTokenRepositoryTests { @Test public void loadTokenCookieIncorrectNameNull() { this.request.setCookies(new Cookie("other", "name")); - assertThat(this.repository.loadToken(this.request)).isNull(); } @Test public void loadTokenCookieValueEmptyString() { this.request.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, "")); - assertThat(this.repository.loadToken(this.request)).isNull(); } @Test public void loadToken() { CsrfToken generateToken = this.repository.generateToken(this.request); - this.request .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken())); - CsrfToken loadToken = this.repository.loadToken(this.request); - assertThat(loadToken).isNotNull(); assertThat(loadToken.getHeaderName()).isEqualTo(generateToken.getHeaderName()); assertThat(loadToken.getParameterName()).isEqualTo(generateToken.getParameterName()); @@ -260,11 +227,8 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setHeaderName(headerName); this.repository.setParameterName(parameterName); this.repository.setCookieName(cookieName); - this.request.setCookies(new Cookie(cookieName, value)); - CsrfToken loadToken = this.repository.loadToken(this.request); - assertThat(loadToken).isNotNull(); assertThat(loadToken.getHeaderName()).isEqualTo(headerName); assertThat(loadToken.getParameterName()).isEqualTo(parameterName); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java index 9a848bf0c9..d8057e2d9e 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java @@ -77,7 +77,6 @@ public class CsrfAuthenticationStrategyTests { given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken); this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -93,16 +92,13 @@ public class CsrfAuthenticationStrategyTests { @Test public void delaySavingCsrf() { this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository)); - given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken); given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken); this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); verify(this.csrfTokenRepository, never()).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), any(HttpServletResponse.class)); - CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName()); tokenInRequest.getToken(); verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), @@ -113,7 +109,6 @@ public class CsrfAuthenticationStrategyTests { public void logoutRemovesNoActionIfNullToken() { this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java index 0f3c2edc97..a0b619209f 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java @@ -106,18 +106,14 @@ public class CsrfFilterTests { this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository)); given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.token.getParameterName()); - // no CsrfToken should have been saved yet verify(this.tokenRepository, times(0)).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); verify(this.filterChain).doFilter(this.request, this.response); - // access the token attrToken.getToken(); - // now the CsrfToken should have been saved verify(this.tokenRepository).saveToken(eq(this.token), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -127,12 +123,9 @@ public class CsrfFilterTests { public void doFilterAccessDeniedNoTokenPresent() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -142,12 +135,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -157,12 +147,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -174,12 +161,9 @@ public class CsrfFilterTests { given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -188,12 +172,9 @@ public class CsrfFilterTests { public void doFilterNotCsrfRequestExistingToken() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -202,12 +183,9 @@ public class CsrfFilterTests { public void doFilterNotCsrfRequestGenerateToken() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -217,12 +195,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.addHeader(this.token.getHeaderName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -234,12 +209,9 @@ public class CsrfFilterTests { given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID"); this.request.addHeader(this.token.getHeaderName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -249,12 +221,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); verify(this.tokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), @@ -266,15 +235,11 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - // LazyCsrfTokenRepository requires the response as an attribute assertThat(this.request.getAttribute(HttpServletResponse.class.getName())).isEqualTo(this.response); - verify(this.filterChain).doFilter(this.request, this.response); verify(this.tokenRepository).saveToken(this.token, this.request, this.response); verifyZeroInteractions(this.deniedHandler); @@ -284,14 +249,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethods() throws ServletException, IOException { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("GET", "TRACE", "OPTIONS", "HEAD")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -307,14 +269,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethodsCaseSensitive() throws Exception { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("get", "TrAcE", "oPTIOnS", "hEaD")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); @@ -325,14 +284,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherDeniedMethods() throws ServletException, IOException { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("POST", "PUT", "PATCH", "DELETE", "INVALID")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); @@ -345,28 +301,21 @@ public class CsrfFilterTests { this.filter.setRequireCsrfProtectionMatcher(this.requestMatcher); given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); verifyZeroInteractions(this.filterChain); } @Test public void doFilterWhenSkipRequestInvokedThenSkips() throws Exception { - CsrfTokenRepository repository = mock(CsrfTokenRepository.class); CsrfFilter filter = new CsrfFilter(repository); - lenient().when(repository.loadToken(any(HttpServletRequest.class))).thenReturn(this.token); - MockHttpServletRequest request = new MockHttpServletRequest(); CsrfFilter.skipRequest(request); filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(repository); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java index 64be6dad9d..3e187126d4 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java @@ -60,7 +60,6 @@ public class CsrfLogoutHandlerTests { public void logoutRemovesCsrfToken() { this.handler.logout(this.request, this.response, new TestingAuthenticationToken("user", "password", "ROLE_USER")); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java index 52f89da077..7470c04727 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java @@ -48,12 +48,9 @@ public class HttpSessionCsrfTokenRepositoryTests { @Test public void generateToken() { this.token = this.repo.generateToken(this.request); - assertThat(this.token.getParameterName()).isEqualTo("_csrf"); assertThat(this.token.getToken()).isNotEmpty(); - CsrfToken loadedToken = this.repo.loadToken(this.request); - assertThat(loadedToken).isNull(); } @@ -61,9 +58,7 @@ public class HttpSessionCsrfTokenRepositoryTests { public void generateCustomParameter() { String paramName = "_csrf"; this.repo.setParameterName(paramName); - this.token = this.repo.generateToken(this.request); - assertThat(this.token.getParameterName()).isEqualTo(paramName); assertThat(this.token.getToken()).isNotEmpty(); } @@ -72,9 +67,7 @@ public class HttpSessionCsrfTokenRepositoryTests { public void generateCustomHeader() { String headerName = "CSRF"; this.repo.setHeaderName(headerName); - this.token = this.repo.generateToken(this.request); - assertThat(this.token.getHeaderName()).isEqualTo(headerName); assertThat(this.token.getToken()).isNotEmpty(); } @@ -95,10 +88,8 @@ public class HttpSessionCsrfTokenRepositoryTests { public void saveToken() { CsrfToken tokenToSave = new DefaultCsrfToken("123", "abc", "def"); this.repo.saveToken(tokenToSave, this.request, this.response); - String attrName = this.request.getSession().getAttributeNames().nextElement(); CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(attrName); - assertThat(loadedToken).isEqualTo(tokenToSave); } @@ -108,26 +99,20 @@ public class HttpSessionCsrfTokenRepositoryTests { String sessionAttributeName = "custom"; this.repo.setSessionAttributeName(sessionAttributeName); this.repo.saveToken(tokenToSave, this.request, this.response); - CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(sessionAttributeName); - assertThat(loadedToken).isEqualTo(tokenToSave); } @Test public void saveTokenNullToken() { saveToken(); - this.repo.saveToken(null, this.request, this.response); - assertThat(this.request.getSession().getAttributeNames().hasMoreElements()).isFalse(); } @Test public void saveTokenNullTokenWhenSessionNotExists() { - this.repo.saveToken(null, this.request, this.response); - assertThat(this.request.getSession(false)).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java index 36bc4b0284..f7dc6895ec 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java @@ -72,33 +72,27 @@ public class LazyCsrfTokenRepositoryTests { @Test public void generateTokenGetTokenSavesToken() { CsrfToken newToken = this.repository.generateToken(this.request); - newToken.getToken(); - verify(this.delegate).saveToken(this.token, this.request, this.response); } @Test public void saveNonNullDoesNothing() { this.repository.saveToken(this.token, this.request, this.response); - verifyZeroInteractions(this.delegate); } @Test public void saveNullDelegates() { this.repository.saveToken(null, this.request, this.response); - verify(this.delegate).saveToken(null, this.request, this.response); } @Test public void loadTokenDelegates() { given(this.delegate.loadToken(this.request)).willReturn(this.token); - CsrfToken loadToken = this.repository.loadToken(this.request); assertThat(loadToken).isSameAs(this.token); - verify(this.delegate).loadToken(this.request); } diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java index 7d5316e497..eae9715712 100644 --- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java @@ -89,7 +89,6 @@ public class DebugFilterTests { @Test public void doFilterProcessesRequests() throws Exception { this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.logger).info(anyString()); verify(this.request).setAttribute(this.requestAttr, Boolean.TRUE); verify(this.fcp).doFilter(this.requestCaptor.capture(), eq(this.response), eq(this.filterChain)); @@ -102,9 +101,7 @@ public class DebugFilterTests { public void doFilterProcessesForwardedRequests() throws Exception { given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE); HttpServletRequest request = new DebugRequestWrapper(this.request); - this.filter.doFilter(request, this.response, this.filterChain); - verify(this.logger).info(anyString()); verify(this.fcp).doFilter(request, this.response, this.filterChain); verify(this.request, never()).removeAttribute(this.requestAttr); @@ -114,9 +111,7 @@ public class DebugFilterTests { public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception { given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE); HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request)); - this.filter.doFilter(fireWalledRequest, this.response, this.filterChain); - verify(this.fcp).doFilter(fireWalledRequest, this.response, this.filterChain); } @@ -129,11 +124,8 @@ public class DebugFilterTests { request.addHeader("A", "A Value"); request.addHeader("A", "Another Value"); request.addHeader("B", "B Value"); - this.filter.doFilter(request, this.response, this.filterChain); - verify(this.logger).info(this.logCaptor.capture()); - assertThat(this.logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n" + "\n" + "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n" + "B: B Value\n" + "\n" + "\n" + "Security filter chain: no match"); diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java index aa36573226..ef2b49258a 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java @@ -33,7 +33,6 @@ public class DefaultHttpFirewallTests { @Test public void unnormalizedPathsAreRejected() { DefaultHttpFirewall fw = new DefaultHttpFirewall(); - MockHttpServletRequest request; for (String path : this.unnormalizedPaths) { request = new MockHttpServletRequest(); @@ -78,7 +77,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } @@ -91,7 +89,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } @@ -104,7 +101,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java index 3b7fb9a846..6628070350 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java @@ -51,49 +51,42 @@ public class FirewalledResponseTests { @Test public void sendRedirectWhenValidThenNoException() throws Exception { this.fwResponse.sendRedirect("/theURL"); - verify(this.response).sendRedirect("/theURL"); } @Test public void sendRedirectWhenNullThenDelegateInvoked() throws Exception { this.fwResponse.sendRedirect(null); - verify(this.response).sendRedirect(null); } @Test public void sendRedirectWhenHasCrlfThenThrowsException() throws Exception { expectCrlfValidationException(); - this.fwResponse.sendRedirect("/theURL\r\nsomething"); } @Test public void addHeaderWhenValidThenDelegateInvoked() { this.fwResponse.addHeader("foo", "bar"); - verify(this.response).addHeader("foo", "bar"); } @Test public void addHeaderWhenNullValueThenDelegateInvoked() { this.fwResponse.addHeader("foo", null); - verify(this.response).addHeader("foo", null); } @Test public void addHeaderWhenHeaderValueHasCrlfThenException() { expectCrlfValidationException(); - this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100"); } @Test public void addHeaderWhenHeaderNameHasCrlfThenException() { expectCrlfValidationException(); - this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar"); } @@ -103,16 +96,13 @@ public class FirewalledResponseTests { cookie.setPath("/foobar"); cookie.setDomain("foobar"); cookie.setComment("foobar"); - this.fwResponse.addCookie(cookie); - verify(this.response).addCookie(cookie); } @Test public void addCookieWhenNullThenDelegateInvoked() { this.fwResponse.addCookie(null); - verify(this.response).addCookie(null); } @@ -124,10 +114,8 @@ public class FirewalledResponseTests { public String getName() { return "foo\r\nbar"; } - }; expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -135,7 +123,6 @@ public class FirewalledResponseTests { public void addCookieWhenCookieValueContainsCrlfThenException() { Cookie cookie = new Cookie("foo", "foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -144,7 +131,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setPath("/foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -153,7 +139,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setDomain("foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -162,7 +147,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setComment("foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -171,7 +155,6 @@ public class FirewalledResponseTests { validateLineEnding("foo", "foo\rbar"); validateLineEnding("foo", "foo\r\nbar"); validateLineEnding("foo", "foo\nbar"); - validateLineEnding("foo\rbar", "bar"); validateLineEnding("foo\r\nbar", "bar"); validateLineEnding("foo\nbar", "bar"); diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java index 36169d418d..247d0e963f 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java @@ -56,7 +56,6 @@ public class RequestWrapperTests { @Test public void pathParametersAreRemovedFromServletPath() { MockHttpServletRequest request = new MockHttpServletRequest(); - for (Map.Entry entry : testPaths.entrySet()) { String path = entry.getKey(); String expectedResult = entry.getValue(); @@ -71,7 +70,6 @@ public class RequestWrapperTests { @Test public void pathParametersAreRemovedFromPathInfo() { MockHttpServletRequest request = new MockHttpServletRequest(); - for (Map.Entry entry : testPaths.entrySet()) { String path = entry.getKey(); String expectedResult = entry.getValue(); @@ -97,11 +95,9 @@ public class RequestWrapperTests { given(mockRequest.getServletPath()).willReturn(""); given(mockRequest.getPathInfo()).willReturn(denormalizedPath); given(mockRequest.getRequestDispatcher(forwardPath)).willReturn(mockDispatcher); - RequestWrapper wrapper = new RequestWrapper(mockRequest); RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath); dispatcher.forward(mockRequest, mockResponse); - verify(mockRequest).getRequestDispatcher(forwardPath); verify(mockDispatcher).forward(mockRequest, mockResponse); assertThat(wrapper.getPathInfo()).isEqualTo(denormalizedPath); diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java index 9146827284..a09c7a9e2e 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java @@ -149,84 +149,72 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath(";/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3B/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3b/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -234,7 +222,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInContextPathAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setContextPath(";/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -242,7 +229,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInServletPathAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -250,7 +236,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInPathInfoAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -258,7 +243,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -267,7 +251,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setContextPath("%3B/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -276,7 +259,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -285,7 +267,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -293,7 +274,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -302,7 +282,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setContextPath("%3b/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -311,7 +290,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -320,7 +298,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -328,21 +305,18 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2E/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2e/"); - this.firewall.getFirewalledRequest(this.request); } @@ -350,7 +324,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenAllowEncodedPeriodAndEncodedPeriodInThenNoException() { this.firewall.setAllowUrlEncodedPeriod(true); this.request.setRequestURI("/%2E/"); - this.firewall.getFirewalledRequest(this.request); } @@ -410,7 +383,6 @@ public class StrictHttpFirewallTests { this.request.setContextPath("/context-root"); this.request.setServletPath(""); this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(this.request); } @@ -423,7 +395,6 @@ public class StrictHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(request); } @@ -436,7 +407,6 @@ public class StrictHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(request); } @@ -533,7 +503,6 @@ public class StrictHttpFirewallTests { } // blocklist - @Test public void getFirewalledRequestWhenRemoveFromUpperCaseEncodedUrlBlocklistThenNoException() { this.firewall.setAllowUrlEncodedSlash(true); @@ -582,7 +551,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenTrustedDomainThenNoException() { this.request.addHeader("Host", "example.org"); this.firewall.setAllowedHostnames((hostname) -> hostname.equals("example.org")); - assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException(); } @@ -590,14 +558,12 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenUntrustedDomainThenException() { this.request.addHeader("Host", "example.org"); this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org")); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() { this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name")); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("bad name"); } @@ -606,7 +572,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() { this.request.addHeader("good name", "bad value"); this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value")); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("good name"); } @@ -614,7 +579,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetDateHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getDateHeader("Bad\0Name"); } @@ -622,7 +586,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetIntHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getIntHeader("Bad\0Name"); } @@ -630,7 +593,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Bad\0Name"); } @@ -638,7 +600,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderNameThenException() { this.request.addHeader("Bad\uFFFEName", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Bad\uFFFEName"); } @@ -646,7 +607,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaders("Bad\0Name"); } @@ -654,7 +614,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderNamesWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaderNames().nextElement(); } @@ -662,7 +621,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\0value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Something"); } @@ -670,7 +628,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\uFFFEvalue"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Something"); } @@ -678,7 +635,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\0value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaders("Something").nextElement(); } @@ -686,7 +642,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameter("Bad\0Name"); } @@ -694,7 +649,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterMapWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterMap(); } @@ -702,7 +656,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterNamesWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterNames().nextElement(); } @@ -710,7 +663,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterNamesWhenUndefinedCharacterInParameterNameThenException() { this.request.addParameter("Bad\uFFFEName", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterNames().nextElement(); } @@ -718,9 +670,7 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() { this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value")); - this.request.addParameter("Something", "bad value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterValues("Something"); } @@ -728,9 +678,7 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() { this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name")); - this.request.addParameter("bad name", "good value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterValues("bad name"); } diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java index 2bf8744e3e..6da7e6a2b7 100644 --- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java @@ -71,15 +71,11 @@ public class HeaderWriterFilterTests { List headerWriters = new ArrayList<>(); headerWriters.add(this.writer1); headerWriters.add(this.writer2); - HeaderWriterFilter filter = new HeaderWriterFilter(headerWriters); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain filterChain = new MockFilterChain(); - filter.doFilter(request, response, filterChain); - verify(this.writer1).writeHeaders(request, response); verify(this.writer2).writeHeaders(request, response); HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest) filterChain @@ -93,19 +89,14 @@ public class HeaderWriterFilterTests { @Test public void headersDelayed() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Arrays.asList(this.writer1)); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, (request1, response1) -> { verifyZeroInteractions(HeaderWriterFilterTests.this.writer1); - response1.flushBuffer(); - verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)); }); - verifyNoMoreInteractions(this.writer1); } @@ -113,19 +104,14 @@ public class HeaderWriterFilterTests { @Test public void doFilterWhenRequestContainsIncludeThenHeadersStillWritten() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1)); - MockHttpServletRequest mockRequest = new MockHttpServletRequest(); MockHttpServletResponse mockResponse = new MockHttpServletResponse(); - filter.doFilter(mockRequest, mockResponse, (request, response) -> { verifyZeroInteractions(HeaderWriterFilterTests.this.writer1); - request.getRequestDispatcher("/").include(request, response); - verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)); }); - verifyNoMoreInteractions(this.writer1); } @@ -133,13 +119,10 @@ public class HeaderWriterFilterTests { public void headersWrittenAtBeginningOfRequest() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1)); filter.setShouldWriteHeadersEagerly(true); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1) .writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class))); - verifyNoMoreInteractions(this.writer1); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java index c21b93e29d..398a844f53 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java @@ -53,7 +53,6 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().size()).isEqualTo(3); assertThat(this.response.getHeaderValues("Cache-Control")) .containsOnly("no-cache, no-store, max-age=0, must-revalidate"); @@ -65,9 +64,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfCacheControl() { this.response.setHeader("Cache-Control", "max-age: 123"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Cache-Control")).containsOnly("max-age: 123"); assertThat(this.response.getHeaderValue("Pragma")).isNull(); @@ -77,9 +74,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfPragma() { this.response.setHeader("Pragma", "mock"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Pragma")).containsOnly("mock"); assertThat(this.response.getHeaderValue("Expires")).isNull(); @@ -89,9 +84,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfExpires() { this.response.setHeader("Expires", "mock"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Expires")).containsOnly("mock"); assertThat(this.response.getHeaderValue("Cache-Control")).isNull(); @@ -102,9 +95,7 @@ public class CacheControlHeadersWriterTests { // gh-5534 public void writeHeadersDisabledIfNotModified() { this.response.setStatus(HttpStatus.NOT_MODIFIED.value()); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java index 4b9b83589b..a559c13282 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java @@ -54,7 +54,6 @@ public class ClearSiteDataHeaderWriterTests { public void createInstanceWhenMissingSourceThenThrowsException() { this.thrown.expect(Exception.class); this.thrown.expectMessage("directives cannot be empty or null"); - new ClearSiteDataHeaderWriter(); } @@ -63,7 +62,6 @@ public class ClearSiteDataHeaderWriterTests { this.request.setSecure(false); ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)).isNull(); } @@ -71,7 +69,6 @@ public class ClearSiteDataHeaderWriterTests { public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSource() { ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.STORAGE); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)).isEqualTo("\"storage\""); } @@ -80,7 +77,6 @@ public class ClearSiteDataHeaderWriterTests { ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE, Directive.COOKIES, Directive.STORAGE, Directive.EXECUTION_CONTEXTS); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)) .isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\""); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java index fe3c26097a..52f69284ab 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java @@ -44,9 +44,7 @@ public class CompositeHeaderWriterTests { HttpServletResponse response = mock(HttpServletResponse.class); HeaderWriter one = mock(HeaderWriter.class); HeaderWriter two = mock(HeaderWriter.class); - CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two)); - headerWriter.writeHeaders(request, response); verify(one).writeHeaders(request, response); verify(two).writeHeaders(request, response); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java index 5946ac1105..2aebd2af5b 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java @@ -54,7 +54,6 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersWhenNoPolicyDirectivesThenUsesDefault() { ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter(); noPolicyWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -62,7 +61,6 @@ public class ContentSecurityPolicyHeaderWriterTests { @Test public void writeHeadersContentSecurityPolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -71,10 +69,8 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersContentSecurityPolicyCustom() { String policyDirectives = "default-src 'self'; " + "object-src plugins1.example.com plugins2.example.com; " + "script-src trustedscripts.example.com"; - this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives); } @@ -84,7 +80,6 @@ public class ContentSecurityPolicyHeaderWriterTests { ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter(); this.writer.setReportOnly(true); noPolicyWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -93,7 +88,6 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersContentSecurityPolicyReportOnlyDefault() { this.writer.setReportOnly(true); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -101,11 +95,9 @@ public class ContentSecurityPolicyHeaderWriterTests { @Test public void writeHeadersContentSecurityPolicyReportOnlyCustom() { String policyDirectives = "default-src https:; report-uri https://example.com/"; - this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); this.writer.setReportOnly(true); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java index aca16eb1ae..8e4124f983 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java @@ -70,18 +70,14 @@ public class DelegatingRequestMatcherHeaderWriterTests { @Test public void writeHeadersOnMatch() { given(this.matcher.matches(this.request)).willReturn(true); - this.headerWriter.writeHeaders(this.request, this.response); - verify(this.delegate).writeHeaders(this.request, this.response); } @Test public void writeHeadersOnNoMatch() { given(this.matcher.matches(this.request)).willReturn(false); - this.headerWriter.writeHeaders(this.request, this.response); - verify(this.delegate, times(0)).writeHeaders(this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java index 00454d0459..8c62dbd1c5 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java @@ -53,7 +53,6 @@ public class FeaturePolicyHeaderWriterTests { @Test public void writeHeadersFeaturePolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Feature-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java index c92dfc09d8..537a65a2b8 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java @@ -43,7 +43,6 @@ public class HpkpHeaderWriterTests { defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); DEFAULT_PINS = Collections.unmodifiableMap(defaultPins); } - private MockHttpServletRequest request; private MockHttpServletResponse response; @@ -58,21 +57,16 @@ public class HpkpHeaderWriterTests { public void setup() { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.writer = new HpkpHeaderWriter(); - Map defaultPins = new LinkedHashMap<>(); defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); - this.writer.setPins(defaultPins); - this.request.setSecure(true); } @Test public void writeHeadersDefaultValues() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -82,9 +76,7 @@ public class HpkpHeaderWriterTests { public void maxAgeCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -94,9 +86,7 @@ public class HpkpHeaderWriterTests { public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000, true); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -106,9 +96,7 @@ public class HpkpHeaderWriterTests { public void allArgsCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000, true, false); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -117,9 +105,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersCustomMaxAgeInSeconds() { this.writer.setMaxAgeInSeconds(2592000); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -128,9 +114,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersIncludeSubDomains() { this.writer.setIncludeSubDomains(true); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -139,9 +123,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersTerminateConnection() { this.writer.setReportOnly(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")) .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -151,9 +133,7 @@ public class HpkpHeaderWriterTests { public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException { this.writer.setReportOnly(false); this.writer.setReportUri(new URI("https://example.com/pkp-report")); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\""); @@ -163,9 +143,7 @@ public class HpkpHeaderWriterTests { public void writeHeadersTerminateConnectionWithURIAsString() { this.writer.setReportOnly(false); this.writer.setReportUri("https://example.com/pkp-report"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\""); @@ -176,7 +154,6 @@ public class HpkpHeaderWriterTests { this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""); @@ -185,9 +162,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersInsecureRequestDoesNotWriteHeader() { this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java index 1ac7ea3b6c..dd006b845d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java @@ -45,7 +45,6 @@ public class HstsHeaderWriterTests { this.request = new MockHttpServletRequest(); this.request.setSecure(true); this.response = new MockHttpServletResponse(); - this.writer = new HstsHeaderWriter(); } @@ -53,9 +52,7 @@ public class HstsHeaderWriterTests { public void allArgsCustomConstructorWriteHeaders() { this.request.setSecure(false); this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000"); } @@ -64,9 +61,7 @@ public class HstsHeaderWriterTests { public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() { this.request.setSecure(false); this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000"); } @@ -74,9 +69,7 @@ public class HstsHeaderWriterTests { @Test public void maxAgeCustomConstructorWriteHeaders() { this.writer = new HstsHeaderWriter(15768000); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=15768000 ; includeSubDomains"); @@ -85,9 +78,7 @@ public class HstsHeaderWriterTests { @Test public void includeSubDomainsCustomConstructorWriteHeaders() { this.writer = new HstsHeaderWriter(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000"); } @@ -95,7 +86,6 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersDefaultValues() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=31536000 ; includeSubDomains"); @@ -104,9 +94,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersIncludeSubDomainsFalse() { this.writer.setIncludeSubDomains(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000"); } @@ -114,9 +102,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersCustomMaxAgeInSeconds() { this.writer.setMaxAgeInSeconds(1); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains"); } @@ -124,9 +110,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersInsecureRequestDoesNotWriteHeader() { this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().isEmpty()).isTrue(); } @@ -134,9 +118,7 @@ public class HstsHeaderWriterTests { public void writeHeadersAnyRequestMatcher() { this.writer.setRequestMatcher(AnyRequestMatcher.INSTANCE); this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=31536000 ; includeSubDomains"); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java index 95d06305e8..b11c344fc3 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java @@ -52,7 +52,6 @@ public class ReferrerPolicyHeaderWriterTests { @Test public void writeHeadersReferrerPolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo(this.DEFAULT_REFERRER_POLICY); } @@ -60,9 +59,7 @@ public class ReferrerPolicyHeaderWriterTests { @Test public void writeHeadersReferrerPolicyCustom() { this.writer = new ReferrerPolicyHeaderWriter(ReferrerPolicy.SAME_ORIGIN); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo("same-origin"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java index ca82d20848..33c077d51d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java @@ -78,7 +78,6 @@ public class StaticHeaderWriterTests { String headerName = "X-header"; String headerValue = "foo"; StaticHeadersWriter factory = new StaticHeadersWriter(headerName, headerValue); - factory.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue)); } @@ -88,9 +87,7 @@ public class StaticHeaderWriterTests { Header pragma = new Header("Pragma", "no-cache"); Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate"); StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl)); - factory.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(2); assertThat(this.response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues()); assertThat(this.response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues()); @@ -106,11 +103,9 @@ public class StaticHeaderWriterTests { Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate"); StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl)); factory.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(2); assertThat(this.response.getHeader("Pragma")).isSameAs(pragmaValue); assertThat(this.response.getHeader("Cache-Control")).isSameAs(cacheControlValue); - } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java index 10288251a9..fac153df1e 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java @@ -46,7 +46,6 @@ public class XContentTypeOptionsHeaderWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java index 775e9058a1..c4525989d4 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java @@ -49,7 +49,6 @@ public class XXssProtectionHeaderWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block"); } @@ -57,9 +56,7 @@ public class XXssProtectionHeaderWriterTests { @Test public void writeHeadersNoBlock() { this.writer.setBlock(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1"); } @@ -68,9 +65,7 @@ public class XXssProtectionHeaderWriterTests { public void writeHeadersDisabled() { this.writer.setBlock(false); this.writer.setEnabled(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0"); } @@ -78,9 +73,7 @@ public class XXssProtectionHeaderWriterTests { @Test public void setEnabledFalseWithBlockTrue() { this.writer.setEnabled(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0"); } @@ -89,7 +82,6 @@ public class XXssProtectionHeaderWriterTests { public void setBlockTrueWithEnabledFalse() { this.writer.setBlock(false); this.writer.setEnabled(false); - this.writer.setBlock(true); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java index b853d1dcbf..10599ea34d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java @@ -39,7 +39,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { @Test public void nullAllowFromParameterValue() { RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -47,7 +46,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { public void emptyAllowFromParameterValue() { this.request.setParameter("x-frames-allow-from", ""); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -57,7 +55,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { this.request.setParameter(customParam, ""); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); strategy.setAllowFromParameterName(customParam); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -66,7 +63,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { String value = "https://example.com"; this.request.setParameter("x-frames-allow-from", value); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo(value); } @@ -75,7 +71,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { String value = "https://example.com"; this.request.setParameter("x-frames-allow-from", value); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java index fdc33bee9c..2bf5e2abdb 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java @@ -69,9 +69,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersAllowFromReturnsNull() { this.writer = new XFrameOptionsHeaderWriter(this.strategy); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().isEmpty()).isTrue(); } @@ -80,9 +78,7 @@ public class FrameOptionsHeaderWriterTests { String allowFromValue = "https://example.com/"; given(this.strategy.getAllowFromValue(this.request)).willReturn(allowFromValue); this.writer = new XFrameOptionsHeaderWriter(this.strategy); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)) .isEqualTo("ALLOW-FROM " + allowFromValue); @@ -91,9 +87,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersDeny() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } @@ -101,9 +95,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersSameOrigin() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN"); } @@ -112,10 +104,8 @@ public class FrameOptionsHeaderWriterTests { public void writeHeadersTwiceLastWins() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN); this.writer.writeHeaders(this.request, this.response); - this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java index 3eb1ab512a..95dc5791c9 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java @@ -44,15 +44,12 @@ public class RegExpAllowFromStrategyTests { RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^https://([a-z0-9]*?\\.)test\\.com"); strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); - request.setParameter("from", "https://www.test.com"); String result1 = strategy.getAllowFromValue(request); assertThat(result1).isEqualTo("https://www.test.com"); - request.setParameter("from", "https://www.test.com"); String result2 = strategy.getAllowFromValue(request); assertThat(result2).isEqualTo("https://www.test.com"); - request.setParameter("from", "https://test.foobar.com"); String result3 = strategy.getAllowFromValue(request); assertThat(result3).isEqualTo("DENY"); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java index 1d088d6c34..3ccc08ed73 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java @@ -51,7 +51,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("https://www.test.com"); } @@ -65,7 +64,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("https://www.test.com"); } @@ -78,7 +76,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test123.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("DENY"); } @@ -90,10 +87,8 @@ public class WhiteListedAllowFromStrategyTests { WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed); strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("DENY"); - } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java index 9c8eb1e38d..d2974bc865 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java @@ -43,9 +43,7 @@ public class XFrameOptionsHeaderWriterTests { public void writeHeadersWhenWhiteList() { WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(Arrays.asList("example.com")); XFrameOptionsHeaderWriter writer = new XFrameOptionsHeaderWriter(whitelist); - writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderValue(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java index 2d6d4e3da5..d8412b2e8c 100644 --- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java @@ -77,7 +77,6 @@ public class JaasApiIntegrationFilterTests { this.filter = new JaasApiIntegrationFilter(); this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.authenticatedSubject = new Subject(); this.authenticatedSubject.getPrincipals().add(() -> "principal"); this.authenticatedSubject.getPrivateCredentials().add("password"); @@ -99,7 +98,6 @@ public class JaasApiIntegrationFilterTests { } }; this.testConfiguration = new Configuration() { - @Override public void refresh() { } @@ -115,7 +113,6 @@ public class JaasApiIntegrationFilterTests { ctx.login(); this.token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx); - // just in case someone forgot to clear the context SecurityContextHolder.clearContext(); } @@ -194,14 +191,12 @@ public class JaasApiIntegrationFilterTests { private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception { MockFilterChain chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { // See if the subject was updated Subject currentSubject = Subject.getSubject(AccessController.getContext()); assertThat(currentSubject).isEqualTo(expectedValue); - // run so we know the chain was executed super.doFilter(request, response); } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java index 7a6b00d6e3..15c202283a 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java @@ -47,7 +47,6 @@ public class CookieMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}"; // @formatter:on - @Test public void serializeCookie() throws JsonProcessingException, JSONException { Cookie cookie = new Cookie("demo", "cookie1"); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java index 0130cc3b9e..f6ec0dedc5 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java @@ -42,7 +42,6 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests { + "\"token\": \"1\"" + "}"; // @formatter:on - @Test public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException { DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1"); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java index d5cff45f45..ba7104fd37 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java @@ -54,7 +54,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}]]"; // @formatter:on - // @formatter:off private static final String REQUEST_JSON = "{" + "\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", " @@ -74,7 +73,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { + "\"serverPort\": 80" + "}"; // @formatter:on - @Test public void matchRequestBuildWithConstructorAndBuilder() { DefaultSavedRequest request = new DefaultSavedRequest.Builder() @@ -86,7 +84,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { MockHttpServletRequest mockRequest = new MockHttpServletRequest(); mockRequest.setCookies(new Cookie("SESSION", "123456789")); mockRequest.addHeader("x-auth-token", "12"); - assert request.doesRequestMatch(mockRequest, new PortResolverImpl()); } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java index a4a79d5e6d..7be1a9514e 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java @@ -44,7 +44,6 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - PreAuthenticatedAuthenticationToken expected; @Before diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java index 597357a8ca..8fc97e5db1 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java @@ -51,13 +51,11 @@ public class SavedCookieMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}"; // @formatter:on - // @formatter:off private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [" + COOKIE_JSON + "]]"; // @formatter:on - @Test public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException { SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789")); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java index 2a821f308a..4b353a4cb8 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java @@ -43,15 +43,12 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests { + "\"/localhost\"" + "}"; // @formatter:on - @Test public void buildWebAuthenticationDetailsUsingDifferentConstructors() throws IOException { MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("localhost"); request.setSession(new MockHttpSession(null, "1")); - WebAuthenticationDetails details = new WebAuthenticationDetails(request); - WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON, WebAuthenticationDetails.class); assertThat(details.equals(authenticationDetails)); diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java index 0e8f447630..00ad5c7657 100644 --- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java +++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java @@ -260,17 +260,14 @@ public final class ResolvableMethod { factory.addAdvice(interceptor); return (T) factory.getProxy(); } - else { Enhancer enhancer = new Enhancer(); enhancer.setSuperclass(type); enhancer.setInterfaces(new Class[] { Supplier.class }); enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE); enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class); - Class proxyClass = enhancer.createClass(); Object proxy = null; - if (objenesis.isWorthTrying()) { try { proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache()); @@ -279,7 +276,6 @@ public final class ResolvableMethod { logger.debug("Objenesis failed, falling back to default constructor", ex); } } - if (proxy == null) { try { proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance(); @@ -290,7 +286,6 @@ public final class ResolvableMethod { ex); } } - ((Factory) proxy).setCallbacks(new Callback[] { interceptor }); return (T) proxy; } @@ -426,7 +421,6 @@ public final class ResolvableMethod { } // Build & resolve shortcuts... - /** * Resolve and return the {@code Method} equivalent to: *

@@ -475,7 +469,6 @@ public final class ResolvableMethod { */ public MethodParameter resolveReturnType(Class returnType, ResolvableType generic, ResolvableType... generics) { - return returning(returnType, generic, generics).build().returnType(); } diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java index 3e78d79014..745902a800 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java @@ -84,7 +84,6 @@ public class CsrfTokenArgumentResolverTests { @Test public void resolveArgumentFound() throws Exception { this.request.setAttribute(CsrfToken.class.getName(), this.token); - assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory)) .isSameAs(this.token); } diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java index 7dfb2df30c..71d6687f9d 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java @@ -139,7 +139,6 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentUserDetails() { setAuthenticationDetail(new User("my_user", "my_password", AuthorityUtils.createAuthorityList("ROLE_USER"))); - User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null, null); assertThat(u.getUsername()).isEqualTo("my_user"); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java index 6bfabe3794..d7d5a915cd 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java @@ -94,19 +94,15 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenIsAuthenticationThenObtainsPrincipal() { MethodParameter parameter = this.authenticationPrincipal.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(this.authentication.getPrincipal()); } @Test public void resolveArgumentWhenIsEmptyThenMonoEmpty() { MethodParameter parameter = this.authenticationPrincipal.arg(String.class); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - assertThat(argument).isNotNull(); assertThat(argument.block()).isNull(); } @@ -115,10 +111,8 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenMonoIsAuthenticationThenObtainsPrincipal() { MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @@ -127,10 +121,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build() .arg(Mono.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @@ -139,10 +131,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MyUser user = new MyUser(3L); MethodParameter parameter = this.spel.arg(Long.class); given(this.authentication.getPrincipal()).willReturn(user); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(user.getId()); } @@ -152,10 +142,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.bean.arg(Long.class); given(this.authentication.getPrincipal()).willReturn(user); given(this.beanResolver.resolve(any(), eq("beanName"))).willReturn(new Bean()); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(user.getId()); } @@ -163,10 +151,8 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenMetaThenObtainsPrincipal() { MethodParameter parameter = this.meta.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo("user"); } @@ -175,10 +161,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isNull(); } @@ -187,10 +171,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isNull(); } @@ -199,10 +181,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java index fbaf87fa7f..874b565652 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java @@ -122,7 +122,6 @@ public class CsrfRequestDataValueProcessorTests { this.exchange.getAttributes().put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token); Map expected = new HashMap<>(); expected.put(token.getParameterName(), token.getToken()); - CsrfRequestDataValueProcessor processor = new CsrfRequestDataValueProcessor(); assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java index b6a8596640..4b24012da9 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java @@ -39,7 +39,6 @@ public class CookieRequestCacheTests { @Test public void saveRequestWhenMatchesThenSavedRequestInACookieOnResponse() { CookieRequestCache cookieRequestCache = new CookieRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(443); request.setSecure(true); @@ -48,15 +47,11 @@ public class CookieRequestCacheTests { request.setRequestURI("/destination"); request.setQueryString("param1=a¶m2=b¶m3=1122"); MockHttpServletResponse response = new MockHttpServletResponse(); - cookieRequestCache.saveRequest(request, response); - Cookie savedCookie = response.getCookie(DEFAULT_COOKIE_NAME); assertThat(savedCookie).isNotNull(); - String redirectUrl = decodeCookie(savedCookie.getValue()); assertThat(redirectUrl).isEqualTo("https://abc.com/destination?param1=a¶m2=b¶m3=1122"); - assertThat(savedCookie.getMaxAge()).isEqualTo(-1); assertThat(savedCookie.getPath()).isEqualTo("/"); assertThat(savedCookie.isHttpOnly()).isTrue(); @@ -74,14 +69,11 @@ public class CookieRequestCacheTests { public void getMatchingRequestWhenRequestMatcherDefinedThenReturnsCorrectSubsetOfCachedRequests() { CookieRequestCache cookieRequestCache = new CookieRequestCache(); cookieRequestCache.setRequestMatcher((request) -> request.getRequestURI().equals("/expected-destination")); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cookieRequestCache.saveRequest(request, response); - SavedRequest savedRequest = cookieRequestCache.getRequest(request, response); assertThat(savedRequest).isNull(); - HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response); assertThat(matchingRequest).isNull(); } @@ -105,12 +97,10 @@ public class CookieRequestCacheTests { @Test public void getRequestWhenRequestContainsSavedRequestCookieThenReturnsSaveRequest() { - CookieRequestCache cookieRequestCache = new CookieRequestCache(); MockHttpServletRequest request = new MockHttpServletRequest(); String redirectUrl = "https://abc.com/destination?param1=a¶m2=b¶m3=1122"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); - SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse()); assertThat(savedRequest).isNotNull(); assertThat(savedRequest.getRedirectUrl()).isEqualTo(redirectUrl); @@ -118,10 +108,8 @@ public class CookieRequestCacheTests { @Test public void matchingRequestWhenRequestDoesNotContainSavedRequestCookieThenReturnsNull() { - CookieRequestCache cookieRequestCache = new CookieRequestCache(); MockHttpServletResponse response = new MockHttpServletResponse(); - HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(new MockHttpServletRequest(), response); assertThat(matchingRequest).isNull(); @@ -138,11 +126,9 @@ public class CookieRequestCacheTests { request.setServerName("abc.com"); request.setRequestURI("/destination"); request.setQueryString("param1=a¶m2=b¶m3=1122"); - String redirectUrl = "https://abc.com/destination?param1=a¶m2=b¶m3=1122"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); MockHttpServletResponse response = new MockHttpServletResponse(); - cookieRequestCache.getMatchingRequest(request, response); Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME); assertThat(expiredCookie).isNotNull(); @@ -159,11 +145,9 @@ public class CookieRequestCacheTests { request.setScheme("https"); request.setServerName("abc.com"); request.setRequestURI("/destination"); - String redirectUrl = "https://abc.com/api"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); MockHttpServletResponse response = new MockHttpServletResponse(); - final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response); assertThat(matchingRequest).isNull(); Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME); diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java index d352f5242a..83a9499f60 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java @@ -43,24 +43,20 @@ public class HttpSessionRequestCacheTests { @Test public void originalGetRequestDoesntMatchIncomingPost() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull(); assertThat(cache.getRequest(request, response)).isNotNull(); - MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination"); newRequest.setSession(request.getSession()); assertThat(cache.getMatchingRequest(newRequest, response)).isNull(); - } @Test public void requestMatcherDefinesCorrectSubsetOfCachedRequests() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); cache.setRequestMatcher((request) -> request.getMethod().equals("GET")); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); @@ -75,16 +71,13 @@ public class HttpSessionRequestCacheTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); HttpSessionRequestCache cache = new HttpSessionRequestCache() { - @Override public void saveRequest(HttpServletRequest request, HttpServletResponse response) { request.getSession().setAttribute(SAVED_REQUEST, new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl()))); } - }; cache.saveRequest(request, response); - cache.saveRequest(request, response); assertThat(cache.getRequest(request, response)).isInstanceOf(CustomSavedRequest.class); } @@ -93,14 +86,11 @@ public class HttpSessionRequestCacheTests { public void testCustomSessionAttrName() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); cache.setSessionAttrName("CUSTOM_SAVED_REQUEST"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); - assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull(); assertThat(request.getSession().getAttribute("CUSTOM_SAVED_REQUEST")).isNotNull(); - } private static final class CustomSavedRequest implements SavedRequest { diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java index 6457a22d6d..08414bf576 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java @@ -34,12 +34,10 @@ public class RequestCacheAwareFilterTests { public void doFilterWhenHttpSessionRequestCacheConfiguredThenSavedRequestRemovedAfterMatch() throws Exception { RequestCacheAwareFilter filter = new RequestCacheAwareFilter(); HttpSessionRequestCache cache = new HttpSessionRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull(); - filter.doFilter(request, response, new MockFilterChain()); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull(); } @@ -48,14 +46,12 @@ public class RequestCacheAwareFilterTests { public void doFilterWhenCookieRequestCacheConfiguredThenExpiredSavedRequestCookieSetAfterMatch() throws Exception { CookieRequestCache cache = new CookieRequestCache(); RequestCacheAwareFilter filter = new RequestCacheAwareFilter(cache); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerName("abc.com"); request.setRequestURI("/destination"); request.setScheme("https"); request.setServerPort(443); request.setSecure(true); - String encodedRedirectUrl = Base64.getEncoder().encodeToString("https://abc.com/destination".getBytes()); Cookie savedRequest = new Cookie("REDIRECT_URI", encodedRedirectUrl); savedRequest.setMaxAge(-1); @@ -63,11 +59,8 @@ public class RequestCacheAwareFilterTests { savedRequest.setPath("/"); savedRequest.setHttpOnly(true); request.setCookies(savedRequest); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, new MockFilterChain()); - Cookie expiredCookie = response.getCookie("REDIRECT_URI"); assertThat(expiredCookie).isNotNull(); assertThat(expiredCookie.getValue()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java index 6a3ba4987c..b1d0d23a45 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java @@ -56,11 +56,9 @@ public class SavedRequestAwareWrapperTests { MockHttpServletRequest savedRequest = new MockHttpServletRequest(); savedRequest.addHeader("header", "savedheader"); SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest()); - assertThat(wrapper.getHeader("nonexistent")).isNull(); Enumeration headers = wrapper.getHeaders("nonexistent"); assertThat(headers.hasMoreElements()).isFalse(); - assertThat(wrapper.getHeader("Header")).isEqualTo("savedheader"); headers = wrapper.getHeaders("heaDer"); assertThat(headers.hasMoreElements()).isTrue(); @@ -125,7 +123,6 @@ public class SavedRequestAwareWrapperTests { savedRequest.setParameter("action", "foo"); MockHttpServletRequest wrappedRequest = new MockHttpServletRequest(); SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, wrappedRequest); - assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "foo" }); wrappedRequest.setParameter("action", "bar"); assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "bar", "foo" }); @@ -144,7 +141,6 @@ public class SavedRequestAwareWrapperTests { request.addHeader("header", nowString); SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest()); assertThat(wrapper.getDateHeader("header")).isEqualTo(now.getTime()); - assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L); } @@ -169,7 +165,6 @@ public class SavedRequestAwareWrapperTests { request.addHeader("header", "999"); request.addHeader("header", "1000"); SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest()); - assertThat(wrapper.getIntHeader("header")).isEqualTo(999); assertThat(wrapper.getIntHeader("nonexistent")).isEqualTo(-1); } diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java index 24aa5ecb80..45afe5fa6a 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java @@ -33,30 +33,24 @@ public class SimpleSavedRequestTests { @Test public void constructorWhenGivenSavedRequestThenCopies() { SavedRequest savedRequest = new SimpleSavedRequest(prepareSavedRequest()); - assertThat(savedRequest.getMethod()).isEqualTo("POST"); - List cookies = savedRequest.getCookies(); assertThat(cookies).hasSize(1); Cookie cookie = cookies.get(0); assertThat(cookie.getName()).isEqualTo("cookiename"); assertThat(cookie.getValue()).isEqualTo("cookievalue"); - Collection headerNames = savedRequest.getHeaderNames(); assertThat(headerNames).hasSize(1); String headerName = headerNames.iterator().next(); assertThat(headerName).isEqualTo("headername"); - List headerValues = savedRequest.getHeaderValues("headername"); assertThat(headerValues).hasSize(1); String headerValue = headerValues.get(0); assertThat(headerValue).isEqualTo("headervalue"); - List locales = savedRequest.getLocales(); assertThat(locales).hasSize(1); Locale locale = locales.get(0); assertThat(locale).isEqualTo(Locale.ENGLISH); - Map parameterMap = savedRequest.getParameterMap(); assertThat(parameterMap).hasSize(1); String[] values = parameterMap.get("key"); @@ -67,7 +61,6 @@ public class SimpleSavedRequestTests { @Test public void constructorWhenGivenRedirectUrlThenDefaultValues() { SavedRequest savedRequest = new SimpleSavedRequest("redirectUrl"); - assertThat(savedRequest.getMethod()).isEqualTo("GET"); assertThat(savedRequest.getCookies()).isEmpty(); assertThat(savedRequest.getHeaderNames()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java index 634f0704dc..eaf5c1ece7 100644 --- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java @@ -58,16 +58,13 @@ public class DefaultServerRedirectStrategyTests { @Test public void sendRedirectWhenNoSubscribersThenNoActions() { this.strategy.sendRedirect(this.exchange, this.location); - verifyZeroInteractions(this.exchange); } @Test public void sendRedirectWhenNoContextPathThenStatusAndLocationSet() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -75,9 +72,7 @@ public class DefaultServerRedirectStrategyTests { @Test public void sendRedirectWhenContextPathSetThenStatusAndLocationSet() { this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()) .hasPath("/context" + this.location.getPath()); @@ -87,9 +82,7 @@ public class DefaultServerRedirectStrategyTests { public void sendRedirectWhenContextPathSetAndAbsoluteURLThenStatusAndLocationSet() { this.location = URI.create("https://example.com/foo/bar"); this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -98,9 +91,7 @@ public class DefaultServerRedirectStrategyTests { public void sendRedirectWhenContextPathSetAndDisabledThenStatusAndLocationSet() { this.strategy.setContextRelative(false); this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -110,9 +101,7 @@ public class DefaultServerRedirectStrategyTests { HttpStatus status = HttpStatus.MOVED_PERMANENTLY; this.strategy.setHttpStatus(status); this.exchange = exchange(MockServerHttpRequest.get("/")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(status); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java index 924a940fd4..d80795a937 100644 --- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java @@ -69,10 +69,8 @@ public class DelegatingServerAuthenticationEntryPointTests { given(this.delegate2.commence(this.exchange, this.e)).willReturn(expectedResult); this.entryPoint = new DelegatingServerAuthenticationEntryPoint(new DelegateEntry(this.matcher1, this.delegate1), new DelegateEntry(this.matcher2, this.delegate2)); - Mono actualResult = this.entryPoint.commence(this.exchange, this.e); actualResult.block(); - verifyZeroInteractions(this.delegate1); verify(this.delegate2).commence(this.exchange, this.e); } @@ -82,9 +80,7 @@ public class DelegatingServerAuthenticationEntryPointTests { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); this.entryPoint = new DelegatingServerAuthenticationEntryPoint( new DelegateEntry(this.matcher1, this.delegate1)); - this.entryPoint.commence(this.exchange, this.e).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); verifyZeroInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java index a0b4bf8b3a..cb60a158bf 100644 --- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java @@ -34,7 +34,6 @@ import org.springframework.web.server.WebFilterChain; * @author Rob Winch * @since 5.0 */ - public class WebFilterChainProxyTests { // gh-4668 @@ -44,7 +43,6 @@ public class WebFilterChainProxyTests { ServerWebExchangeMatcher notMatch = (exchange) -> MatchResult.notMatch(); MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters); WebFilterChainProxy filter = new WebFilterChainProxy(chain); - WebTestClient.bindToController(new Object()).webFilter(filter).build().get().exchange().expectStatus() .isNotFound(); } diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java index f5e67ca78c..b896310add 100644 --- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java +++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java @@ -54,14 +54,12 @@ public class WebFilterExchangeTests { @Test public void getExchange() { WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain); - assertThat(filterExchange.getExchange()).isEqualTo(this.exchange); } @Test public void getChain() { WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain); - assertThat(filterExchange.getChain()).isEqualTo(this.chain); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java index 41c965d4f5..7bbbcc9985 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java @@ -42,10 +42,8 @@ public class AnonymousAuthenticationWebFilterTests { @Test public void anonymousAuthenticationFilterWorking() { - WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(HttpMeController.class, new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java index 9cee39d0d9..6addc3d8ad 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java @@ -64,35 +64,30 @@ public class AuthenticationConverterServerWebExchangeMatcherTests { @Test public void matchesWhenNotEmptyThenReturnTrue() { given(this.converter.convert(any())).willReturn(Mono.just(this.authentication)); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @Test public void matchesWhenEmptyThenReturnFalse() { given(this.converter.convert(any())).willReturn(Mono.empty()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @Test public void matchesWhenErrorThenReturnFalse() { given(this.converter.convert(any())).willReturn(Mono.error(new RuntimeException())); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @Test public void matchesWhenNullThenThrowsException() { given(this.converter.convert(any())).willReturn(null); - assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class); } @Test public void matchesWhenExceptionThenPropagates() { given(this.converter.convert(any())).willThrow(RuntimeException.class); - assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java index 4c935b969d..863cc1183a 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java @@ -83,13 +83,10 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - verifyZeroInteractions(this.authenticationManager); assertThat(result.getResponseCookies()).isEmpty(); } @@ -97,13 +94,10 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - verifyZeroInteractions(this.authenticationManagerResolver); assertThat(result.getResponseCookies()).isEmpty(); } @@ -113,14 +107,11 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -129,16 +120,12 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); - this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -147,13 +134,10 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("failed"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -162,27 +146,20 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("failed"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); - this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); - assertThat(result.getResponseCookies()).isEmpty(); } @Test public void filterWhenConvertEmptyThenOk() { given(this.authenticationConverter.convert(any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler); } @@ -190,11 +167,8 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenConvertErrorThenServerError() { given(this.authenticationConverter.convert(any())).willReturn(Mono.error(new RuntimeException("Unexpected"))); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler); } @@ -206,11 +180,8 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())).willReturn(authentication); given(this.successHandler.onAuthenticationSuccess(any(), any())).willReturn(Mono.empty()); given(this.securityContextRepository.save(any(), any())).willAnswer((a) -> Mono.just(a.getArguments()[0])); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty(); - verify(this.successHandler).onAuthenticationSuccess(any(), eq(authentication.block())); verify(this.securityContextRepository).save(any(), any()); verifyZeroInteractions(this.failureHandler); @@ -221,11 +192,8 @@ public class AuthenticationWebFilterTests { Mono authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER")); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler, this.failureHandler); } @@ -233,14 +201,11 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() { this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); verifyZeroInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler); } @@ -252,11 +217,8 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("Failed"))); given(this.failureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty(); - verify(this.failureHandler).onAuthenticationFailure(any(), any()); verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler); @@ -267,11 +229,8 @@ public class AuthenticationWebFilterTests { Mono authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER")); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(Mono.error(new RuntimeException("Failed"))); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler, this.failureHandler); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java index 179ae25eba..5c3e1a6319 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java @@ -84,9 +84,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { public void onAuthenticationSuccessWhenSingleThenExecuted() { DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler( this.delegate1); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); } @@ -94,9 +92,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { public void onAuthenticationSuccessWhenMultipleThenExecuted() { DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler( this.delegate1, this.delegate2); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); this.delegate2Result.assertWasSubscribed(); } @@ -114,9 +110,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { }); DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow, second); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java index b40e6b5d06..43c8828e48 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java @@ -48,16 +48,13 @@ public class HttpBasicServerAuthenticationEntryPointTests { @Test public void commenceWhenNoSubscribersThenNoActions() { this.entryPoint.commence(this.exchange, this.exception); - verifyZeroInteractions(this.exchange); } @Test public void commenceWhenSubscribeThenStatusAndHeaderSet() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) .containsOnly("Basic realm=\"Realm\""); @@ -67,9 +64,7 @@ public class HttpBasicServerAuthenticationEntryPointTests { public void commenceWhenCustomRealmThenStatusAndHeaderSet() { this.entryPoint.setRealm("Custom"); this.exchange = exchange(MockServerHttpRequest.get("/")); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) .containsOnly("Basic realm=\"Custom\""); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java index f5e40368dd..2fb7ea2f87 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java @@ -63,7 +63,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { @Test public void returnsAuthenticatedTokenForValidAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.validAccount)); - Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername())) .block(); assertThat(authentication.isAuthenticated()).isEqualTo(true); @@ -72,28 +71,24 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { @Test(expected = UsernameNotFoundException.class) public void returnsNullForNonExistingAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty()); - this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block(); } @Test(expected = LockedException.class) public void throwsExceptionForLockedAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount)); - this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block(); } @Test(expected = DisabledException.class) public void throwsExceptionForDisabledAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount)); - this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block(); } @Test(expected = AccountExpiredException.class) public void throwsExceptionForExpiredAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount)); - this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block(); } @@ -101,7 +96,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { public void throwsExceptionForAccountWithExpiredCredentials() { given(this.mockUserDetailsService.findByUsername(anyString())) .willReturn(Mono.just(this.accountWithExpiredCredentials)); - this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java index e6b075f2ad..d48160c43f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java @@ -64,7 +64,6 @@ public class RedirectServerAuthenticationEntryPointTests { public void commenceWhenNoSubscribersThenNoActions() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); this.entryPoint.commence(this.exchange, this.exception); - assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getSession().block().isStarted()).isFalse(); } @@ -72,9 +71,7 @@ public class RedirectServerAuthenticationEntryPointTests { @Test public void commenceWhenSubscribeThenStatusAndLocationSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location); } @@ -85,9 +82,7 @@ public class RedirectServerAuthenticationEntryPointTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.entryPoint.setRedirectStrategy(this.redirectStrategy); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.entryPoint.commence(this.exchange, this.exception).block(); - redirectResult.assertWasSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java index 25cba86938..6f0cb185a0 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java @@ -65,7 +65,6 @@ public class RedirectServerAuthenticationFailureHandlerTests { public void commenceWhenNoSubscribersThenNoActions() { this.exchange = createExchange(); this.handler.onAuthenticationFailure(this.exchange, this.exception); - assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse(); } @@ -73,9 +72,7 @@ public class RedirectServerAuthenticationFailureHandlerTests { @Test public void commenceWhenSubscribeThenStatusAndLocationSet() { this.exchange = createExchange(); - this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); - assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location); } @@ -86,9 +83,7 @@ public class RedirectServerAuthenticationFailureHandlerTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.handler.setRedirectStrategy(this.redirectStrategy); this.exchange = createExchange(); - this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); - redirectResult.assertWasSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java index 8fe06ccb91..6a4054b620 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java @@ -70,9 +70,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests { @Test public void successWhenNoSubscribersThenNoActions() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication); - assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getSession().block().isStarted()).isFalse(); } @@ -80,10 +78,8 @@ public class RedirectServerAuthenticationSuccessHandlerTests { @Test public void successWhenSubscribeThenStatusAndLocationSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) .block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location); } @@ -94,7 +90,6 @@ public class RedirectServerAuthenticationSuccessHandlerTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.handler.setRedirectStrategy(this.redirectStrategy); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) .block(); redirectResult.assertWasSubscribed(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java index 23d0288917..ffa96d4e38 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java @@ -65,7 +65,6 @@ public class ServerAuthenticationEntryPointFailureHandlerTests { Mono result = Mono.empty(); BadCredentialsException e = new BadCredentialsException("Failed"); given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(result); - assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java index 0088aa89b8..49d6866fde 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java @@ -56,9 +56,7 @@ public class ServerFormLoginAuthenticationConverterTests { String password = "password"; this.data.add("username", username); this.data.add("password", password); - Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isEqualTo(username); assertThat(authentication.getCredentials()).isEqualTo(password); assertThat(authentication.getAuthorities()).isEmpty(); @@ -74,9 +72,7 @@ public class ServerFormLoginAuthenticationConverterTests { this.converter.setPasswordParameter(passwordParameter); this.data.add(usernameParameter, username); this.data.add(passwordParameter, password); - Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isEqualTo(username); assertThat(authentication.getCredentials()).isEqualTo(password); assertThat(authentication.getAuthorities()).isEmpty(); @@ -85,7 +81,6 @@ public class ServerFormLoginAuthenticationConverterTests { @Test public void applyWhenNoDataThenCreatesTokenSuccess() { Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isNullOrEmpty(); assertThat(authentication.getCredentials()).isNull(); assertThat(authentication.getAuthorities()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java index da1500df3b..b00b308031 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java @@ -40,35 +40,30 @@ public class ServerHttpBasicAuthenticationConverterTests { @Test public void applyWhenNoAuthorizationHeaderThenEmpty() { Mono result = apply(this.request); - assertThat(result.block()).isNull(); } @Test public void applyWhenEmptyAuthorizationHeaderThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "")); - assertThat(result.block()).isNull(); } @Test public void applyWhenOnlyBasicAuthorizationHeaderThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic ")); - assertThat(result.block()).isNull(); } @Test public void applyWhenNotBase64ThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic z")); - assertThat(result.block()).isNull(); } @Test public void applyWhenNoSemicolonThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg==")); - assertThat(result.block()).isNull(); } @@ -76,7 +71,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenUserPasswordThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -87,7 +81,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenUserPasswordHasColonThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ=")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -98,7 +91,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenLowercaseSchemeThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA==")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -109,7 +101,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenWrongSchemeThenEmpty() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "token dXNlcjpwYXNzd29yZA==")); - assertThat(result.block()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java index 6e5d2e83db..f94d6aeb33 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java @@ -52,7 +52,6 @@ public class ServerX509AuthenticationConverterTests { @Before public void setUp() throws Exception { this.request = MockServerHttpRequest.get("/"); - this.certificate = X509TestUtils.buildTestCertificate(); given(this.principalExtractor.extractPrincipal(any())).willReturn("Luke Taylor"); } @@ -61,17 +60,14 @@ public class ServerX509AuthenticationConverterTests { public void shouldReturnNullForInvalidCertificate() { Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) .block(); - assertThat(authentication).isNull(); } @Test public void shouldReturnAuthenticationForValidCertificate() { this.request.sslInfo(new MockSslInfo(this.certificate)); - Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) .block(); - assertThat(authentication.getName()).isEqualTo("Luke Taylor"); assertThat(authentication.getCredentials()).isEqualTo(this.certificate); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java index ae7e5531fb..2161e8660c 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java @@ -103,7 +103,6 @@ public class SwitchUserWebFilterTests { verifyNoInteractions(this.successHandler); verifyNoInteractions(this.failureHandler); verifyNoInteractions(this.serverSecurityContextRepository); - verify(chain).filter(exchange); } @@ -111,39 +110,29 @@ public class SwitchUserWebFilterTests { public void switchUser() { final String targetUsername = "TEST_USERNAME"; final UserDetails switchUserDetails = switchUserDetails(targetUsername, true); - final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("principal", "credentials"); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); - given(this.userDetailsService.findByUsername(targetUsername)).willReturn(Mono.just(switchUserDetails)); given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - verifyNoInteractions(chain); verify(this.userDetailsService).findByUsername(targetUsername); - final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture()); final SecurityContext savedSecurityContext = securityContextCaptor.getValue(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication switchUserAuthentication = authenticationCaptor.getValue(); - assertThat(switchUserAuthentication).isSameAs(savedSecurityContext.getAuthentication()); assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername); assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance); @@ -159,37 +148,28 @@ public class SwitchUserWebFilterTests { public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() { final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); - final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); - final String targetUsername = "newSwitchPrincipal"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); - given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); given(this.userDetailsService.findByUsername(targetUsername)) .willReturn(Mono.just(switchUserDetails(targetUsername, true))); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue(); - assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername); assertThat(secondSwitchUserAuthentication.getAuthorities().stream() .filter((a) -> a instanceof SwitchUserGrantedAuthority) @@ -201,13 +181,10 @@ public class SwitchUserWebFilterTests { public void switchUserWhenUsernameIsMissingThenThrowException() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - this.exceptionRule.expect(IllegalArgumentException.class); this.exceptionRule.expectMessage("The userName can not be null."); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -219,19 +196,15 @@ public class SwitchUserWebFilterTests { final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)); verifyNoInteractions(chain); } @@ -239,19 +212,14 @@ public class SwitchUserWebFilterTests { @Test public void switchUserWhenFailureHandlerNotDefinedThenReturnError() { this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null); - final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); - this.exceptionRule.expect(DisabledException.class); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -262,37 +230,28 @@ public class SwitchUserWebFilterTests { public void exitSwitchThenReturnToOriginalAuthentication() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); - given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture()); final SecurityContext savedSecurityContext = securityContextCaptor.getValue(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication originalAuthenticationValue = authenticationCaptor.getValue(); - assertThat(savedSecurityContext.getAuthentication()).isSameAs(originalAuthentication); assertThat(originalAuthenticationValue).isSameAs(originalAuthentication); verifyNoInteractions(chain); @@ -302,16 +261,12 @@ public class SwitchUserWebFilterTests { public void exitSwitchWhenUserNotSwitchedThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); - this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class); this.exceptionRule.expectMessage("Could not find original Authentication object"); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -322,12 +277,9 @@ public class SwitchUserWebFilterTests { public void exitSwitchWhenNoCurrentUserThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final WebFilterChain chain = mock(WebFilterChain.class); - this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class); this.exceptionRule.expectMessage("No current user associated with this request"); - this.switchUserWebFilter.filter(exchange, chain).block(); verifyNoInteractions(chain); } @@ -373,14 +325,11 @@ public class SwitchUserWebFilterTests { "failure/target/url"); final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler"); assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class); - final Object failureHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "failureHandler"); assertThat(failureHandler).isInstanceOf(RedirectServerAuthenticationFailureHandler.class); - final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter, "securityContextRepository"); assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class); - final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker"); assertThat(userDetailsChecker instanceof AccountStatusUserDetailsChecker).isTrue(); } @@ -426,16 +375,13 @@ public class SwitchUserWebFilterTests { public void setExitUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); this.switchUserWebFilter.setExitUserUrl("/exit-url"); final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url")); final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue(); } @@ -451,20 +397,14 @@ public class SwitchUserWebFilterTests { public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); - final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/exit-url"); - this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher); - final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(currentExitUserMatcher).isSameAs(newExitUserMatcher); } @@ -488,14 +428,10 @@ public class SwitchUserWebFilterTests { public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); - assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); - this.switchUserWebFilter.setSwitchUserUrl("/switch-url"); - final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url")); final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); @@ -514,17 +450,12 @@ public class SwitchUserWebFilterTests { public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); - assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); - final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/switch-url"); - this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher); - final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java index 9414b01363..0f42d12f4d 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java @@ -94,7 +94,6 @@ public class DelegatingServerLogoutHandlerTests { public void logoutWhenSingleThenExecuted() { DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1); handler.logout(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); } @@ -102,7 +101,6 @@ public class DelegatingServerLogoutHandlerTests { public void logoutWhenMultipleThenExecuted() { DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1, this.delegate2); handler.logout(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); this.delegate2Result.assertWasSubscribed(); } @@ -118,9 +116,7 @@ public class DelegatingServerLogoutHandlerTests { assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); }); DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(slow, second); - handler.logout(this.exchange, this.authentication).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java index 0cb532a837..af8cad8e6b 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java @@ -48,9 +48,7 @@ public class HeaderWriterServerLogoutHandlerTests { WebFilterExchange filterExchange = mock(WebFilterExchange.class); given(filterExchange.getExchange()).willReturn(serverWebExchange); Authentication authentication = mock(Authentication.class); - handler.logout(filterExchange, authentication); - verify(headersWriter).writeHttpHeaders(serverWebExchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java index 09065c9dd7..d26a9b345f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java @@ -40,7 +40,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler().onLogoutSuccess(filterExchange, mock(Authentication.class)) .block(); - assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.OK); } @@ -49,7 +48,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.NO_CONTENT) .onLogoutSuccess(filterExchange, mock(Authentication.class)).block(); - assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT); } @@ -63,7 +61,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { private static WebFilterExchange buildFilterExchange() { MockServerHttpRequest request = MockServerHttpRequest.get("/").build(); MockServerWebExchange exchange = MockServerWebExchange.from(request); - return new WebFilterExchange(exchange, mock(WebFilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java index 4439a68961..d87fdeb9fb 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java @@ -56,7 +56,6 @@ public class LogoutWebFilterTests { public void singleLogoutHandler() { this.logoutWebFilter.setLogoutHandler(this.handler1); this.logoutWebFilter.setLogoutHandler(this.handler2); - assertThat(getLogoutHandler()).isNotNull().isInstanceOf(ServerLogoutHandler.class) .isNotInstanceOf(SecurityContextServerLogoutHandler.class).extracting(ServerLogoutHandler::getClass) .isEqualTo(this.handler2.getClass()); @@ -66,7 +65,6 @@ public class LogoutWebFilterTests { public void multipleLogoutHandlers() { this.logoutWebFilter .setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3)); - assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) .extracting((delegatingLogoutHandler) -> ((Collection) ReflectionTestUtils .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java index 0bcbcb5edc..0afc768ed2 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java @@ -55,9 +55,7 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -67,10 +65,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> a.flatMap((auth) -> Mono.error(new AccessDeniedException("Denied")))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl()))); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -80,10 +76,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R"))); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -94,10 +88,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); context.assertWasNotSubscribed(); @@ -109,10 +101,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.just(new AuthorizationDecision(true))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasNotSubscribed(); @@ -124,10 +114,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a .map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasSubscribed(); diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java index c052bf2b2c..ae9e0bbc8f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java @@ -80,9 +80,7 @@ public class DelegatingReactiveAuthorizationManagerTests { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); - verifyZeroInteractions(this.match2, this.delegate2); } @@ -92,9 +90,7 @@ public class DelegatingReactiveAuthorizationManagerTests { given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); - verifyZeroInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java index 79ae02cbc2..4e6a9c7285 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java @@ -71,7 +71,6 @@ public class ExceptionTranslationWebFilterTests { given(this.exchange.getResponse()).willReturn(new MockServerHttpResponse()); given(this.deniedHandler.handle(any(), any())).willReturn(this.deniedPublisher.mono()); given(this.entryPoint.commence(any(), any())).willReturn(this.entryPointPublisher.mono()); - this.filter.setAuthenticationEntryPoint(this.entryPoint); this.filter.setAccessDeniedHandler(this.deniedHandler); } @@ -79,9 +78,7 @@ public class ExceptionTranslationWebFilterTests { @Test public void filterWhenNoExceptionThenNotHandled() { given(this.chain.filter(this.exchange)).willReturn(Mono.empty()); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } @@ -89,10 +86,8 @@ public class ExceptionTranslationWebFilterTests { @Test public void filterWhenNotAccessDeniedExceptionThenNotHandled() { given(this.chain.filter(this.exchange)).willReturn(Mono.error(new IllegalArgumentException("oops"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class) .verify(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } @@ -101,9 +96,7 @@ public class ExceptionTranslationWebFilterTests { public void filterWhenAccessDeniedExceptionAndNotAuthenticatedThenHandled() { given(this.exchange.getPrincipal()).willReturn(Mono.empty()); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).verifyComplete(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasSubscribed(); } @@ -113,9 +106,7 @@ public class ExceptionTranslationWebFilterTests { this.filter = new ExceptionTranslationWebFilter(); given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal)); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -124,9 +115,7 @@ public class ExceptionTranslationWebFilterTests { this.filter = new ExceptionTranslationWebFilter(); given(this.exchange.getPrincipal()).willReturn(Mono.empty()); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } @@ -134,9 +123,7 @@ public class ExceptionTranslationWebFilterTests { public void filterWhenAccessDeniedExceptionAndAuthenticatedThenHandled() { given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal)); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - this.deniedPublisher.assertWasSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java index 599bbd842b..08cde18541 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java @@ -54,16 +54,13 @@ public class HttpStatusServerAccessDeniedHandlerTests { @Test public void commenceWhenNoSubscribersThenNoActions() { this.handler.handle(this.exchange, this.exception); - verifyZeroInteractions(this.exchange); } @Test public void commenceWhenSubscribeThenStatusSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.handle(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus); } @@ -72,9 +69,7 @@ public class HttpStatusServerAccessDeniedHandlerTests { this.httpStatus = HttpStatus.NOT_FOUND; this.handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.handle(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java index 0467943bf2..896f8d20f3 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java @@ -57,13 +57,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(matcher.matches(this.exchange)).willReturn(MatchResult.notMatch()); given(handler.handle(this.exchange, null)).willReturn(Mono.empty()); given(this.accessDeniedHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(matcher, handler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler); - this.delegator.handle(this.exchange, null).block(); - verify(this.accessDeniedHandler).handle(this.exchange, null); verify(handler, never()).handle(this.exchange, null); } @@ -77,14 +74,11 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.match()); given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty()); given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(firstMatcher, firstHandler)); this.entries.add(new DelegateEntry(secondMatcher, secondHandler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler); - this.delegator.handle(this.exchange, null).block(); - verify(firstHandler).handle(this.exchange, null); verify(secondHandler, never()).handle(this.exchange, null); verify(this.accessDeniedHandler, never()).handle(this.exchange, null); @@ -101,13 +95,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(secondMatcher.matches(this.exchange)).willReturn(MatchResult.match()); given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty()); given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(firstMatcher, firstHandler)); this.entries.add(new DelegateEntry(secondMatcher, secondHandler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); - this.delegator.handle(this.exchange, null).block(); - verify(secondHandler).handle(this.exchange, null); verify(firstHandler, never()).handle(this.exchange, null); verify(this.accessDeniedHandler, never()).handle(this.exchange, null); diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java index 1c216cfcde..fd2c7c08d9 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java @@ -39,10 +39,8 @@ public class NoOpServerSecurityContextRepositoryTests { @Test public void saveAndLoad() { SecurityContext context = new SecurityContextImpl(); - Mono result = this.repository.save(this.exchange, context) .then(this.repository.load(this.exchange)); - StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java index f74e15e195..ccc686bf6c 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java @@ -78,7 +78,6 @@ public class ReactorContextWebFilterTests { @Test public void filterWhenNoPrincipalAccessThenNoInteractions() { this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -88,9 +87,7 @@ public class ReactorContextWebFilterTests { ReactiveSecurityContextHolder.getContext(); return c.filter(e); }); - this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -101,9 +98,7 @@ public class ReactorContextWebFilterTests { this.handler = WebTestHandler.bindToWebFilters(this.filter, (e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) .doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)).flatMap((p) -> c.filter(e))); - WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -112,7 +107,6 @@ public class ReactorContextWebFilterTests { public void filterWhenMainContextThenDoesNotOverride() { String contextKey = "main"; WebFilter mainContextWebFilter = (e, c) -> c.filter(e).subscriberContext(Context.of(contextKey, true)); - WebFilterChain chain = new DefaultWebFilterChain((e) -> Mono.empty(), mainContextWebFilter, this.filter); Mono filter = chain.filter(MockServerWebExchange.from(this.exchange.build())); StepVerifier.create(filter).expectAccessibleContext().hasKey(contextKey).then().verifyComplete(); diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java index 63cb704adc..e6cdb78402 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java @@ -51,7 +51,6 @@ public class SecurityContextServerWebExchangeWebFilterTests { .doOnSuccess((context) -> assertThat(context.get("foo")).isEqualTo("bar")).then())) .subscriberContext((context) -> context.put("foo", "bar")) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); - StepVerifier.create(result).verifyComplete(); } @@ -64,7 +63,6 @@ public class SecurityContextServerWebExchangeWebFilterTests { (contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)) .then())) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); - StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java index 1ecf1e7fdf..4d5dc45ac0 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java @@ -40,9 +40,7 @@ public class WebSessionServerSecurityContextRepositoryTests { public void saveAndLoadWhenDefaultsThenFound() { SecurityContext expected = new SecurityContextImpl(); this.repository.save(this.exchange, expected).block(); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isEqualTo(expected); } @@ -51,14 +49,10 @@ public class WebSessionServerSecurityContextRepositoryTests { String attrName = "attr"; this.repository.setSpringSecurityContextAttrName(attrName); SecurityContext expected = new SecurityContextImpl(); - this.repository.save(this.exchange, expected).block(); - WebSession session = this.exchange.getSession().block(); assertThat(session.getAttribute(attrName)).isEqualTo(expected); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isEqualTo(expected); } @@ -67,9 +61,7 @@ public class WebSessionServerSecurityContextRepositoryTests { SecurityContext context = new SecurityContextImpl(); this.repository.save(this.exchange, context).block(); this.repository.save(this.exchange, null).block(); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java index e03083109b..d16f131920 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java @@ -64,14 +64,12 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void generateTokenWhenCustomHeaderThenCustomHeader() { setExpectedHeaderName("someHeader"); - generateTokenAndAssertExpectedValues(); } @Test public void generateTokenWhenCustomParameterThenCustomParameter() { setExpectedParameterName("someParam"); - generateTokenAndAssertExpectedValues(); } @@ -79,14 +77,12 @@ public class CookieServerCsrfTokenRepositoryTests { public void generateTokenWhenCustomHeaderAndParameterThenCustomHeaderAndParameter() { setExpectedHeaderName("someHeader"); setExpectedParameterName("someParam"); - generateTokenAndAssertExpectedValues(); } @Test public void saveTokenWhenNoSubscriptionThenNotWritten() { this.csrfTokenRepository.saveToken(this.exchange, createToken()); - assertThat(this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName)).isNull(); } @@ -103,7 +99,6 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void saveTokenWhenHttpOnlyFalseThenHttpOnlyFalse() { setExpectedHttpOnly(false); - saveAndAssertExpectedValues(createToken()); } @@ -114,7 +109,6 @@ public class CookieServerCsrfTokenRepositoryTests { setExpectedPath("/some/path"); setExpectedHeaderName("headerName"); setExpectedParameterName("paramName"); - saveAndAssertExpectedValues(createToken()); } @@ -128,7 +122,6 @@ public class CookieServerCsrfTokenRepositoryTests { setExpectedParameterName("paramName"); setExpectedHeaderName("headerName"); setExpectedCookieName("csrfCookie"); - saveAndAssertExpectedValues(createToken()); } @@ -141,14 +134,12 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void loadTokenWhenCookieExistsWithNoValue() { setExpectedCookieValue(""); - loadAndAssertExpectedValues(); } @Test public void loadTokenWhenCookieExistsWithNullValue() { setExpectedCookieValue(null); - loadAndAssertExpectedValues(); } @@ -190,9 +181,7 @@ public class CookieServerCsrfTokenRepositoryTests { MockServerHttpRequest.BodyBuilder request = MockServerHttpRequest.post("/someUri") .cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue)); this.exchange = MockServerWebExchange.from(request); - CsrfToken csrfToken = this.csrfTokenRepository.loadToken(this.exchange).block(); - if (StringUtils.hasText(this.expectedCookieValue)) { assertThat(csrfToken).isNotNull(); assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName); @@ -209,11 +198,8 @@ public class CookieServerCsrfTokenRepositoryTests { this.expectedMaxAge = Duration.ofSeconds(0); this.expectedCookieValue = ""; } - this.csrfTokenRepository.saveToken(this.exchange, token).block(); - ResponseCookie cookie = this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName); - assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isEqualTo(this.expectedMaxAge); assertThat(cookie.getDomain()).isEqualTo(this.expectedDomain); @@ -226,7 +212,6 @@ public class CookieServerCsrfTokenRepositoryTests { private void generateTokenAndAssertExpectedValues() { CsrfToken csrfToken = this.csrfTokenRepository.generateToken(this.exchange).block(); - assertThat(csrfToken).isNotNull(); assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName); assertThat(csrfToken.getParameterName()).isEqualTo(this.expectedParameterName); diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java index 5acdbd3569..60ced8c233 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java @@ -70,7 +70,6 @@ public class CsrfServerLogoutHandlerTests { public void logoutRemovesCsrfToken() { this.handler.logout(this.filterExchange, new TestingAuthenticationToken("user", "password", "ROLE_USER")) .block(); - verify(this.csrfTokenRepository).saveToken(this.exchange, null); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java index 564a3d2e62..3d26430c07 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java @@ -70,23 +70,17 @@ public class CsrfWebFilterTests { public void filterWhenGetThenSessionNotCreatedAndChainContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(this.get)).willReturn(chainResult.mono()); - Mono result = this.csrfFilter.filter(this.get, this.chain); - StepVerifier.create(result).verifyComplete(); - Mono isSessionStarted = this.get.getSession().map(WebSession::isStarted); StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); - chainResult.assertWasSubscribed(); } @Test public void filterWhenPostAndNoTokenThenCsrfException() { Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -94,11 +88,8 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -108,11 +99,8 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/") .body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID")); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -120,18 +108,14 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamValidTokenThenContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange .from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) .body(this.token.getParameterName() + "=" + this.token.getToken())); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - chainResult.assertWasSubscribed(); } @@ -141,11 +125,8 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange.from( MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID")); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -153,17 +134,13 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndHeaderValidTokenThenContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - chainResult.assertWasSubscribed(); } @@ -172,7 +149,6 @@ public class CsrfWebFilterTests { public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() { MockServerWebExchange nonStandardHttpExchange = MockServerWebExchange .from(MockServerHttpRequest.method("non-standard-http-method", "/")); - ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER; assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block()) .isTrue(); @@ -182,14 +158,11 @@ public class CsrfWebFilterTests { public void doFilterWhenSkipExchangeInvokedThenSkips() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class); this.csrfFilter.setRequireCsrfProtectionMatcher(matcher); - MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/post").build()); CsrfWebFilter.skipExchange(exchange); this.csrfFilter.filter(exchange, this.chain).block(); - verifyZeroInteractions(matcher); } @@ -197,9 +170,7 @@ public class CsrfWebFilterTests { public void filterWhenMultipartFormDataAndNotEnabledThenDenied() { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() .expectStatus().isForbidden(); @@ -211,9 +182,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() .expectStatus().is2xxSuccessful(); @@ -225,9 +194,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() .is2xxSuccessful(); @@ -238,9 +205,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setCsrfTokenRepository(this.repository); this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_MIXED) .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() .isForbidden(); diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java index ba2cd59a9e..97adcbaece 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java @@ -41,18 +41,14 @@ public class WebSessionServerCsrfTokenRepositoryTests { @Test public void generateTokenThenNoSession() { Mono result = this.repository.generateToken(this.exchange); - Mono isSessionStarted = this.exchange.getSession().map(WebSession::isStarted); - StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); } @Test public void generateTokenWhenSubscriptionThenNoSession() { Mono result = this.repository.generateToken(this.exchange); - Mono isSessionStarted = this.exchange.getSession().map(WebSession::isStarted); - StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); } @@ -61,10 +57,8 @@ public class WebSessionServerCsrfTokenRepositoryTests { Mono result = this.repository.generateToken(this.exchange) .delayUntil((t) -> this.repository.saveToken(this.exchange, t)); result.block(); - WebSession session = this.exchange.getSession().block(); Map attributes = session.getAttributes(); - assertThat(session.isStarted()).isTrue(); assertThat(attributes).hasSize(1); assertThat(attributes.values().iterator().next()).isInstanceOf(CsrfToken.class); @@ -73,12 +67,9 @@ public class WebSessionServerCsrfTokenRepositoryTests { @Test public void saveTokenWhenNullThenDeletes() { CsrfToken token = this.repository.generateToken(this.exchange).block(); - Mono result = this.repository.saveToken(this.exchange, null); StepVerifier.create(result).verifyComplete(); - WebSession session = this.exchange.getSession().block(); - assertThat(session.getAttributes()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java index 4b7db815ec..6ff6384f58 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java @@ -42,7 +42,6 @@ public class CacheControlServerHttpHeadersWriterTests { @Test public void writeHeadersWhenCacheHeadersThenWritesAllCacheControl() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(3); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); @@ -54,11 +53,8 @@ public class CacheControlServerHttpHeadersWriterTests { @Test public void writeHeadersWhenCacheControlThenNoCacheControlHeaders() { String cacheControl = "max-age=1234"; - this.headers.set(HttpHeaders.CACHE_CONTROL, cacheControl); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(cacheControl); } @@ -66,9 +62,7 @@ public class CacheControlServerHttpHeadersWriterTests { public void writeHeadersWhenPragmaThenNoCacheControlHeaders() { String pragma = "1"; this.headers.set(HttpHeaders.PRAGMA, pragma); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma); } @@ -77,9 +71,7 @@ public class CacheControlServerHttpHeadersWriterTests { public void writeHeadersWhenExpiresThenNoCacheControlHeaders() { String expires = "1"; this.headers.set(HttpHeaders.EXPIRES, expires); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.EXPIRES)).containsOnly(expires); } @@ -88,9 +80,7 @@ public class CacheControlServerHttpHeadersWriterTests { // gh-5534 public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() { this.exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java index ff8a0c0020..fb2a9ec540 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java @@ -48,9 +48,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL); ServerWebExchange secureExchange = MockServerWebExchange .from(MockServerHttpRequest.get("https://localhost").build()); - writer.writeHttpHeaders(secureExchange); - assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.ALL); } @@ -58,9 +56,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { public void writeHttpHeadersWhenInsecureConnectionThenHeaderNotWritten() { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL); ServerWebExchange insecureExchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - writer.writeHttpHeaders(insecureExchange); - assertThat(insecureExchange.getResponse()).doesNotHaveClearSiteDataHeaderSet(); } @@ -70,9 +66,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { Directive.COOKIES); ServerWebExchange secureExchange = MockServerWebExchange .from(MockServerHttpRequest.get("https://localhost").build()); - writer.writeHttpHeaders(secureExchange); - assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.CACHE, Directive.COOKIES); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java index 9a72024092..c400c13a21 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java @@ -63,22 +63,16 @@ public class CompositeServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenErrorNoErrorThenError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException())); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectError().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); } @Test public void writeHttpHeadersWhenErrorErrorThenError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException())); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectError().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); } @@ -86,11 +80,8 @@ public class CompositeServerHttpHeadersWriterTests { public void writeHttpHeadersWhenNoErrorThenNoError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.empty()); given(this.writer2.writeHttpHeaders(this.exchange)).willReturn(Mono.empty()); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectComplete().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); verify(this.writer2).writeHttpHeaders(this.exchange); } @@ -106,9 +97,7 @@ public class CompositeServerHttpHeadersWriterTests { assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); }); CompositeServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(slow, second); - writer.writeHttpHeaders(this.exchange).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java index 4c844d54cd..bc4a007c6b 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java @@ -48,7 +48,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -57,7 +56,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) @@ -69,7 +67,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.setReportOnly(true); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY)) @@ -80,7 +77,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenOnlyReportOnlySetThenDoesNotWrite() { this.writer.setReportOnly(true); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -91,7 +87,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { this.exchange.getResponse().getHeaders() .set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) diff --git a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java index 9195a1ad68..a0fd03f3ce 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java @@ -48,7 +48,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -57,7 +56,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)) @@ -70,7 +68,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { String headerValue = "camera: 'self'"; this.exchange.getResponse().getHeaders().set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java index 094f329b3b..b953e78c2f 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java @@ -55,22 +55,16 @@ public class HttpHeaderWriterWebFilterTests { @Test public void filterWhenCompleteThenWritten() { WebTestClient rest = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - rest.get().uri("/foo").exchange(); - verify(this.writer).writeHttpHeaders(any()); } @Test public void filterWhenNotCompleteThenNotWritten() { WebTestHandler handler = WebTestHandler.bindToWebFilters(this.filter); - WebHandlerResult result = handler.exchange(MockServerHttpRequest.get("/foo")); - verify(this.writer, never()).writeHttpHeaders(any()); - result.getExchange().getResponse().setComplete().block(); - verify(this.writer).writeHttpHeaders(any()); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java index 1f6a0a88a7..8502d1192a 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java @@ -47,7 +47,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) @@ -58,7 +57,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicy(ReferrerPolicy.SAME_ORIGIN); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) @@ -71,7 +69,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { this.exchange.getResponse().getHeaders().set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java index 94e98b9d7a..86809627fc 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java @@ -43,7 +43,6 @@ public class StaticServerHttpHeadersWriterTests { @Test public void writeHeadersWhenSingleHeaderThenWritesHeader() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); } @@ -52,9 +51,7 @@ public class StaticServerHttpHeadersWriterTests { public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() { String headerValue = "other"; this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(headerValue); } @@ -65,9 +62,7 @@ public class StaticServerHttpHeadersWriterTests { .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE); @@ -79,14 +74,11 @@ public class StaticServerHttpHeadersWriterTests { public void writeHeadersWhenMultiHeaderAndSingleWrittenThenNoHeadersOverridden() { String headerValue = "other"; this.headers.set(HttpHeaders.CACHE_CONTROL, headerValue); - this.writer = StaticServerHttpHeadersWriter.builder() .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java index 351e3515c3..6f61d730d7 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java @@ -41,9 +41,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenHttpsThenWrites() { this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -55,9 +53,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { Duration maxAge = Duration.ofDays(1); this.hsts.setMaxAge(maxAge); this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -68,9 +64,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { public void writeHttpHeadersWhenCustomIncludeSubDomainsThenWrites() { this.hsts.setIncludeSubDomains(false); this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -80,9 +74,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenNullSchemeThenNoHeaders() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -90,9 +82,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenHttpThenNoHeaders() { this.exchange = exchange(MockServerHttpRequest.get("http://localhost/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java index a6765baa97..15dcbd9892 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java @@ -40,7 +40,6 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenNoHeadersThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); @@ -50,9 +49,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() { String headerValue = "value"; this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java index 4c078b24ac..48e50ebae8 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java @@ -44,7 +44,6 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenWritesDeny() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY"); @@ -53,9 +52,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() { this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY"); @@ -64,9 +61,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() { this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN"); @@ -76,9 +71,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { public void writeHeadersWhenAlreadyWrittenThenWritesHeader() { String headerValue = "other"; this.exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java index 8e012d0721..f29a3397d7 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java @@ -40,7 +40,6 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenNoHeadersThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) .containsOnly("1 ; mode=block"); @@ -49,9 +48,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenBlockFalseThenWriteHeaders() { this.writer.setBlock(false); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1"); } @@ -59,9 +56,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenEnabledFalseThenWriteHeaders() { this.writer.setEnabled(false); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0"); } @@ -70,9 +65,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() { String headerValue = "value"; this.headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue); } diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java index e5aaaa6d70..3a1a9f246e 100644 --- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java @@ -43,7 +43,6 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests { + "\"token\": \"1\"" + "}"; // @formatter:on - @Test public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException { DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1"); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java index 7bd21e0963..a80359be8e 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java @@ -45,7 +45,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); @@ -60,7 +59,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); @@ -75,7 +73,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies).isEmpty(); } @@ -84,7 +81,6 @@ public class CookieServerRequestCacheTests { public void saveRequestWhenPostRequestThenNoCookie() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies).isEmpty(); } @@ -94,11 +90,9 @@ public class CookieServerRequestCacheTests { this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); assertThat(cookie).isNotNull(); - String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); assertThat(cookie.toString()) .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); @@ -109,9 +103,7 @@ public class CookieServerRequestCacheTests { String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl))); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isEqualTo(URI.create("/secured/")); } @@ -119,9 +111,7 @@ public class CookieServerRequestCacheTests { public void getRedirectUriWhenCookieValueNotEncodedThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isNull(); } @@ -129,9 +119,7 @@ public class CookieServerRequestCacheTests { public void getRedirectUriWhenNoCookieThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isNull(); } @@ -139,9 +127,7 @@ public class CookieServerRequestCacheTests { public void removeMatchingRequestThenRedirectUriCookieExpired() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); - this.cache.removeMatchingRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); assertThat(cookie).isNotNull(); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java index 5652b680f0..82224c5432 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java @@ -70,9 +70,7 @@ public class ServerRequestCacheWebFilterTests { ServerHttpRequest savedRequest = MockServerHttpRequest.get("/") .header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build(); given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest)); - this.requestCacheFilter.filter(exchange, this.chain).block(); - verify(this.chain).filter(this.exchangeCaptor.capture()); ServerWebExchange updatedExchange = this.exchangeCaptor.getValue(); assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest); @@ -83,9 +81,7 @@ public class ServerRequestCacheWebFilterTests { MockServerHttpRequest initialRequest = MockServerHttpRequest.get("/").build(); ServerWebExchange exchange = MockServerWebExchange.from(initialRequest); given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.empty()); - this.requestCacheFilter.filter(exchange, this.chain).block(); - verify(this.chain).filter(this.exchangeCaptor.capture()); ServerWebExchange updatedExchange = this.exchangeCaptor.getValue(); assertThat(updatedExchange.getRequest()).isEqualTo(initialRequest); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java index 4f1c45a04b..35b2a95082 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java @@ -41,9 +41,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -52,9 +50,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -63,9 +59,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isNull(); } @@ -73,7 +67,6 @@ public class WebSessionServerRequestCacheTests { public void saveRequestGetRequestWhenPostThenNotFound() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - assertThat(this.cache.getRedirectUri(exchange).block()).isNull(); } @@ -82,9 +75,7 @@ public class WebSessionServerRequestCacheTests { this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -93,9 +84,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block(); - assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI()); } @@ -103,9 +92,7 @@ public class WebSessionServerRequestCacheTests { public void removeRequestGetRequestWhenDefaultThenNotFound() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")); this.cache.saveRequest(exchange).block(); - this.cache.removeMatchingRequest(exchange).block(); - assertThat(this.cache.getRedirectUri(exchange).block()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java index dfff77d0a2..38cf2bf214 100644 --- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java @@ -78,7 +78,6 @@ public class HttpsRedirectWebFilterTests { given(matcher.matches(any(ServerWebExchange.class))) .willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); this.filter.setRequiresHttpsRedirectMatcher(matcher); - ServerWebExchange exchange = get("http://localhost:8080"); this.filter.filter(exchange, this.chain).block(); assertThat(exchange.getResponse().getStatusCode()).isNull(); @@ -89,12 +88,10 @@ public class HttpsRedirectWebFilterTests { ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class); given(matcher.matches(any(ServerWebExchange.class))).willReturn(ServerWebExchangeMatcher.MatchResult.match()); this.filter.setRequiresHttpsRedirectMatcher(matcher); - ServerWebExchange exchange = get("http://localhost:8080"); this.filter.filter(exchange, this.chain).block(); assertThat(statusCode(exchange)).isEqualTo(302); assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:8443"); - verify(matcher).matches(any(ServerWebExchange.class)); } @@ -103,12 +100,10 @@ public class HttpsRedirectWebFilterTests { PortMapper portMapper = mock(PortMapper.class); given(portMapper.lookupHttpsPort(314)).willReturn(159); this.filter.setPortMapper(portMapper); - ServerWebExchange exchange = get("http://localhost:314"); this.filter.filter(exchange, this.chain).block(); assertThat(statusCode(exchange)).isEqualTo(302); assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:159"); - verify(portMapper).lookupHttpsPort(314); } diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java index 6bedbadcc9..ccade95ad8 100644 --- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java @@ -30,12 +30,9 @@ public class LoginPageGeneratingWebFilterTests { public void filterWhenLoginWithContextPathThenActionContainsContextPath() throws Exception { LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter(); filter.setFormLoginEnabled(true); - MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/test/login").contextPath("/test")); - filter.filter(exchange, (e) -> Mono.empty()).block(); - assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/login\""); } @@ -43,11 +40,8 @@ public class LoginPageGeneratingWebFilterTests { public void filterWhenLoginWithNoContextPathThenActionDoesNotContainsContextPath() throws Exception { LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter(); filter.setFormLoginEnabled(true); - MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/login")); - filter.filter(exchange, (e) -> Mono.empty()).block(); - assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/login\""); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java index 4c94122877..ab34e4928c 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java @@ -61,14 +61,11 @@ public class AndServerWebExchangeMatcherTests { Map params2 = Collections.singletonMap("x", "y"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params1)); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params2)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).hasSize(2); assertThat(matches.getVariables()).containsAllEntriesOf(params1); assertThat(matches.getVariables()).containsAllEntriesOf(params2); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -76,12 +73,9 @@ public class AndServerWebExchangeMatcherTests { @Test public void matchesWhenFalseFalseThenFalseAndMatcher2NotInvoked() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } @@ -91,12 +85,9 @@ public class AndServerWebExchangeMatcherTests { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -104,12 +95,9 @@ public class AndServerWebExchangeMatcherTests { @Test public void matchesWhenFalseTrueThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java index b01d0bd778..57b0fa3ba1 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java @@ -64,7 +64,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptEqualThenMatch() { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); - assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue(); } @@ -73,7 +72,6 @@ public class MediaTypeServerWebExchangeMatcherTests { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue(); } @@ -82,7 +80,6 @@ public class MediaTypeServerWebExchangeMatcherTests { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(matcher.matches(exchange(MediaType.ALL)).block().isMatch()).isFalse(); } @@ -90,7 +87,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptImpliedThenMatch() { MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher( MediaType.parseMediaTypes("text/*")); - assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isTrue(); } @@ -98,7 +94,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptImpliedAndUseEqualsThenNotMatch() { MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(MediaType.ALL); matcher.setUseEquals(true); - assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java index 56684e0e01..8636ed1b1d 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java @@ -51,24 +51,18 @@ public class NegatedServerWebExchangeMatcherTests { @Test public void matchesWhenFalseThenTrue() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); } @Test public void matchesWhenTrueThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java index 2bdc51806a..ee9b08d81c 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java @@ -59,12 +59,9 @@ public class OrServerWebExchangeMatcherTests { public void matchesWhenFalseFalseThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -73,12 +70,9 @@ public class OrServerWebExchangeMatcherTests { public void matchesWhenTrueFalseThenTrueAndMatcher2NotInvoked() { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEqualTo(params); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } @@ -88,12 +82,9 @@ public class OrServerWebExchangeMatcherTests { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEqualTo(params); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java index b44fa173bb..3bf61f4487 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java @@ -62,7 +62,6 @@ public class PathMatcherServerWebExchangeMatcherTests { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); this.exchange = MockServerWebExchange.from(request); this.path = "/path"; - this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern); } @@ -81,14 +80,12 @@ public class PathMatcherServerWebExchangeMatcherTests { given(this.pattern.matches(any())).willReturn(true); given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo); given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @Test public void matchesWhenPathMatcherFalseThenReturnFalse() { given(this.pattern.matches(any())).willReturn(false); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @@ -99,7 +96,6 @@ public class PathMatcherServerWebExchangeMatcherTests { given(this.pattern.matches(any())).willReturn(true); given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo); given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @@ -108,9 +104,7 @@ public class PathMatcherServerWebExchangeMatcherTests { HttpMethod method = HttpMethod.OPTIONS; assertThat(this.exchange.getRequest().getMethod()).isNotEqualTo(method); this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern, method); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); - verifyZeroInteractions(this.pattern); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java index 80f9430b94..62ceb878c2 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java @@ -68,9 +68,7 @@ public class ServerWebExchangeMatchersTests { @Test public void anyExchangeWhenMockThenMatches() { ServerWebExchange mockExchange = mock(ServerWebExchange.class); - assertThat(ServerWebExchangeMatchers.anyExchange().matches(mockExchange).block().isMatch()).isTrue(); - verifyZeroInteractions(mockExchange); } diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java index b227f2ed86..4e97fec869 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java @@ -49,10 +49,8 @@ public class CsrfRequestDataValueProcessorTests { public void setup() { this.request = new MockHttpServletRequest(); this.processor = new CsrfRequestDataValueProcessor(); - this.token = new DefaultCsrfToken("1", "a", "b"); this.request.setAttribute(CsrfToken.class.getName(), this.token); - this.expected.put(this.token.getParameterName(), this.token.getToken()); } @@ -132,7 +130,6 @@ public class CsrfRequestDataValueProcessorTests { this.request.setAttribute(CsrfToken.class.getName(), token); Map expected = new HashMap<>(); expected.put(token.getParameterName(), token.getToken()); - RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor(); assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java index 867d3ff476..d579003787 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java @@ -73,7 +73,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesSuccess() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path"); assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path"); } @@ -83,7 +82,6 @@ public class MvcRequestMatcherTests { given(this.result.extractUriTemplateVariables()).willReturn(Collections.emptyMap()); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @@ -92,7 +90,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesDefaultSuccess() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path"); assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path"); } @@ -101,7 +98,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesDefaultFail() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/nomatch/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @@ -112,7 +108,6 @@ public class MvcRequestMatcherTests { given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); this.matcher.setServletPath("/spring"); this.request.setServletPath("/spring"); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -121,7 +116,6 @@ public class MvcRequestMatcherTests { public void matchesServletPathFalse() { this.matcher.setServletPath("/spring"); this.request.setServletPath("/"); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -129,7 +123,6 @@ public class MvcRequestMatcherTests { public void matchesPathOnlyTrue() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -137,7 +130,6 @@ public class MvcRequestMatcherTests { @Test public void matchesDefaultMatches() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -145,14 +137,12 @@ public class MvcRequestMatcherTests { public void matchesDefaultDoesNotMatch() throws Exception { this.request.setServletPath("/other"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.matches(this.request)).isFalse(); } @Test public void matchesPathOnlyFalse() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -161,7 +151,6 @@ public class MvcRequestMatcherTests { this.matcher.setMethod(HttpMethod.GET); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -169,7 +158,6 @@ public class MvcRequestMatcherTests { @Test public void matchesMethodAndPathFalseMethod() { this.matcher.setMethod(HttpMethod.POST); - assertThat(this.matcher.matches(this.request)).isFalse(); // method compare should be done first since faster verifyZeroInteractions(this.introspector); @@ -184,7 +172,6 @@ public class MvcRequestMatcherTests { public void matchesInvalidMethodOnRequest() { this.matcher.setMethod(HttpMethod.GET); this.request.setMethod("invalid"); - assertThat(this.matcher.matches(this.request)).isFalse(); // method compare should be done first since faster verifyZeroInteractions(this.introspector); @@ -194,7 +181,6 @@ public class MvcRequestMatcherTests { public void matchesMethodAndPathFalsePath() throws Exception { this.matcher.setMethod(HttpMethod.GET); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -214,21 +200,18 @@ public class MvcRequestMatcherTests { public void toStringWhenAll() { this.matcher.setMethod(HttpMethod.GET); this.matcher.setServletPath("/spring"); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring', GET]"); } @Test public void toStringWhenHttpMethod() { this.matcher.setMethod(HttpMethod.GET); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', GET]"); } @Test public void toStringWhenServletPath() { this.matcher.setServletPath("/spring"); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring']"); } diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java index 8721b35d2e..0f59497165 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java @@ -116,15 +116,11 @@ public class SecurityContextHolderAwareRequestFilterTests { @Test public void expectedRequestWrapperClassIsUsed() throws Exception { this.filter.setRolePrefix("ROLE_"); - this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain); - // Now re-execute the filter, ensuring our replacement wrapper is still used this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain); - verify(this.filterChain, times(2)).doFilter(any(SecurityContextHolderAwareRequestWrapper.class), any(HttpServletResponse.class)); - this.filter.destroy(); } @@ -141,7 +137,6 @@ public class SecurityContextHolderAwareRequestFilterTests { public void authenticateTrue() throws Exception { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER")); - assertThat(wrappedRequest().authenticate(this.response)).isTrue(); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); verify(this.request, times(0)).authenticate(any(HttpServletResponse.class)); @@ -151,7 +146,6 @@ public class SecurityContextHolderAwareRequestFilterTests { public void authenticateNullEntryPointFalse() throws Exception { this.filter.setAuthenticationEntryPoint(null); this.filter.afterPropertiesSet(); - assertThat(wrappedRequest().authenticate(this.response)).isFalse(); verify(this.request).authenticate(this.response); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); @@ -162,7 +156,6 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.authenticate(this.response)).willReturn(true); this.filter.setAuthenticationEntryPoint(null); this.filter.afterPropertiesSet(); - assertThat(wrappedRequest().authenticate(this.response)).isTrue(); verify(this.request).authenticate(this.response); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); @@ -173,9 +166,7 @@ public class SecurityContextHolderAwareRequestFilterTests { TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willReturn(expectedAuth); - wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials())); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth); verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler); verify(this.request, times(0)).login(anyString(), anyString()); @@ -188,7 +179,6 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(expectedAuth); - try { wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials())); fail("Expected Exception"); @@ -205,7 +195,6 @@ public class SecurityContextHolderAwareRequestFilterTests { AuthenticationException authException = new BadCredentialsException("Invalid"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willThrow(authException); - try { wrappedRequest().login("invalid", "credentials"); fail("Expected Exception"); @@ -214,7 +203,6 @@ public class SecurityContextHolderAwareRequestFilterTests { assertThat(success.getCause()).isEqualTo(authException); } assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); - verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler); verify(this.request, times(0)).login(anyString(), anyString()); } @@ -223,12 +211,9 @@ public class SecurityContextHolderAwareRequestFilterTests { public void loginNullAuthenticationManager() throws Exception { this.filter.setAuthenticationManager(null); this.filter.afterPropertiesSet(); - String username = "username"; String password = "password"; - wrappedRequest().login(username, password); - verify(this.request).login(username, password); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -237,12 +222,10 @@ public class SecurityContextHolderAwareRequestFilterTests { public void loginNullAuthenticationManagerFail() throws Exception { this.filter.setAuthenticationManager(null); this.filter.afterPropertiesSet(); - String username = "username"; String password = "password"; ServletException authException = new ServletException("Failed Login"); willThrow(authException).given(this.request).login(username, password); - try { wrappedRequest().login(username, password); fail("Expected Exception"); @@ -250,7 +233,6 @@ public class SecurityContextHolderAwareRequestFilterTests { catch (ServletException success) { assertThat(success).isEqualTo(authException); } - verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -258,10 +240,8 @@ public class SecurityContextHolderAwareRequestFilterTests { public void logout() throws Exception { TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(expectedAuth); - HttpServletRequest wrappedRequest = wrappedRequest(); wrappedRequest.logout(); - verify(this.logoutHandler).logout(wrappedRequest, this.response, expectedAuth); verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(this.request, times(0)).logout(); @@ -271,9 +251,7 @@ public class SecurityContextHolderAwareRequestFilterTests { public void logoutNullLogoutHandler() throws Exception { this.filter.setLogoutHandlers(null); this.filter.afterPropertiesSet(); - wrappedRequest().logout(); - verify(this.request).logout(); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -295,9 +273,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.getAsyncContext()).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().getAsyncContext().start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -317,9 +293,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.startAsync()).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().startAsync().start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -339,9 +313,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.startAsync(this.request, this.response)).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().startAsync(this.request, this.response).start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -356,14 +328,12 @@ public class SecurityContextHolderAwareRequestFilterTests { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER")); this.filter.setRolePrefix("PREFIX_"); - assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue(); } private HttpServletRequest wrappedRequest() throws Exception { this.filter.doFilter(this.request, this.response, this.filterChain); verify(this.filterChain).doFilter(this.requestCaptor.capture(), any(HttpServletResponse.class)); - return this.requestCaptor.getValue(); } diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java index d15db55802..f7df38e78b 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java @@ -44,12 +44,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testCorrectOperationWithStringBasedPrincipal() { Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isEqualTo("rod"); assertThat(wrapper.isUserInRole("ROLE_FOO")).isTrue(); assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse(); @@ -60,13 +57,10 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testUseOfRolePrefixMeansItIsntNeededWhenCallngIsUserInRole() { Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("FOO")).isTrue(); } @@ -76,12 +70,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { new User("rodAsUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isEqualTo("rodAsUserDetails"); assertThat(wrapper.isUserInRole("ROLE_FOO")).isFalse(); assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse(); @@ -93,10 +84,8 @@ public class SecurityContextHolderAwareRequestWrapperTests { @Test public void testRoleIsntHeldIfAuthenticationIsNull() { SecurityContextHolder.getContext().setAuthentication(null); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); assertThat(wrapper.getRemoteUser()).isNull(); assertThat(wrapper.isUserInRole("ROLE_ANY")).isFalse(); @@ -107,12 +96,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolesArentHeldIfAuthenticationPrincipalIsNull() { Authentication auth = new TestingAuthenticationToken(null, "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isNull(); assertThat(wrapper.isUserInRole("ROLE_HELLO")).isFalse(); // principal is null, so // reject @@ -125,12 +111,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolePrefix() { Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("HELLO")).isTrue(); assertThat(wrapper.isUserInRole("FOOBAR")).isTrue(); } @@ -140,12 +123,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolePrefixNotAppliedIfRoleStartsWith() { Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("ROLE_HELLO")).isTrue(); assertThat(wrapper.isUserInRole("ROLE_FOOBAR")).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java index 6754bc5701..558fdce2c5 100644 --- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java @@ -43,9 +43,7 @@ public class DefaultSessionAuthenticationStrategyTests { public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() { SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy(); HttpServletRequest request = new MockHttpServletRequest(); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(request.getSession(false)).isNull(); } @@ -54,9 +52,7 @@ public class DefaultSessionAuthenticationStrategyTests { SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy(); HttpServletRequest request = new MockHttpServletRequest(); String sessionId = request.getSession().getId(); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(sessionId.equals(request.getSession().getId())).isFalse(); } @@ -69,21 +65,15 @@ public class DefaultSessionAuthenticationStrategyTests { session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); String oldSessionId = session.getId(); - ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class); strategy.setApplicationEventPublisher(eventPublisher); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - ArgumentCaptor eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class); verify(eventPublisher).publishEvent(eventArgumentCaptor.capture()); - assertThat(oldSessionId.equals(request.getSession().getId())).isFalse(); assertThat(request.getSession().getAttribute("blah")).isNotNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); - assertThat(eventArgumentCaptor.getValue()).isNotNull(); assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue(); SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue(); @@ -101,9 +91,7 @@ public class DefaultSessionAuthenticationStrategyTests { HttpSession session = request.getSession(); session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(request.getSession().getAttribute("blah")).isNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); } @@ -118,20 +106,14 @@ public class DefaultSessionAuthenticationStrategyTests { session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); String oldSessionId = session.getId(); - ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class); strategy.setApplicationEventPublisher(eventPublisher); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - ArgumentCaptor eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class); verify(eventPublisher).publishEvent(eventArgumentCaptor.capture()); - assertThat(request.getSession().getAttribute("blah")).isNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); - assertThat(eventArgumentCaptor.getValue()).isNotNull(); assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue(); SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue(); @@ -155,11 +137,8 @@ public class DefaultSessionAuthenticationStrategyTests { HttpServletRequest request = new MockHttpServletRequest(); HttpSession session = request.getSession(); session.setMaxInactiveInterval(1); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - assertThat(request.getSession().getMaxInactiveInterval()).isEqualTo(1); } @@ -170,11 +149,8 @@ public class DefaultSessionAuthenticationStrategyTests { HttpServletRequest request = new MockHttpServletRequest(); HttpSession session = request.getSession(); session.setMaxInactiveInterval(1); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - assertThat(request.getSession().getMaxInactiveInterval()).isNotEqualTo(1); } diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java index 1ddf4f5cec..be04e536eb 100644 --- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java +++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java @@ -40,35 +40,25 @@ public class HttpSessionEventPublisherTests { @Test public void publishedEventIsReceivedbyListener() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); - StaticWebApplicationContext context = new StaticWebApplicationContext(); - MockServletContext servletContext = new MockServletContext(); servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context); - context.setServletContext(servletContext); context.registerSingleton("listener", MockApplicationListener.class, null); context.refresh(); - MockHttpSession session = new MockHttpSession(servletContext); MockApplicationListener listener = (MockApplicationListener) context.getBean("listener"); - HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); - assertThat(listener.getCreatedEvent()).isNotNull(); assertThat(listener.getDestroyedEvent()).isNull(); assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session); - listener.setCreatedEvent(null); listener.setDestroyedEvent(null); - publisher.sessionDestroyed(event); assertThat(listener.getDestroyedEvent()).isNotNull(); assertThat(listener.getCreatedEvent()).isNull(); assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session); - publisher.sessionIdChanged(event, "oldSessionId"); assertThat(listener.getSessionIdChangedEvent()).isNotNull(); assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId"); @@ -78,35 +68,25 @@ public class HttpSessionEventPublisherTests { @Test public void publishedEventIsReceivedbyListenerChildContext() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); - StaticWebApplicationContext context = new StaticWebApplicationContext(); - MockServletContext servletContext = new MockServletContext(); servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context); - context.setServletContext(servletContext); context.registerSingleton("listener", MockApplicationListener.class, null); context.refresh(); - MockHttpSession session = new MockHttpSession(servletContext); MockApplicationListener listener = (MockApplicationListener) context.getBean("listener"); - HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); - assertThat(listener.getCreatedEvent()).isNotNull(); assertThat(listener.getDestroyedEvent()).isNull(); assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session); - listener.setCreatedEvent(null); listener.setDestroyedEvent(null); - publisher.sessionDestroyed(event); assertThat(listener.getDestroyedEvent()).isNotNull(); assertThat(listener.getCreatedEvent()).isNull(); assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session); - publisher.sessionIdChanged(event, "oldSessionId"); assertThat(listener.getSessionIdChangedEvent()).isNotNull(); assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId"); @@ -120,7 +100,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); } @@ -131,7 +110,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionDestroyed(event); } @@ -141,7 +119,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionIdChanged(event, "oldSessionId"); } diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java index bb5f535ba9..ad25c72ab3 100644 --- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java @@ -61,9 +61,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo); HttpServletRequest request = new MockHttpServletRequest(); String sessionId = request.getSession().getId(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - assertThat(request.getSession().getId()).isEqualTo(sessionId); } @@ -76,9 +74,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(strategy); } @@ -88,9 +84,7 @@ public class SessionManagementFilterTests { SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class); SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(strategy); } @@ -102,9 +96,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); // Check that it is only applied once to the request @@ -117,7 +109,6 @@ public class SessionManagementFilterTests { SecurityContextRepository repo = mock(SecurityContextRepository.class); // repo will return false to containsContext() SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); filter.setAuthenticationFailureHandler(failureHandler); @@ -128,7 +119,6 @@ public class SessionManagementFilterTests { SessionAuthenticationException exception = new SessionAuthenticationException("Failure"); willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response); - filter.doFilter(request, response, fc); verifyZeroInteractions(fc); verify(failureHandler).onAuthenticationFailure(request, response, exception); @@ -144,10 +134,8 @@ public class SessionManagementFilterTests { request.setRequestedSessionId("xxx"); request.setRequestedSessionIdValid(false); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, new MockFilterChain()); assertThat(response.getRedirectedUrl()).isNull(); - // Now set a redirect URL request = new MockHttpServletRequest(); request.setRequestedSessionId("xxx"); @@ -158,7 +146,6 @@ public class SessionManagementFilterTests { FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); verifyZeroInteractions(fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/timedOut"); } @@ -170,9 +157,7 @@ public class SessionManagementFilterTests { filter.setTrustResolver(trustResolver); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verify(trustResolver).isAnonymous(any(Authentication.class)); } diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java index 778b5bcb92..e234ca1bb3 100644 --- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java @@ -66,7 +66,6 @@ public class OnCommittedResponseWrapperTests { @Test public void printWriterHashCode() throws Exception { int expected = this.writer.hashCode(); - assertThat(this.response.getWriter().hashCode()).isEqualTo(expected); } @@ -74,16 +73,13 @@ public class OnCommittedResponseWrapperTests { public void printWriterCheckError() throws Exception { boolean expected = true; given(this.writer.checkError()).willReturn(expected); - assertThat(this.response.getWriter().checkError()).isEqualTo(expected); } @Test public void printWriterWriteInt() throws Exception { int expected = 1; - this.response.getWriter().write(expected); - verify(this.writer).write(expected); } @@ -92,18 +88,14 @@ public class OnCommittedResponseWrapperTests { char[] buff = new char[0]; int off = 2; int len = 3; - this.response.getWriter().write(buff, off, len); - verify(this.writer).write(buff, off, len); } @Test public void printWriterWriteChar() throws Exception { char[] buff = new char[0]; - this.response.getWriter().write(buff); - verify(this.writer).write(buff); } @@ -112,187 +104,146 @@ public class OnCommittedResponseWrapperTests { String s = ""; int off = 2; int len = 3; - this.response.getWriter().write(s, off, len); - verify(this.writer).write(s, off, len); } @Test public void printWriterWriteString() throws Exception { String s = ""; - this.response.getWriter().write(s); - verify(this.writer).write(s); } @Test public void printWriterPrintBoolean() throws Exception { boolean b = true; - this.response.getWriter().print(b); - verify(this.writer).print(b); } @Test public void printWriterPrintChar() throws Exception { char c = 1; - this.response.getWriter().print(c); - verify(this.writer).print(c); } @Test public void printWriterPrintInt() throws Exception { int i = 1; - this.response.getWriter().print(i); - verify(this.writer).print(i); } @Test public void printWriterPrintLong() throws Exception { long l = 1; - this.response.getWriter().print(l); - verify(this.writer).print(l); } @Test public void printWriterPrintFloat() throws Exception { float f = 1; - this.response.getWriter().print(f); - verify(this.writer).print(f); } @Test public void printWriterPrintDouble() throws Exception { double x = 1; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintCharArray() throws Exception { char[] x = new char[0]; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintString() throws Exception { String x = "1"; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintObject() throws Exception { Object x = "1"; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintln() throws Exception { this.response.getWriter().println(); - verify(this.writer).println(); } @Test public void printWriterPrintlnBoolean() throws Exception { boolean b = true; - this.response.getWriter().println(b); - verify(this.writer).println(b); } @Test public void printWriterPrintlnChar() throws Exception { char c = 1; - this.response.getWriter().println(c); - verify(this.writer).println(c); } @Test public void printWriterPrintlnInt() throws Exception { int i = 1; - this.response.getWriter().println(i); - verify(this.writer).println(i); } @Test public void printWriterPrintlnLong() throws Exception { long l = 1; - this.response.getWriter().println(l); - verify(this.writer).println(l); } @Test public void printWriterPrintlnFloat() throws Exception { float f = 1; - this.response.getWriter().println(f); - verify(this.writer).println(f); } @Test public void printWriterPrintlnDouble() throws Exception { double x = 1; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnCharArray() throws Exception { char[] x = new char[0]; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnString() throws Exception { String x = "1"; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnObject() throws Exception { Object x = "1"; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @@ -300,9 +251,7 @@ public class OnCommittedResponseWrapperTests { public void printWriterPrintfStringObjectVargs() throws Exception { String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().printf(format, args); - verify(this.writer).printf(format, args); } @@ -311,9 +260,7 @@ public class OnCommittedResponseWrapperTests { Locale l = Locale.US; String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().printf(l, format, args); - verify(this.writer).printf(l, format, args); } @@ -321,9 +268,7 @@ public class OnCommittedResponseWrapperTests { public void printWriterFormatStringObjectVargs() throws Exception { String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().format(format, args); - verify(this.writer).format(format, args); } @@ -332,18 +277,14 @@ public class OnCommittedResponseWrapperTests { Locale l = Locale.US; String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().format(l, format, args); - verify(this.writer).format(l, format, args); } @Test public void printWriterAppendCharSequence() throws Exception { String x = "a"; - this.response.getWriter().append(x); - verify(this.writer).append(x); } @@ -352,45 +293,35 @@ public class OnCommittedResponseWrapperTests { String x = "abcdef"; int start = 1; int end = 3; - this.response.getWriter().append(x, start, end); - verify(this.writer).append(x, start, end); } @Test public void printWriterAppendChar() throws Exception { char x = 1; - this.response.getWriter().append(x); - verify(this.writer).append(x); } // servletoutputstream - @Test public void outputStreamHashCode() throws Exception { int expected = this.out.hashCode(); - assertThat(this.response.getOutputStream().hashCode()).isEqualTo(expected); } @Test public void outputStreamWriteInt() throws Exception { int expected = 1; - this.response.getOutputStream().write(expected); - verify(this.out).write(expected); } @Test public void outputStreamWriteByte() throws Exception { byte[] expected = new byte[0]; - this.response.getOutputStream().write(expected); - verify(this.out).write(expected); } @@ -399,160 +330,124 @@ public class OnCommittedResponseWrapperTests { int start = 1; int end = 2; byte[] expected = new byte[0]; - this.response.getOutputStream().write(expected, start, end); - verify(this.out).write(expected, start, end); } @Test public void outputStreamPrintBoolean() throws Exception { boolean b = true; - this.response.getOutputStream().print(b); - verify(this.out).print(b); } @Test public void outputStreamPrintChar() throws Exception { char c = 1; - this.response.getOutputStream().print(c); - verify(this.out).print(c); } @Test public void outputStreamPrintInt() throws Exception { int i = 1; - this.response.getOutputStream().print(i); - verify(this.out).print(i); } @Test public void outputStreamPrintLong() throws Exception { long l = 1; - this.response.getOutputStream().print(l); - verify(this.out).print(l); } @Test public void outputStreamPrintFloat() throws Exception { float f = 1; - this.response.getOutputStream().print(f); - verify(this.out).print(f); } @Test public void outputStreamPrintDouble() throws Exception { double x = 1; - this.response.getOutputStream().print(x); - verify(this.out).print(x); } @Test public void outputStreamPrintString() throws Exception { String x = "1"; - this.response.getOutputStream().print(x); - verify(this.out).print(x); } @Test public void outputStreamPrintln() throws Exception { this.response.getOutputStream().println(); - verify(this.out).println(); } @Test public void outputStreamPrintlnBoolean() throws Exception { boolean b = true; - this.response.getOutputStream().println(b); - verify(this.out).println(b); } @Test public void outputStreamPrintlnChar() throws Exception { char c = 1; - this.response.getOutputStream().println(c); - verify(this.out).println(c); } @Test public void outputStreamPrintlnInt() throws Exception { int i = 1; - this.response.getOutputStream().println(i); - verify(this.out).println(i); } @Test public void outputStreamPrintlnLong() throws Exception { long l = 1; - this.response.getOutputStream().println(l); - verify(this.out).println(l); } @Test public void outputStreamPrintlnFloat() throws Exception { float f = 1; - this.response.getOutputStream().println(f); - verify(this.out).println(f); } @Test public void outputStreamPrintlnDouble() throws Exception { double x = 1; - this.response.getOutputStream().println(x); - verify(this.out).println(x); } @Test public void outputStreamPrintlnString() throws Exception { String x = "1"; - this.response.getOutputStream().println(x); - verify(this.out).println(x); } // The amount of content specified in the setContentLength method of the response // has been greater than zero and has been written to the response. - // gh-3823 @Test public void contentLengthPrintWriterWriteNullCommits() throws Exception { String expected = null; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); - this.response.getWriter().write("a"); - assertThat(this.committed).isTrue(); } @@ -560,9 +455,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteIntCommits() throws Exception { int expected = 1; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -570,9 +463,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -580,13 +471,9 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPlus1PrintWriterWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); - this.response.getWriter().write(1); - assertThat(this.committed).isTrue(); } @@ -596,9 +483,7 @@ public class OnCommittedResponseWrapperTests { int off = 2; int len = 3; this.response.setContentLength(3); - this.response.getWriter().write(buff, off, len); - assertThat(this.committed).isTrue(); } @@ -606,9 +491,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteCharCommits() throws Exception { char[] buff = new char[4]; this.response.setContentLength(buff.length); - this.response.getWriter().write(buff); - assertThat(this.committed).isTrue(); } @@ -618,9 +501,7 @@ public class OnCommittedResponseWrapperTests { int off = 2; int len = 3; this.response.setContentLength(3); - this.response.getWriter().write(s, off, len); - assertThat(this.committed).isTrue(); } @@ -628,9 +509,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLength(body.length()); - this.response.getWriter().write(body); - assertThat(this.committed).isTrue(); } @@ -638,18 +517,14 @@ public class OnCommittedResponseWrapperTests { public void printWriterWriteStringContentLengthCommits() throws IOException { String body = "something"; this.response.getWriter().write(body); - this.response.setContentLength(body.length()); - assertThat(this.committed).isTrue(); } @Test public void printWriterWriteStringDoesNotCommit() throws IOException { String body = "something"; - this.response.getWriter().write(body); - assertThat(this.committed).isFalse(); } @@ -657,9 +532,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getWriter().print(b); - assertThat(this.committed).isTrue(); } @@ -667,9 +540,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getWriter().print(c); - assertThat(this.committed).isTrue(); } @@ -677,9 +548,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintIntCommits() throws Exception { int i = 1234; this.response.setContentLength(String.valueOf(i).length()); - this.response.getWriter().print(i); - assertThat(this.committed).isTrue(); } @@ -687,9 +556,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintLongCommits() throws Exception { long l = 12345; this.response.setContentLength(String.valueOf(l).length()); - this.response.getWriter().print(l); - assertThat(this.committed).isTrue(); } @@ -697,9 +564,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintFloatCommits() throws Exception { float f = 12345; this.response.setContentLength(String.valueOf(f).length()); - this.response.getWriter().print(f); - assertThat(this.committed).isTrue(); } @@ -707,9 +572,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintDoubleCommits() throws Exception { double x = 1.2345; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -717,9 +580,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintCharArrayCommits() throws Exception { char[] x = new char[10]; this.response.setContentLength(x.length); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -727,9 +588,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintStringCommits() throws Exception { String x = "12345"; this.response.setContentLength(x.length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -737,18 +596,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintObjectCommits() throws Exception { Object x = "12345"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthPrintWriterPrintlnCommits() throws Exception { this.response.setContentLength(NL.length()); - this.response.getWriter().println(); - assertThat(this.committed).isTrue(); } @@ -756,9 +611,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getWriter().println(b); - assertThat(this.committed).isTrue(); } @@ -766,9 +619,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getWriter().println(c); - assertThat(this.committed).isTrue(); } @@ -776,9 +627,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnIntCommits() throws Exception { int i = 12345; this.response.setContentLength(String.valueOf(i).length()); - this.response.getWriter().println(i); - assertThat(this.committed).isTrue(); } @@ -786,9 +635,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnLongCommits() throws Exception { long l = 12345678; this.response.setContentLength(String.valueOf(l).length()); - this.response.getWriter().println(l); - assertThat(this.committed).isTrue(); } @@ -796,9 +643,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnFloatCommits() throws Exception { float f = 1234; this.response.setContentLength(String.valueOf(f).length()); - this.response.getWriter().println(f); - assertThat(this.committed).isTrue(); } @@ -806,9 +651,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnDoubleCommits() throws Exception { double x = 1; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -816,9 +659,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnCharArrayCommits() throws Exception { char[] x = new char[20]; this.response.setContentLength(x.length); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -826,9 +667,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnStringCommits() throws Exception { String x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -836,9 +675,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnObjectCommits() throws Exception { Object x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -846,9 +683,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterAppendCharSequenceCommits() throws Exception { String x = "a"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().append(x); - assertThat(this.committed).isTrue(); } @@ -858,9 +693,7 @@ public class OnCommittedResponseWrapperTests { int start = 1; int end = 3; this.response.setContentLength(end - start); - this.response.getWriter().append(x, start, end); - assertThat(this.committed).isTrue(); } @@ -868,9 +701,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterAppendCharCommits() throws Exception { char x = 1; this.response.setContentLength(1); - this.response.getWriter().append(x); - assertThat(this.committed).isTrue(); } @@ -878,9 +709,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteIntCommits() throws Exception { int expected = 1; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isTrue(); } @@ -888,9 +717,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isTrue(); } @@ -898,13 +725,9 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPlus1OutputStreamWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isFalse(); - this.response.getOutputStream().write(1); - assertThat(this.committed).isTrue(); } @@ -915,13 +738,9 @@ public class OnCommittedResponseWrapperTests { + " \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" + " \"headerName\" : \"X-CSRF-TOKEN\"\n" + "}"; this.response.setContentLength(expected.length() + 1); - this.response.getOutputStream().write(expected.getBytes()); - assertThat(this.committed).isFalse(); - this.response.getOutputStream().write("1".getBytes("UTF-8")); - assertThat(this.committed).isTrue(); } @@ -929,9 +748,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getOutputStream().print(b); - assertThat(this.committed).isTrue(); } @@ -939,9 +756,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getOutputStream().print(c); - assertThat(this.committed).isTrue(); } @@ -949,9 +764,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintIntCommits() throws Exception { int i = 1234; this.response.setContentLength(String.valueOf(i).length()); - this.response.getOutputStream().print(i); - assertThat(this.committed).isTrue(); } @@ -959,9 +772,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintLongCommits() throws Exception { long l = 12345; this.response.setContentLength(String.valueOf(l).length()); - this.response.getOutputStream().print(l); - assertThat(this.committed).isTrue(); } @@ -969,9 +780,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintFloatCommits() throws Exception { float f = 12345; this.response.setContentLength(String.valueOf(f).length()); - this.response.getOutputStream().print(f); - assertThat(this.committed).isTrue(); } @@ -979,9 +788,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintDoubleCommits() throws Exception { double x = 1.2345; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().print(x); - assertThat(this.committed).isTrue(); } @@ -989,18 +796,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintStringCommits() throws Exception { String x = "12345"; this.response.setContentLength(x.length()); - this.response.getOutputStream().print(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthOutputStreamPrintlnCommits() throws Exception { this.response.setContentLength(NL.length()); - this.response.getOutputStream().println(); - assertThat(this.committed).isTrue(); } @@ -1008,9 +811,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getOutputStream().println(b); - assertThat(this.committed).isTrue(); } @@ -1018,9 +819,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getOutputStream().println(c); - assertThat(this.committed).isTrue(); } @@ -1028,9 +827,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnIntCommits() throws Exception { int i = 12345; this.response.setContentLength(String.valueOf(i).length()); - this.response.getOutputStream().println(i); - assertThat(this.committed).isTrue(); } @@ -1038,9 +835,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnLongCommits() throws Exception { long l = 12345678; this.response.setContentLength(String.valueOf(l).length()); - this.response.getOutputStream().println(l); - assertThat(this.committed).isTrue(); } @@ -1048,9 +843,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnFloatCommits() throws Exception { float f = 1234; this.response.setContentLength(String.valueOf(f).length()); - this.response.getOutputStream().println(f); - assertThat(this.committed).isTrue(); } @@ -1058,9 +851,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnDoubleCommits() throws Exception { double x = 1; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().println(x); - assertThat(this.committed).isTrue(); } @@ -1068,18 +859,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnStringCommits() throws Exception { String x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().println(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthDoesNotCommit() { String body = "something"; - this.response.setContentLength(body.length()); - assertThat(this.committed).isFalse(); } @@ -1087,9 +874,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLength(body.length()); - this.response.getOutputStream().print(body); - assertThat(this.committed).isTrue(); } @@ -1098,9 +883,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthLongOutputStreamWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLengthLong(body.length()); - this.response.getOutputStream().print(body); - assertThat(this.committed).isTrue(); } @@ -1108,9 +891,7 @@ public class OnCommittedResponseWrapperTests { public void addHeaderContentLengthPrintWriterWriteStringCommits() throws Exception { int expected = 1234; this.response.addHeader("Content-Length", String.valueOf(String.valueOf(expected).length())); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -1118,9 +899,7 @@ public class OnCommittedResponseWrapperTests { public void bufferSizePrintWriterWriteCommits() throws Exception { String expected = "1234567890"; given(this.response.getBufferSize()).willReturn(expected.length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -1128,15 +907,10 @@ public class OnCommittedResponseWrapperTests { public void bufferSizeCommitsOnce() throws Exception { String expected = "1234567890"; given(this.response.getBufferSize()).willReturn(expected.length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); - this.committed = false; - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java index 10a76b0f6c..893d8db75a 100644 --- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java +++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java @@ -51,7 +51,6 @@ public class ThrowableAnalyzerTests { @Before public void setUp() { - // Set up test trace this.testTrace = new Throwable[7]; this.testTrace[6] = new IllegalArgumentException("Test_6"); @@ -61,13 +60,10 @@ public class ThrowableAnalyzerTests { this.testTrace[2] = new NonStandardException("Test_2", this.testTrace[3]); this.testTrace[1] = new RuntimeException("Test_1", this.testTrace[2]); this.testTrace[0] = new Exception("Test_0", this.testTrace[1]); - // Set up standard analyzer this.standardAnalyzer = new ThrowableAnalyzer(); - // Set up nonstandard analyzer this.nonstandardAnalyzer = new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -84,7 +80,6 @@ public class ThrowableAnalyzerTests { public void testRegisterExtractorWithInvalidExtractor() { try { new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -94,7 +89,6 @@ public class ThrowableAnalyzerTests { super.registerExtractor(Exception.class, null); } }; - fail("IllegalArgumentExpected"); } catch (IllegalArgumentException ex) { @@ -104,16 +98,12 @@ public class ThrowableAnalyzerTests { @Test public void testGetRegisteredTypes() { - Class[] registeredTypes = this.nonstandardAnalyzer.getRegisteredTypes(); - for (int i = 0; i < registeredTypes.length; ++i) { Class clazz = registeredTypes[i]; - // The most specific types have to occur first. for (int j = 0; j < i; ++j) { Class prevClazz = registeredTypes[j]; - assertThat(prevClazz.isAssignableFrom(clazz)) .withFailMessage( "Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz) @@ -125,7 +115,6 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithNoExtractors() { ThrowableAnalyzer analyzer = new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -134,10 +123,8 @@ public class ThrowableAnalyzerTests { // skip default initialization } }; - assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") .isZero(); - Throwable t = this.testTrace[0]; Throwable[] chain = analyzer.determineCauseChain(t); // Without extractors only the root throwable is available @@ -148,12 +135,9 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithDefaultExtractors() { ThrowableAnalyzer analyzer = this.standardAnalyzer; - assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") .isEqualTo(2); - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - // Element at index 2 is a NonStandardException which cannot be analyzed further // by default assertThat(chain.length).as("Unexpected chain size").isEqualTo(3); @@ -165,9 +149,7 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithCustomExtractors() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - assertThat(chain.length).as("Unexpected chain size").isEqualTo(this.testTrace.length); for (int i = 0; i < chain.length; ++i) { assertThat(chain[i]).withFailMessage("Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]); @@ -177,11 +159,8 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithSuccess1() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - Throwable result = analyzer.getFirstThrowableOfType(Exception.class, chain); - assertThat(result).as("null not expected").isNotNull(); assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[0]); } @@ -189,11 +168,8 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithSuccess2() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - Throwable result = analyzer.getFirstThrowableOfType(NonStandardException.class, chain); - assertThat(result).as("null not expected").isNotNull(); assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[2]); } @@ -201,18 +177,14 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithFailure() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - // IllegalStateException not in trace Throwable result = analyzer.getFirstThrowableOfType(IllegalStateException.class, chain); - assertThat(result).as("null expected").isNull(); } @Test public void testVerifyThrowableHierarchyWithExactType() { - Throwable throwable = new IllegalStateException("Test"); ThrowableAnalyzer.verifyThrowableHierarchy(throwable, IllegalStateException.class); // No exception expected @@ -220,7 +192,6 @@ public class ThrowableAnalyzerTests { @Test public void testVerifyThrowableHierarchyWithCompatibleType() { - Throwable throwable = new IllegalStateException("Test"); ThrowableAnalyzer.verifyThrowableHierarchy(throwable, Exception.class); // No exception expected @@ -239,7 +210,6 @@ public class ThrowableAnalyzerTests { @Test public void testVerifyThrowableHierarchyWithNonmatchingType() { - Throwable throwable = new IllegalStateException("Test"); try { ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class); diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java index f3a7671d50..a10b26b3e4 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java @@ -82,7 +82,6 @@ public class AndRequestMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new AndRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -91,7 +90,6 @@ public class AndRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(true); given(this.delegate2.matches(this.request)).willReturn(true); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -99,7 +97,6 @@ public class AndRequestMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -107,7 +104,6 @@ public class AndRequestMatcherTests { public void matchesMultiBothFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -116,7 +112,6 @@ public class AndRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(true); given(this.delegate2.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java index 80696a0735..58398adfa8 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java @@ -43,7 +43,6 @@ public class AntPathRequestMatcherTests { public void matchesWhenUrlPathHelperThenMatchesOnRequestUri() { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/foo/bar", null, true, new UrlPathHelper()); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar"); - assertThat(matcher.matches(request)).isTrue(); } @@ -51,9 +50,7 @@ public class AntPathRequestMatcherTests { public void singleWildcardMatchesAnyPath() { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/**"); assertThat(matcher.getPattern()).isEqualTo("/**"); - assertThat(matcher.matches(createRequest("/blah"))).isTrue(); - matcher = new AntPathRequestMatcher("**"); assertThat(matcher.matches(createRequest("/blah"))).isTrue(); assertThat(matcher.matches(createRequest(""))).isTrue(); @@ -69,14 +66,11 @@ public class AntPathRequestMatcherTests { assertThat(matcher.matches(createRequest("/blah/blaha"))).isFalse(); assertThat(matcher.matches(createRequest("/blah/bleh/"))).isFalse(); MockHttpServletRequest request = createRequest("/blah/"); - request.setPathInfo("blah/bleh"); assertThat(matcher.matches(request)).isTrue(); - matcher = new AntPathRequestMatcher("/bl?h/blAh/**", null, false); assertThat(matcher.matches(createRequest("/BLAH/Blah/aaa/"))).isTrue(); assertThat(matcher.matches(createRequest("/bleh/Blah"))).isTrue(); - matcher = new AntPathRequestMatcher("/blAh/**/blah/**", null, false); assertThat(matcher.matches(createRequest("/blah/blah"))).isTrue(); assertThat(matcher.matches(createRequest("/blah/bleh"))).isFalse(); @@ -160,7 +154,6 @@ public class AntPathRequestMatcherTests { assertThat(new AntPathRequestMatcher("/upper", null, true).matches(request)).isFalse(); assertThat(new AntPathRequestMatcher("/upper", "POST", true).matches(request)).isFalse(); assertThat(new AntPathRequestMatcher("/upper", "GET", true).matches(request)).isFalse(); - assertThat(new AntPathRequestMatcher("/upper", null, false).matches(request)).isTrue(); assertThat(new AntPathRequestMatcher("/upper", "POST", false).matches(request)).isTrue(); } @@ -170,7 +163,6 @@ public class AntPathRequestMatcherTests { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/path/*/bar"); MockHttpServletRequest request = createRequest("/path /foo/bar"); assertThat(matcher.matches(request)).isFalse(); - matcher = new AntPathRequestMatcher("/path/foo"); request = createRequest("/path /foo"); assertThat(matcher.matches(request)).isFalse(); @@ -201,7 +193,6 @@ public class AntPathRequestMatcherTests { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah", "GET"); MockHttpServletRequest request = createRequest("/blah"); request.setMethod("INVALID"); - assertThat(matcher.matches(request)).isFalse(); } @@ -215,7 +206,6 @@ public class AntPathRequestMatcherTests { request.setQueryString("doesntMatter"); request.setServletPath(path); request.setMethod("POST"); - return request; } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java index 4a71218ce9..d445c5c510 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java @@ -33,7 +33,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("1.1.1.1"); - assertThat(requestMatcher.matches(request)).isTrue(); } @@ -42,7 +41,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("1.1.1.2"); - assertThat(requestMatcher.matches(request)).isFalse(); } @@ -51,7 +49,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "MSIE"); - assertThat(requestMatcher.matches(request)).isTrue(); } @@ -61,14 +58,10 @@ public class ELRequestMatcherTests { "hasHeader('User-Agent','MSIE') or hasHeader('User-Agent','Mozilla')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "MSIE"); - assertThat(requestMatcher.matches(request)).isTrue(); - request = new MockHttpServletRequest(); request.addHeader("User-Agent", "Mozilla"); - assertThat(requestMatcher.matches(request)).isTrue(); - } @Test @@ -76,7 +69,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "wrong"); - assertThat(requestMatcher.matches(request)).isFalse(); } @@ -84,7 +76,6 @@ public class ELRequestMatcherTests { public void testHasHeaderNull() { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(requestMatcher.matches(request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java index b0f2594cf6..1ef1c66f2e 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java @@ -71,7 +71,6 @@ public class IpAddressMatcherTests { @Test public void ipv6RangeMatches() { IpAddressMatcher matcher = new IpAddressMatcher("2001:DB8::/48"); - assertThat(matcher.matches("2001:DB8:0:0:0:0:0:0")).isTrue(); assertThat(matcher.matches("2001:DB8:0:0:0:0:0:1")).isTrue(); assertThat(matcher.matches("2001:DB8:0:FFFF:FFFF:FFFF:FFFF:FFFF")).isTrue(); @@ -82,10 +81,8 @@ public class IpAddressMatcherTests { @Test public void zeroMaskMatchesAnything() { IpAddressMatcher matcher = new IpAddressMatcher("0.0.0.0/0"); - assertThat(matcher.matches("123.4.5.6")).isTrue(); assertThat(matcher.matches("192.168.0.159")).isTrue(); - matcher = new IpAddressMatcher("192.168.0.159/0"); assertThat(matcher.matches("123.4.5.6")).isTrue(); assertThat(matcher.matches("192.168.0.159")).isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java index df88943b00..39b210cb76 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java @@ -52,21 +52,17 @@ public class MediaTypeRequestMatcherRequestHCNSTests { public void mediaAllMatches() { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); - assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML); assertThat(this.matcher.matches(this.request)).isTrue(); } // ignoreMediaTypeAll - @Test public void mediaAllIgnoreMediaTypeAll() { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -75,18 +71,15 @@ public class MediaTypeRequestMatcherRequestHCNSTests { this.request.addHeader("Accept", MediaType.ALL_VALUE + "," + MediaType.TEXT_HTML_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } // JavaDoc - @Test public void javadocJsonJson() { this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE); MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_JSON); - assertThat(matcher.matches(this.request)).isTrue(); } @@ -95,7 +88,6 @@ public class MediaTypeRequestMatcherRequestHCNSTests { this.request.addHeader("Accept", MediaType.ALL_VALUE); MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_JSON); - assertThat(matcher.matches(this.request)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java index 77567eb379..7a9fe12bfa 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java @@ -96,20 +96,16 @@ public class MediaTypeRequestMatcherTests { public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willThrow(new HttpMediaTypeNotAcceptableException("oops")); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL); assertThat(this.matcher.matches(this.request)).isFalse(); } @Test public void mediaAllMatches() throws Exception { - given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.ALL)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -190,15 +186,12 @@ public class MediaTypeRequestMatcherTests { public void multipleMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML, MediaType.APPLICATION_JSON); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -208,7 +201,6 @@ public class MediaTypeRequestMatcherTests { public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -216,7 +208,6 @@ public class MediaTypeRequestMatcherTests { @Test public void matchWhenAcceptHeaderIsTextThenMediaTypeAllIsMatched() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*")); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -225,7 +216,6 @@ public class MediaTypeRequestMatcherTests { public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "*"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -233,18 +223,15 @@ public class MediaTypeRequestMatcherTests { @Test public void matchWhenAcceptHeaderIsTextWildcardThenMediaTypeTextIsMatched() { this.request.addHeader("Accept", "text/*"); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); assertThat(this.matcher.matches(this.request)).isTrue(); } // useEquals - @Test public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "*"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -253,7 +240,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeTextIsNotMatched() { this.request.addHeader("Accept", "text/*"); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -263,7 +249,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -272,7 +257,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeTextAllIsNotMatched() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -282,7 +266,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsSame() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -291,7 +274,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeIsMatchedWithEqualString() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -301,7 +283,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "unique"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -310,21 +291,18 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenCustomMediaTypeIsMatched() { this.request.addHeader("Accept", "text/unique"); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "unique")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); } // ignoreMediaTypeAll - @Test public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.ALL)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -333,7 +311,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -343,7 +320,6 @@ public class MediaTypeRequestMatcherTests { .willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -352,7 +328,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.ALL_VALUE + ", " + MediaType.TEXT_HTML_VALUE); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -362,7 +337,6 @@ public class MediaTypeRequestMatcherTests { .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -371,7 +345,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.TEXT_PLAIN + ", */*;q=0.8"); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java index 7c9cbbae36..1a738c4a42 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java @@ -50,7 +50,6 @@ public class NegatedRequestMatcherTests { public void matchesDelegateFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new NegatedRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -58,7 +57,6 @@ public class NegatedRequestMatcherTests { public void matchesDelegateTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new NegatedRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java index 6783abef41..291b97c2fb 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java @@ -82,7 +82,6 @@ public class OrRequestMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -90,7 +89,6 @@ public class OrRequestMatcherTests { public void matchesMultiTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -98,7 +96,6 @@ public class OrRequestMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new OrRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -107,7 +104,6 @@ public class OrRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(false); given(this.delegate2.matches(this.request)).willReturn(false); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -115,7 +111,6 @@ public class OrRequestMatcherTests { public void matchesMultiSingleFalse() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java index 37d2b2fca4..24f686c28b 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java @@ -41,31 +41,25 @@ public class RegexRequestMatcherTests { @Test public void doesntMatchIfHttpMethodIsDifferent() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/anything"); - assertThat(matcher.matches(request)).isFalse(); } @Test public void matchesIfHttpMethodAndPathMatch() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/anything"); request.setServletPath("/anything"); - assertThat(matcher.matches(request)).isTrue(); } @Test public void queryStringIsMatcherCorrectly() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*\\?x=y", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/any/path?x=y"); request.setServletPath("/any"); request.setPathInfo("/path"); request.setQueryString("x=y"); - assertThat(matcher.matches(request)).isTrue(); } @@ -104,7 +98,6 @@ public class RegexRequestMatcherTests { RegexRequestMatcher matcher = new RegexRequestMatcher("/blah", "GET"); MockHttpServletRequest request = new MockHttpServletRequest("INVALID", "/blah"); request.setMethod("INVALID"); - assertThat(matcher.matches(request)).isFalse(); }