diff --git a/build.gradle b/build.gradle index a5a5604eb78..326fb3070d6 100644 --- a/build.gradle +++ b/build.gradle @@ -605,16 +605,10 @@ project('spring-test-mvc') { testCompile "rome:rome:1.0" testCompile "javax.xml.bind:jaxb-api:2.2.6" testCompile "org.easymock:easymockclassextension:${easymockVersion}" - testCompile("org.springframework.security:spring-security-core:3.1.2.RELEASE") { - exclude group: 'org.springframework' - } - testCompile("org.springframework.security:spring-security-web:3.1.2.RELEASE") { - exclude group: 'org.springframework' - } - testCompile("org.springframework.security:spring-security-config:3.1.2.RELEASE") { - exclude group: 'org.springframework' - } - testCompile("org.springframework.hateoas:spring-hateoas:0.3.0.RELEASE") + testCompile "org.apache.tiles:tiles-request-api:1.0.1" + testCompile "org.apache.tiles:tiles-api:3.0.1" + testCompile "org.apache.tiles:tiles-core:3.0.1" + testCompile "org.apache.tiles:tiles-servlet:3.0.1" } } diff --git a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SecurityRequestPostProcessors.java b/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SecurityRequestPostProcessors.java deleted file mode 100644 index 571cd2c6f09..00000000000 --- a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SecurityRequestPostProcessors.java +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright 2002-2012 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.test.web.servlet.samples.context; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.context.ApplicationContext; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.web.context.HttpRequestResponseHolder; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; -import org.springframework.test.web.servlet.request.RequestPostProcessor; -import org.springframework.util.Assert; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -/** - * Demonstrates how to use a {@link RequestPostProcessor} to add - * request-building methods for establishing a security context for Spring - * Security. While these are just examples, - * official support - * for Spring Security is planned. - * - * @author Rob Winch - */ -final class SecurityRequestPostProcessors { - - /** - * Establish a security context for a user with the specified username. All - * details are declarative and do not require that the user actually exists. - * This means that the authorities or roles need to be specified too. - */ - public static UserRequestPostProcessor user(String username) { - return new UserRequestPostProcessor(username); - } - - /** - * Establish a security context for a user with the specified username. The - * additional details are obtained from the {@link UserDetailsService} - * declared in the {@link WebApplicationContext}. - */ - public static UserDetailsRequestPostProcessor userDeatilsService(String username) { - return new UserDetailsRequestPostProcessor(username); - } - - /** - * Establish a security context with the given {@link SecurityContext} and - * thus be authenticated with {@link SecurityContext#getAuthentication()}. - */ - public SecurityContextRequestPostProcessor securityContext(SecurityContext securityContext) { - return new SecurityContextRequestPostProcessor(securityContext); - } - - - /** Support class for {@link RequestPostProcessor}'s that establish a Spring Security context */ - private static abstract class SecurityContextRequestPostProcessorSupport { - - private SecurityContextRepository repository = new HttpSessionSecurityContextRepository(); - - final void save(Authentication authentication, HttpServletRequest request) { - SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); - securityContext.setAuthentication(authentication); - save(securityContext, request); - } - - final void save(SecurityContext securityContext, HttpServletRequest request) { - HttpServletResponse response = new MockHttpServletResponse(); - - HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response); - this.repository.loadContext(requestResponseHolder); - - request = requestResponseHolder.getRequest(); - response = requestResponseHolder.getResponse(); - - this.repository.saveContext(securityContext, request, response); - } - } - - public final static class SecurityContextRequestPostProcessor - extends SecurityContextRequestPostProcessorSupport implements RequestPostProcessor { - - private final SecurityContext securityContext; - - private SecurityContextRequestPostProcessor(SecurityContext securityContext) { - this.securityContext = securityContext; - } - - public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { - save(this.securityContext,request); - return request; - } - } - - public final static class UserRequestPostProcessor - extends SecurityContextRequestPostProcessorSupport implements RequestPostProcessor { - - private final String username; - - private String rolePrefix = "ROLE_"; - - private Object credentials; - - private List authorities = new ArrayList(); - - private UserRequestPostProcessor(String username) { - Assert.notNull(username, "username cannot be null"); - this.username = username; - } - - /** - * Sets the prefix to append to each role if the role does not already start with - * the prefix. If no prefix is desired, an empty String or null can be used. - */ - public UserRequestPostProcessor rolePrefix(String rolePrefix) { - this.rolePrefix = rolePrefix; - return this; - } - - /** - * Specify the roles of the user to authenticate as. This method is similar to - * {@link #authorities(GrantedAuthority...)}, but just not as flexible. - * - * @param roles The roles to populate. Note that if the role does not start with - * {@link #rolePrefix(String)} it will automatically be prepended. This means by - * default {@code roles("ROLE_USER")} and {@code roles("USER")} are equivalent. - * @see #authorities(GrantedAuthority...) - * @see #rolePrefix(String) - */ - public UserRequestPostProcessor roles(String... roles) { - List authorities = new ArrayList(roles.length); - for(String role : roles) { - if(this.rolePrefix == null || role.startsWith(this.rolePrefix)) { - authorities.add(new SimpleGrantedAuthority(role)); - } else { - authorities.add(new SimpleGrantedAuthority(this.rolePrefix + role)); - } - } - return this; - } - - /** - * Populates the user's {@link GrantedAuthority}'s. - * @param authorities - * @see #roles(String...) - */ - public UserRequestPostProcessor authorities(GrantedAuthority... authorities) { - this.authorities = Arrays.asList(authorities); - return this; - } - - public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { - UsernamePasswordAuthenticationToken authentication = - new UsernamePasswordAuthenticationToken(this.username, this.credentials, this.authorities); - save(authentication,request); - return request; - } - } - - public final static class UserDetailsRequestPostProcessor - extends SecurityContextRequestPostProcessorSupport implements RequestPostProcessor { - - private final String username; - - private String userDetailsServiceBeanId; - - private UserDetailsRequestPostProcessor(String username) { - this.username = username; - } - - /** - * Use this method to specify the bean id of the {@link UserDetailsService} to - * use to look up the {@link UserDetails}. - * - *

By default a lookup of {@link UserDetailsService} is performed by type. This - * can be problematic if multiple {@link UserDetailsService} beans are declared. - */ - public UserDetailsRequestPostProcessor userDetailsServiceBeanId(String userDetailsServiceBeanId) { - this.userDetailsServiceBeanId = userDetailsServiceBeanId; - return this; - } - - public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { - UsernamePasswordAuthenticationToken authentication = authentication(request.getServletContext()); - save(authentication,request); - return request; - } - - private UsernamePasswordAuthenticationToken authentication(ServletContext servletContext) { - ApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext); - UserDetailsService userDetailsService = userDetailsService(context); - UserDetails userDetails = userDetailsService.loadUserByUsername(this.username); - return new UsernamePasswordAuthenticationToken( - userDetails, userDetails.getPassword(), userDetails.getAuthorities()); - } - - private UserDetailsService userDetailsService(ApplicationContext context) { - if(this.userDetailsServiceBeanId == null) { - return context.getBean(UserDetailsService.class); - } - return context.getBean(this.userDetailsServiceBeanId, UserDetailsService.class); - } - } - - private SecurityRequestPostProcessors() {} - -} diff --git a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SpringSecurityTests.java b/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SpringSecurityTests.java deleted file mode 100644 index 6622d4972df..00000000000 --- a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/context/SpringSecurityTests.java +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright 2002-2012 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ - -package org.springframework.test.web.servlet.samples.context; - -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.forwardedUrl; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.samples.context.SecurityRequestPostProcessors.user; -import static org.springframework.test.web.servlet.samples.context.SecurityRequestPostProcessors.userDeatilsService; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -import junit.framework.Assert; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.web.FilterChainProxy; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; -import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.MvcResult; -import org.springframework.test.web.servlet.ResultMatcher; -import org.springframework.test.web.servlet.request.RequestPostProcessor; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; -import org.springframework.web.context.WebApplicationContext; - -/** - * Basic example that includes Spring Security configuration. - * - *

Note that currently there are no {@linkplain ResultMatcher ResultMatchers} - * built specifically for asserting the Spring Security context. However, it's - * quite easy to put them together as shown below, and Spring Security extensions - * will become available in the near future. - * - *

This also demonstrates a custom {@link RequestPostProcessor} which authenticates - * a user to a particular {@link HttpServletRequest}. - * - * @author Rob Winch - * @author Rossen Stoyanchev - * @author Sam Brannen - * @see SecurityRequestPostProcessors - */ -@RunWith(SpringJUnit4ClassRunner.class) -@WebAppConfiguration("src/test/resources/META-INF/web-resources") -@ContextConfiguration({ "security.xml", "servlet-context.xml" }) -public class SpringSecurityTests { - - private static final String SEC_CONTEXT_ATTR = HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY; - - @Autowired - private FilterChainProxy springSecurityFilterChain; - - @Autowired - private WebApplicationContext wac; - - private MockMvc mockMvc; - - - @Before - public void setup() { - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac)// - .addFilters(this.springSecurityFilterChain)// - .build(); - } - - @Test - public void requiresAuthentication() throws Exception { - mockMvc.perform(get("/user")).// - andExpect(redirectedUrl("http://localhost/spring_security_login")); - } - - @Test - public void accessGranted() throws Exception { - this.mockMvc.perform(get("/").// - with(userDeatilsService("user"))).// - andExpect(status().isOk()).// - andExpect(forwardedUrl("/WEB-INF/layouts/standardLayout.jsp")); - } - - @Test - public void accessDenied() throws Exception { - this.mockMvc.perform(get("/")// - .with(user("user").roles("DENIED")))// - .andExpect(status().isForbidden()); - } - - @Test - public void userAuthenticates() throws Exception { - final String username = "user"; - mockMvc.perform(post("/j_spring_security_check").// - param("j_username", username).// - param("j_password", "password")).// - andExpect(redirectedUrl("/")).// - andExpect(new ResultMatcher() { - - public void match(MvcResult mvcResult) throws Exception { - HttpSession session = mvcResult.getRequest().getSession(); - SecurityContext securityContext = (SecurityContext) session.getAttribute(SEC_CONTEXT_ATTR); - Assert.assertEquals(securityContext.getAuthentication().getName(), username); - } - }); - } - - @Test - public void userAuthenticateFails() throws Exception { - final String username = "user"; - mockMvc.perform(post("/j_spring_security_check").// - param("j_username", username).// - param("j_password", "invalid")).// - andExpect(redirectedUrl("/spring_security_login?login_error")).// - andExpect(new ResultMatcher() { - - public void match(MvcResult mvcResult) throws Exception { - HttpSession session = mvcResult.getRequest().getSession(); - SecurityContext securityContext = (SecurityContext) session.getAttribute(SEC_CONTEXT_ATTR); - Assert.assertNull(securityContext); - } - }); - } - -} diff --git a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/standalone/resultmatchers/ContentAssertionTests.java b/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/standalone/resultmatchers/ContentAssertionTests.java index a1e033dd4ee..80a0d138f34 100644 --- a/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/standalone/resultmatchers/ContentAssertionTests.java +++ b/spring-test-mvc/src/test/java/org/springframework/test/web/servlet/samples/standalone/resultmatchers/ContentAssertionTests.java @@ -19,23 +19,14 @@ package org.springframework.test.web.servlet.samples.standalone.resultmatchers; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.xpath; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; import java.nio.charset.Charset; -import java.util.Collections; -import java.util.Map; - -import javax.xml.bind.annotation.XmlRootElement; import org.junit.Before; import org.junit.Test; -import org.springframework.hateoas.Link; -import org.springframework.hateoas.ResourceSupport; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.test.web.servlet.MockMvc; @@ -116,20 +107,6 @@ public class ContentAssertionTests { .andExpect(content().bytes("\u3053\u3093\u306b\u3061\u306f\u4e16\u754c\uff01".getBytes("UTF-8"))); } - @Test - public void testSpringHateoasJsonLink() throws Exception { - this.mockMvc.perform(get("/handle").accept(MediaType.APPLICATION_JSON)) - .andExpect(jsonPath("$.links[?(@.rel == 'self')].href").value("http://myhost/people")); - } - - @Test - public void testSpringHateoasXmlLink() throws Exception { - Map ns = Collections.singletonMap("ns", "http://www.w3.org/2005/Atom"); - this.mockMvc.perform(get("/handle").accept(MediaType.APPLICATION_XML)) - .andDo(print()) - .andExpect(xpath("/person/ns:link[@rel='self']/@href", ns).string("http://myhost/people")); - } - @Controller private static class SimpleController { @@ -145,20 +122,6 @@ public class ContentAssertionTests { public String handleWithCharset() { return "\u3053\u3093\u306b\u3061\u306f\u4e16\u754c\uff01"; // "Hello world! (Japanese) } - - @RequestMapping(value="/handle", produces={"application/json", "application/xml"}) - @ResponseBody - public PersonResource handleJsonOrXml() { - PersonResource resource = new PersonResource(); - resource.name = "Joe"; - resource.add(new Link("http://myhost/people")); - return resource; - } - } - - @XmlRootElement(name="person") - static class PersonResource extends ResourceSupport { - String name; } }