diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java index 268beeef5a..6f09d71890 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java @@ -39,21 +39,18 @@ public class AclFormattingUtilsTests { } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", null); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING"); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH"); } @@ -68,7 +65,6 @@ public class AclFormattingUtilsTests { String removeBits = "...............................R"; assertThat(AclFormattingUtils.demergePatterns(original, removeBits)) .isEqualTo("...........................A...."); - assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF"); assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......"); } @@ -81,21 +77,18 @@ public class AclFormattingUtilsTests { } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", null); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING"); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH"); } @@ -108,7 +101,6 @@ public class AclFormattingUtilsTests { String original = "...............................R"; String extraBits = "...........................A...."; assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo("...........................A...R"); - assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF"); assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL")).isEqualTo("GHIJKL"); } @@ -116,21 +108,18 @@ public class AclFormattingUtilsTests { @Test public final void testBinaryPrints() { assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****"); - try { AclFormattingUtils.printBinary(15, Permission.RESERVED_ON); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException notExpected) { } - try { AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException notExpected) { } - assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx"); } diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java index 968cf92093..844a2d4d86 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java @@ -54,9 +54,7 @@ public class AclPermissionCacheOptimizerTests { ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") }; given(oidStrat.getObjectIdentity(dos[0])).willReturn(oids[0]); given(oidStrat.getObjectIdentity(dos[2])).willReturn(oids[1]); - pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos)); - // AclService should be invoked with the list of required Oids verify(service).readAclsById(eq(Arrays.asList(oids)), any(List.class)); } @@ -69,9 +67,7 @@ public class AclPermissionCacheOptimizerTests { SidRetrievalStrategy sids = mock(SidRetrievalStrategy.class); pco.setObjectIdentityRetrievalStrategy(oids); pco.setSidRetrievalStrategy(sids); - pco.cachePermissionsFor(mock(Authentication.class), Collections.emptyList()); - verifyZeroInteractions(service, sids, oids); } diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java index 5bdc6a5446..a29c3ab3be 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java @@ -50,10 +50,8 @@ public class AclPermissionEvaluatorTests { pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); - given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl); given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true); - assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue(); } @@ -61,7 +59,6 @@ public class AclPermissionEvaluatorTests { public void resolvePermissionNonEnglishLocale() { Locale systemLocale = Locale.getDefault(); Locale.setDefault(new Locale("tr")); - AclService service = mock(AclService.class); AclPermissionEvaluator pe = new AclPermissionEvaluator(service); ObjectIdentity oid = mock(ObjectIdentity.class); @@ -70,12 +67,9 @@ public class AclPermissionEvaluatorTests { pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); - given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl); given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true); - assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue(); - Locale.setDefault(systemLocale); } diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java index 55800137e0..296e306d5f 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java @@ -58,7 +58,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class)); provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); - Object returned = provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), new ArrayList(Arrays.asList(new Object(), new Object()))); @@ -76,7 +75,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider( mock(AclService.class), Arrays.asList(mock(Permission.class))); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), Collections.emptyList(), returned)); } @@ -86,7 +84,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { AclService service = mock(AclService.class); AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider( service, Arrays.asList(mock(Permission.class))); - assertThat(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java index 5e8bb47953..b044f89c3a 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java @@ -74,7 +74,6 @@ public class AclEntryAfterInvocationProviderTests { provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); } @@ -84,7 +83,6 @@ public class AclEntryAfterInvocationProviderTests { AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(mock(AclService.class), Arrays.asList(mock(Permission.class))); Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), Collections.emptyList(), returned)); } @@ -96,7 +94,6 @@ public class AclEntryAfterInvocationProviderTests { provider.setProcessDomainObjectClass(String.class); // Not a String Object returned = new Object(); - assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); } @@ -133,7 +130,6 @@ public class AclEntryAfterInvocationProviderTests { AclService service = mock(AclService.class); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); - assertThat(provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java index c51bc86701..743f8ee3b8 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java @@ -46,7 +46,6 @@ public class AccessControlImplEntryTests { } catch (IllegalArgumentException expected) { } - // Check Sid field is present try { new AccessControlEntryImpl(null, mock(Acl.class), null, BasePermission.ADMINISTRATION, true, true, true); @@ -54,7 +53,6 @@ public class AccessControlImplEntryTests { } catch (IllegalArgumentException expected) { } - // Check Permission field is present try { new AccessControlEntryImpl(null, mock(Acl.class), new PrincipalSid("johndoe"), null, true, true, true); @@ -68,11 +66,9 @@ public class AccessControlImplEntryTests { public void testAccessControlEntryImplGetters() { Acl mockAcl = mock(Acl.class); Sid sid = new PrincipalSid("johndoe"); - // Create a sample entry AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); - // and check every get() method assertThat(ace.getId()).isEqualTo(1L); assertThat(ace.getAcl()).isEqualTo(mockAcl); @@ -87,13 +83,10 @@ public class AccessControlImplEntryTests { public void testEquals() { final Acl mockAcl = mock(Acl.class); final ObjectIdentity oid = mock(ObjectIdentity.class); - given(mockAcl.getObjectIdentity()).willReturn(oid); Sid sid = new PrincipalSid("johndoe"); - AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); - assertThat(ace).isNotNull(); assertThat(ace).isNotEqualTo(100L); assertThat(ace).isEqualTo(ace); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java index 7427916de8..c86776a9c7 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java @@ -156,7 +156,6 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); @@ -165,7 +164,6 @@ public class AclImplTests { assertThat(acl).isEqualTo(acl.getEntries().get(0).getAcl()); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST1")); - // Add a second permission acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); service.updateAcl(acl); @@ -174,7 +172,6 @@ public class AclImplTests { assertThat(acl).isEqualTo(acl.getEntries().get(1).getAcl()); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); - // Add a third permission, after the first one acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false); service.updateAcl(acl); @@ -193,11 +190,9 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); - acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); } @@ -206,20 +201,17 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - // Add several permissions acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true); service.updateAcl(acl); - // Delete first permission and check the order of the remaining permissions is // kept acl.deleteAce(0); assertThat(acl.getEntries()).hasSize(2); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST3")); - // Add one more permission and remove the permission in the middle acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true); service.updateAcl(acl); @@ -227,7 +219,6 @@ public class AclImplTests { assertThat(acl.getEntries()).hasSize(2); assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2")); assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST4")); - // Remove remaining permissions acl.deleteAce(1); acl.deleteAce(0); @@ -274,17 +265,14 @@ public class AclImplTests { auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100); - // Create an ACL which owner is not the authenticated principal MutableAcl rootAcl = new AclImpl(rootOid, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); - // Grant some permissions rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false); rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true); rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false); rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true); - // Check permissions granting List permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE); List sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST")); @@ -320,7 +308,6 @@ public class AclImplTests { ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102); ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103); ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104); - // Create ACLs PrincipalSid joe = new PrincipalSid("joe"); MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, this.authzStrategy, this.pgs, null, null, false, @@ -329,13 +316,11 @@ public class AclImplTests { MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, this.authzStrategy, this.pgs, null, null, true, joe); MutableAcl childAcl1 = new AclImpl(childOid1, 4, this.authzStrategy, this.pgs, null, null, true, joe); MutableAcl childAcl2 = new AclImpl(childOid2, 4, this.authzStrategy, this.pgs, null, null, false, joe); - // Create hierarchies childAcl2.setParent(childAcl1); childAcl1.setParent(parentAcl1); parentAcl2.setParent(grandParentAcl); parentAcl1.setParent(grandParentAcl); - // Add some permissions grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true); @@ -345,7 +330,6 @@ public class AclImplTests { parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false); parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true); childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true); - // Check granting process for parent1 assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue(); assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) @@ -353,18 +337,15 @@ public class AclImplTests { assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue(); assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse(); assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse(); - // Check granting process for parent2 assertThat(parentAcl2.isGranted(CREATE, BEN, false)).isTrue(); assertThat(parentAcl2.isGranted(WRITE, BEN, false)).isTrue(); assertThat(parentAcl2.isGranted(DELETE, BEN, false)).isFalse(); - // Check granting process for child1 assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue(); assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) .isTrue(); assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse(); - // Check granting process for child2 (doesn't inherit the permissions from its // parent) try { @@ -389,21 +370,17 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true); service.updateAcl(acl); - assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission()); - // Change each permission acl.updateAce(0, BasePermission.CREATE); acl.updateAce(1, BasePermission.DELETE); acl.updateAce(2, BasePermission.READ); - // Check the change was successfully made assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission()); @@ -418,20 +395,16 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false, new PrincipalSid("joe")); MockAclService service = new MockAclService(); - acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); service.updateAcl(acl); - assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse(); - // Change each permission ((AuditableAcl) acl).updateAuditing(0, true, true); ((AuditableAcl) acl).updateAuditing(1, true, true); - // Check the change was successfuly made assertThat(acl.getEntries()).extracting("auditSuccess").containsOnly(true, true); assertThat(acl.getEntries()).extracting("auditFailure").containsOnly(true, true); @@ -452,20 +425,16 @@ public class AclImplTests { acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); service.updateAcl(acl); - assertThat(1).isEqualTo(acl.getId()); assertThat(identity).isEqualTo(acl.getObjectIdentity()); assertThat(new PrincipalSid("joe")).isEqualTo(acl.getOwner()); assertThat(acl.getParentAcl()).isNull(); assertThat(acl.isEntriesInheriting()).isTrue(); assertThat(acl.getEntries()).hasSize(2); - acl.setParent(parentAcl); assertThat(parentAcl).isEqualTo(acl.getParentAcl()); - acl.setEntriesInheriting(false); assertThat(acl.isEntriesInheriting()).isFalse(); - acl.setOwner(new PrincipalSid("ben")); assertThat(new PrincipalSid("ben")).isEqualTo(acl.getOwner()); } @@ -475,7 +444,6 @@ public class AclImplTests { List loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED")); MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, loadedSids, true, new PrincipalSid("joe")); - assertThat(acl.isSidLoaded(loadedSids)).isTrue(); assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben")))) .isTrue(); @@ -534,7 +502,6 @@ public class AclImplTests { AclImpl parentAcl = new AclImpl(this.objectIdentity, 1L, this.authzStrategy, this.mockAuditLogger); AclImpl childAcl = new AclImpl(this.objectIdentity, 2L, this.authzStrategy, this.mockAuditLogger); AclImpl changeParentAcl = new AclImpl(this.objectIdentity, 3L, this.authzStrategy, this.mockAuditLogger); - childAcl.setParent(parentAcl); childAcl.setParent(changeParentAcl); } @@ -562,10 +529,8 @@ public class AclImplTests { ObjectIdentity oid = new ObjectIdentityImpl("type", 1); AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role")); PermissionGrantingStrategy grantingStrategy = new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()); - AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid); AccessControlEntryImpl ace = new AccessControlEntryImpl(1L, acl, sid, BasePermission.READ, true, true, true); - Field fieldAces = FieldUtils.getField(AclImpl.class, "aces"); fieldAces.setAccessible(true); List aces = (List) fieldAces.get(acl); @@ -617,7 +582,6 @@ public class AclImplTests { try { newAces = (List) acesField.get(acl); newAces.clear(); - for (int i = 0; i < oldAces.size(); i++) { AccessControlEntry ac = oldAces.get(i); // Just give an ID to all this acl's aces, rest of the fields are just @@ -630,7 +594,6 @@ public class AclImplTests { catch (IllegalAccessException ex) { ex.printStackTrace(); } - return acl; } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java index b563914901..9a121f71ab 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java @@ -58,18 +58,14 @@ public class AclImplementationSecurityCheckTests { "ROLE_OWNERSHIP"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); - aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL); aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING); aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - // Create another authorization strategy AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), @@ -102,21 +98,17 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); // Authorization strategy will require a different role for each access AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - // Let's give the principal the ADMINISTRATION permission, without // granting access MutableAcl aclFirstDeny = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); - // The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL); - // The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the // principal doesn't have these authorities, // nor granting access @@ -132,7 +124,6 @@ public class AclImplementationSecurityCheckTests { } catch (AccessDeniedException expected) { } - // Add granting access to this principal aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); // and try again for CHANGE_AUDITING - the first ACE's granting flag @@ -143,27 +134,21 @@ public class AclImplementationSecurityCheckTests { } catch (AccessDeniedException expected) { } - // Create another ACL and give the principal the ADMINISTRATION // permission, with granting access MutableAcl aclFirstAllow = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); - // The CHANGE_AUDITING test should pass as there is one ACE with // granting access - aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING); - // Add a deny ACE and test again for CHANGE_AUDITING aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); try { aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING); - } catch (AccessDeniedException notExpected) { fail("It shouldn't have thrown AccessDeniedException"); } - // Create an ACL with no ACE MutableAcl aclNoACE = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); try { @@ -171,12 +156,10 @@ public class AclImplementationSecurityCheckTests { fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } // and still grant access for CHANGE_GENERAL try { aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); @@ -189,19 +172,16 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100); // Authorization strategy will require a different role for each access AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), new SimpleGrantedAuthority("ROLE_GENERAL")); - // Let's give the principal an ADMINISTRATION permission, with granting // access MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, new ConsoleAuditLogger()); - // Check against the 'child' acl, which doesn't offer any authorization // rights on CHANGE_OWNERSHIP try { @@ -209,21 +189,17 @@ public class AclImplementationSecurityCheckTests { fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Link the child with its parent and test again against the // CHANGE_OWNERSHIP right childAcl.setParent(parentAcl); childAcl.setEntriesInheriting(true); try { aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); } - // Create a root parent and link it to the middle parent MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); @@ -233,7 +209,6 @@ public class AclImplementationSecurityCheckTests { childAcl.setParent(parentAcl); try { aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP); - } catch (NotFoundException expected) { fail("It shouldn't have thrown NotFoundException"); @@ -245,12 +220,10 @@ public class AclImplementationSecurityCheckTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_ONE"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false, new PrincipalSid(auth)); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java index 6542c73b59..e2abb35c01 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java @@ -76,7 +76,6 @@ public class AuditLoggerTests { @Test public void successIsLoggedIfAceRequiresSuccessAudit() { given(this.ace.isAuditSuccess()).willReturn(true); - this.logger.logIfNeeded(true, this.ace); assertThat(this.bytes.toString()).startsWith("GRANTED due to ACE"); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java index f4def65adc..309dc8776f 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java @@ -42,7 +42,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // Check String-Serializable constructor required field try { new ObjectIdentityImpl("", 1L); @@ -50,7 +49,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // Check Serializable parameter is not null try { new ObjectIdentityImpl(DOMAIN_CLASS, null); @@ -58,7 +56,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // The correct way of using String-Serializable constructor try { new ObjectIdentityImpl(DOMAIN_CLASS, 1L); @@ -66,7 +63,6 @@ public class ObjectIdentityImplTests { catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); } - // Check the Class-Serializable constructor try { new ObjectIdentityImpl(MockIdDomainObject.class, null); @@ -91,9 +87,7 @@ public class ObjectIdentityImplTests { fail("It should have thrown IdentityUnavailableException"); } catch (IdentityUnavailableException expected) { - } - // getId() should return a non-null value MockIdDomainObject mockId = new MockIdDomainObject(); try { @@ -101,9 +95,7 @@ public class ObjectIdentityImplTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - // getId() should return a Serializable object mockId.setId(new MockIdDomainObject()); try { @@ -112,7 +104,6 @@ public class ObjectIdentityImplTests { } catch (IllegalArgumentException expected) { } - // getId() should return a Serializable object mockId.setId(100L); try { @@ -132,7 +123,6 @@ public class ObjectIdentityImplTests { ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, 1L); MockIdDomainObject mockObj = new MockIdDomainObject(); mockObj.setId(1L); - String string = "SOME_STRING"; assertThat(string).isNotSameAs(obj); assertThat(obj).isNotNull(); @@ -155,7 +145,6 @@ public class ObjectIdentityImplTests { public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() { ObjectIdentity obj = new ObjectIdentityImpl(Object.class, 5L); ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, 5); - assertThat(obj2).isEqualTo(obj); assertThat(obj2.hashCode()).isEqualTo(obj.hashCode()); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java index ec2c572b95..b6787f893c 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java @@ -34,10 +34,8 @@ public class ObjectIdentityRetrievalStrategyImplTests { public void testObjectIdentityCreation() { MockIdDomainObject domain = new MockIdDomainObject(); domain.setId(1); - ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl(); ObjectIdentity identity = retStrategy.getObjectIdentity(domain); - assertThat(identity).isNotNull(); assertThat(new ObjectIdentityImpl(domain)).isEqualTo(identity); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java index 1d10aeb66c..5aef8e4c74 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java @@ -62,26 +62,19 @@ public class PermissionTests { @Test public void stringConversion() { this.permissionFactory.registerPublicPermissions(SpecialPermission.class); - assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]"); - assertThat(BasePermission.ADMINISTRATION.toString()) .isEqualTo("BasePermission[...........................A....=16]"); - assertThat(new CumulativePermission().set(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[...............................R=1]"); - assertThat( new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString()) .isEqualTo("CumulativePermission[..........................EA....=48]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[...........................A...R=17]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) .clear(BasePermission.ADMINISTRATION).toString()) .isEqualTo("CumulativePermission[...............................R=1]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) .clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString()) .isEqualTo("CumulativePermission[................................=0]"); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java index 097be23708..6000bab596 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java @@ -147,7 +147,6 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); // Deliberately use an integer for the child, to reproduce bug report in SEC-819 ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102); - Map map = this.strategy .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); checkEntries(topParentOid, middleParentOid, childOid, map); @@ -158,15 +157,12 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); - // Objects were put in cache this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); - // Let's empty the database to force acls retrieval from cache emptyDatabase(); Map map = this.strategy .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); - checkEntries(topParentOid, middleParentOid, childOid, map); } @@ -175,7 +171,6 @@ public abstract class AbstractBasicLookupStrategyTests { ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); - // Set a batch size to allow multiple database queries in order to retrieve all // acls this.strategy.setBatchSize(1); @@ -187,31 +182,25 @@ public abstract class AbstractBasicLookupStrategyTests { private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid, Map map) { assertThat(map).hasSize(3); - MutableAcl topParent = (MutableAcl) map.get(topParentOid); MutableAcl middleParent = (MutableAcl) map.get(middleParentOid); MutableAcl child = (MutableAcl) map.get(childOid); - // Check the retrieved versions has IDs assertThat(topParent.getId()).isNotNull(); assertThat(middleParent.getId()).isNotNull(); assertThat(child.getId()).isNotNull(); - // Check their parents were correctly retrieved assertThat(topParent.getParentAcl()).isNull(); assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(topParentOid); assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid); - // Check their ACEs were correctly retrieved assertThat(topParent.getEntries()).hasSize(2); assertThat(middleParent.getEntries()).hasSize(1); assertThat(child.getEntries()).hasSize(1); - // Check object identities were correctly retrieved assertThat(topParent.getObjectIdentity()).isEqualTo(topParentOid); assertThat(middleParent.getObjectIdentity()).isEqualTo(middleParentOid); assertThat(child.getObjectIdentity()).isEqualTo(childOid); - // Check each entry assertThat(topParent.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(1)).isEqualTo(topParent.getId()); @@ -222,14 +211,12 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat((topParent.getEntries().get(0)).isGranting()).isTrue(); - assertThat(Long.valueOf(2)).isEqualTo(topParent.getEntries().get(1).getId()); assertThat(topParent.getEntries().get(1).getPermission()).isEqualTo(BasePermission.WRITE); assertThat(topParent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("ben")); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess()).isFalse(); assertThat(topParent.getEntries().get(1).isGranting()).isFalse(); - assertThat(middleParent.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(2)).isEqualTo(middleParent.getId()); assertThat(new PrincipalSid("ben")).isEqualTo(middleParent.getOwner()); @@ -239,7 +226,6 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat(middleParent.getEntries().get(0).isGranting()).isTrue(); - assertThat(child.isEntriesInheriting()).isTrue(); assertThat(Long.valueOf(3)).isEqualTo(child.getId()); assertThat(new PrincipalSid("ben")).isEqualTo(child.getOwner()); @@ -255,15 +241,12 @@ public abstract class AbstractBasicLookupStrategyTests { public void testAllParentsAreRetrievedWhenChildIsLoaded() { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);"; getJdbcTemplate().execute(query); - ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L); ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 103L); - // Retrieve the child Map map = this.strategy.readAclsById(Arrays.asList(childOid), null); - // Check that the child and all its parents were retrieved assertThat(map.get(childOid)).isNotNull(); assertThat(map.get(childOid).getObjectIdentity()).isEqualTo(childOid); @@ -271,7 +254,6 @@ public abstract class AbstractBasicLookupStrategyTests { assertThat(map.get(middleParentOid).getObjectIdentity()).isEqualTo(middleParentOid); assertThat(map.get(topParentOid)).isNotNull(); assertThat(map.get(topParentOid).getObjectIdentity()).isEqualTo(topParentOid); - // The second parent shouldn't have been retrieved assertThat(map.get(middleParent2Oid)).isNull(); } @@ -287,26 +269,21 @@ public abstract class AbstractBasicLookupStrategyTests { + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (9,2,108,7,1,1);" + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)"; getJdbcTemplate().execute(query); - ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L); ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, 105L); ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 106); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 107); - // First lookup only child, thus populating the cache with grandParent, // parent1 // and child List checkPermission = Arrays.asList(BasePermission.READ); List sids = Arrays.asList(BEN_SID); List childOids = Arrays.asList(childOid); - this.strategy.setBatchSize(6); Map foundAcls = this.strategy.readAclsById(childOids, sids); - Acl foundChildAcl = foundAcls.get(childOid); assertThat(foundChildAcl).isNotNull(); assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue(); - // Search for object identities has to be done in the following order: // last // element have to be one which @@ -315,12 +292,10 @@ public abstract class AbstractBasicLookupStrategyTests { List allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid); try { foundAcls = this.strategy.readAclsById(allOids, sids); - } catch (NotFoundException notExpected) { fail("It shouldn't have thrown NotFoundException"); } - Acl foundParent2Acl = foundAcls.get(parent2Oid); assertThat(foundParent2Acl).isNotNull(); assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue(); @@ -329,18 +304,14 @@ public abstract class AbstractBasicLookupStrategyTests { @Test(expected = IllegalArgumentException.class) public void nullOwnerIsNotSupported() { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,104,null,null,1);"; - getJdbcTemplate().execute(query); - ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L); - this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)); } @Test public void testCreatePrincipalSid() { Sid result = this.strategy.createSid(true, "sid"); - assertThat(result.getClass()).isEqualTo(PrincipalSid.class); assertThat(((PrincipalSid) result).getPrincipal()).isEqualTo("sid"); } @@ -348,7 +319,6 @@ public abstract class AbstractBasicLookupStrategyTests { @Test public void testCreateGrantedAuthority() { Sid result = this.strategy.createSid(false, "sid"); - assertThat(result.getClass()).isEqualTo(GrantedAuthoritySid.class); assertThat(((GrantedAuthoritySid) result).getGrantedAuthority()).isEqualTo("sid"); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java index 16206dea2b..32a2547351 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java @@ -58,12 +58,10 @@ public class BasicLookupStrategyTestsDbHelper { else { connectionUrl = "jdbc:hsqldb:mem:lookupstrategytestWithAclClassIdType"; sqlClassPathResource = ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID; - } this.dataSource = new SingleConnectionDataSource(connectionUrl, "sa", "", true); this.dataSource.setDriverClassName("org.hsqldb.jdbcDriver"); this.jdbcTemplate = new JdbcTemplate(this.dataSource); - Resource resource = new ClassPathResource(sqlClassPathResource); String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream())); this.jdbcTemplate.execute(sql); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java index 9d2d6c2e5d..eca0b5d635 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java @@ -35,7 +35,6 @@ public class DatabaseSeeder { public DatabaseSeeder(DataSource dataSource, Resource resource) throws IOException { Assert.notNull(dataSource, "dataSource required"); Assert.notNull(resource, "resource required"); - JdbcTemplate template = new JdbcTemplate(dataSource); String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream())); template.execute(sql); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java index 04f496a43b..d293b50084 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java @@ -82,12 +82,10 @@ public class EhCacheBasedAclCacheTests { this.myCache = new EhCacheBasedAclCache(this.cache, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER"))); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); - this.acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger()); } @@ -111,7 +109,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { ObjectIdentity obj = null; this.myCache.evictFromCache(obj); @@ -119,7 +116,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { Serializable id = null; this.myCache.getFromCache(id); @@ -127,7 +123,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { ObjectIdentity obj = null; this.myCache.getFromCache(obj); @@ -135,7 +130,6 @@ public class EhCacheBasedAclCacheTests { } catch (IllegalArgumentException expected) { } - try { MutableAcl acl = null; this.myCache.putInCache(acl); @@ -154,17 +148,13 @@ public class EhCacheBasedAclCacheTests { ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(this.acl); oos.close(); - FileInputStream fis = new FileInputStream(file); ObjectInputStream ois = new ObjectInputStream(fis); MutableAcl retrieved = (MutableAcl) ois.readObject(); ois.close(); - assertThat(retrieved).isEqualTo(this.acl); - Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved); assertThat(retrieved1).isNull(); - Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved); assertThat(retrieved2).isNull(); } @@ -172,14 +162,12 @@ public class EhCacheBasedAclCacheTests { @Test public void clearCache() { this.myCache.clearCache(); - verify(this.cache).removeAll(); } @Test public void putInCache() { this.myCache.putInCache(this.acl); - verify(this.cache, times(2)).put(this.element.capture()); assertThat(this.element.getValue().getKey()).isEqualTo(this.acl.getId()); assertThat(this.element.getValue().getObjectValue()).isEqualTo(this.acl); @@ -192,29 +180,21 @@ public class EhCacheBasedAclCacheTests { Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger()); this.acl.setParent(parentAcl); - this.myCache.putInCache(this.acl); - verify(this.cache, times(4)).put(this.element.capture()); - List allValues = this.element.getAllValues(); - assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity()); assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl); - assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId()); assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl); - assertThat(allValues.get(2).getKey()).isEqualTo(this.acl.getObjectIdentity()); assertThat(allValues.get(2).getObjectValue()).isEqualTo(this.acl); - assertThat(allValues.get(3).getKey()).isEqualTo(this.acl.getId()); assertThat(allValues.get(3).getObjectValue()).isEqualTo(this.acl); } @@ -222,21 +202,16 @@ public class EhCacheBasedAclCacheTests { @Test public void getFromCacheSerializable() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl); } @Test public void getFromCacheSerializablePopulatesTransient() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.putInCache(this.acl); - ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null); ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null); - MutableAcl fromCache = this.myCache.getFromCache(this.acl.getId()); - assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull(); assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull(); } @@ -244,21 +219,16 @@ public class EhCacheBasedAclCacheTests { @Test public void getFromCacheObjectIdentity() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl); } @Test public void getFromCacheObjectIdentityPopulatesTransient() { given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.putInCache(this.acl); - ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null); ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null); - MutableAcl fromCache = this.myCache.getFromCache(this.acl.getObjectIdentity()); - assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull(); assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull(); } @@ -266,9 +236,7 @@ public class EhCacheBasedAclCacheTests { @Test public void evictCacheSerializable() { given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.evictFromCache(this.acl.getObjectIdentity()); - verify(this.cache).remove(this.acl.getId()); verify(this.cache).remove(this.acl.getObjectIdentity()); } @@ -276,9 +244,7 @@ public class EhCacheBasedAclCacheTests { @Test public void evictCacheObjectIdentity() { given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl)); - this.myCache.evictFromCache(this.acl.getId()); - verify(this.cache).remove(this.acl.getId()); verify(this.cache).remove(this.acl.getObjectIdentity()); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java index 3e5e09c2f7..a4ff652ef1 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java @@ -97,7 +97,6 @@ public class JdbcAclServiceTests { given(this.lookupStrategy.readAclsById(anyList(), anyList())).willReturn(result); ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1); List sids = Arrays.asList(new PrincipalSid("user")); - this.aclService.readAclById(objectIdentity, sids); } @@ -108,7 +107,6 @@ public class JdbcAclServiceTests { Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" }; given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result); ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L); - List objectIdentities = this.aclService.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("5577"); @@ -117,7 +115,6 @@ public class JdbcAclServiceTests { @Test public void findNoChildren() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L); - List objectIdentities = this.aclService.findChildren(objectIdentity); assertThat(objectIdentities).isNull(); } @@ -125,7 +122,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenWithoutIdType() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); assertThat(objectIdentities.get(0).getType()).isEqualTo(MockUntypedIdDomainObject.class.getName()); @@ -135,7 +131,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenForUnknownObject() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 33); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities).isNull(); } @@ -143,7 +138,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeLong() { ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US-PAL"); - List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(2); assertThat(objectIdentities.get(0).getType()).isEqualTo(MockLongIdDomainObject.class.getName()); @@ -155,7 +149,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeString() { ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US"); - this.aclServiceIntegration.setAclClassIdSupported(true); List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); @@ -166,7 +159,6 @@ public class JdbcAclServiceTests { @Test public void findChildrenOfIdTypeUUID() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockUntypedIdDomainObject.class, 5000L); - this.aclServiceIntegration.setAclClassIdSupported(true); List objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity); assertThat(objectIdentities.size()).isEqualTo(1); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java index 9d70049f1a..fe44732540 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java @@ -142,123 +142,97 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin @Transactional public void testLifecycle() { SecurityContextHolder.getContext().setAuthentication(this.auth); - MutableAcl topParent = this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); - // Specify the inheritance hierarchy middleParent.setParent(topParent); child.setParent(middleParent); - // Now let's add a couple of permissions topParent.insertAce(0, BasePermission.READ, new PrincipalSid(this.auth), true); topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(this.auth), false); middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), true); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false); - // Explicitly save the changed ACL this.jdbcMutableAclService.updateAcl(topParent); this.jdbcMutableAclService.updateAcl(middleParent); this.jdbcMutableAclService.updateAcl(child); - // Let's check if we can read them back correctly Map map = this.jdbcMutableAclService .readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid())); assertThat(map).hasSize(3); - // Replace our current objects with their retrieved versions topParent = (MutableAcl) map.get(getTopParentOid()); middleParent = (MutableAcl) map.get(getMiddleParentOid()); child = (MutableAcl) map.get(getChildOid()); - // Check the retrieved versions has IDs assertThat(topParent.getId()).isNotNull(); assertThat(middleParent.getId()).isNotNull(); assertThat(child.getId()).isNotNull(); - // Check their parents were correctly persisted assertThat(topParent.getParentAcl()).isNull(); assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(getTopParentOid()); assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid()); - // Check their ACEs were correctly persisted assertThat(topParent.getEntries()).hasSize(2); assertThat(middleParent.getEntries()).hasSize(1); assertThat(child.getEntries()).hasSize(1); - // Check the retrieved rights are correct List read = Arrays.asList(BasePermission.READ); List write = Arrays.asList(BasePermission.WRITE); List delete = Arrays.asList(BasePermission.DELETE); List pSid = Arrays.asList((Sid) new PrincipalSid(this.auth)); - assertThat(topParent.isGranted(read, pSid, false)).isTrue(); assertThat(topParent.isGranted(write, pSid, false)).isFalse(); assertThat(middleParent.isGranted(delete, pSid, false)).isTrue(); assertThat(child.isGranted(delete, pSid, false)).isFalse(); - try { child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Now check the inherited rights (when not explicitly overridden) also look OK assertThat(child.isGranted(read, pSid, false)).isTrue(); assertThat(child.isGranted(write, pSid, false)).isFalse(); assertThat(child.isGranted(delete, pSid, false)).isFalse(); - // Next change the child so it doesn't inherit permissions from above child.setEntriesInheriting(false); this.jdbcMutableAclService.updateAcl(child); child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid()); assertThat(child.isEntriesInheriting()).isFalse(); - // Check the child permissions no longer inherit assertThat(child.isGranted(delete, pSid, true)).isFalse(); - try { child.isGranted(read, pSid, true); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - try { child.isGranted(write, pSid, true); fail("Should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - // Let's add an identical permission to the child, but it'll appear AFTER the // current permission, so has no impact child.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true); - // Let's also add another permission to the child child.insertAce(2, BasePermission.CREATE, new PrincipalSid(this.auth), true); - // Save the changed child this.jdbcMutableAclService.updateAcl(child); child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid()); assertThat(child.getEntries()).hasSize(3); - // Output permissions for (int i = 0; i < child.getEntries().size(); i++) { System.out.println(child.getEntries().get(i)); } - // Check the permissions are as they should be assertThat(child.isGranted(delete, pSid, true)).isFalse(); // as earlier // permission // overrode assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue(); - // Now check the first ACE (index 0) really is DELETE for our Sid and is // non-granting AccessControlEntry entry = child.getEntries().get(0); @@ -266,15 +240,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin assertThat(entry.getSid()).isEqualTo(new PrincipalSid(this.auth)); assertThat(entry.isGranting()).isFalse(); assertThat(entry.getId()).isNotNull(); - // Now delete that first ACE child.deleteAce(0); - // Save and check it worked child = this.jdbcMutableAclService.updateAcl(child); assertThat(child.getEntries()).hasSize(2); assertThat(child.isGranted(delete, pSid, false)).isTrue(); - SecurityContextHolder.clearContext(); } @@ -285,7 +256,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin @Transactional public void deleteAclAlsoDeletesChildren() { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); @@ -294,27 +264,21 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin this.jdbcMutableAclService.updateAcl(child); // Check the childOid really is a child of middleParentOid Acl childAcl = this.jdbcMutableAclService.readAclById(getChildOid()); - assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid()); - // Delete the mid-parent and test if the child was deleted, as well this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true); - try { this.jdbcMutableAclService.readAclById(getMiddleParentOid()); fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } try { this.jdbcMutableAclService.readAclById(getChildOid()); fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { - } - Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid()); assertThat(acl).isNotNull(); assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity()); @@ -328,14 +292,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin } catch (IllegalArgumentException expected) { } - try { new JdbcMutableAclService(this.dataSource, null, this.aclCache); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null); fail("It should have thrown IllegalArgumentException"); @@ -386,11 +348,9 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin SecurityContextHolder.getContext().setAuthentication(this.auth); MutableAcl parent = this.jdbcMutableAclService.createAcl(getTopParentOid()); MutableAcl child = this.jdbcMutableAclService.createAcl(getMiddleParentOid()); - // Specify the inheritance hierarchy child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - try { this.jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK // checking in the @@ -413,13 +373,11 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid()); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false); this.jdbcMutableAclService.updateAcl(child); - // Remove the child and check all related database rows were removed accordingly this.jdbcMutableAclService.deleteAcl(getChildOid(), false); assertThat(this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1); assertThat(this.jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty(); assertThat(this.jdbcTemplate.queryForList("select * from acl_entry")).isEmpty(); - // Check the cache assertThat(this.aclCache.getFromCache(getChildOid())).isNull(); assertThat(this.aclCache.getFromCache(102L)).isNull(); @@ -432,7 +390,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin SecurityContextHolder.getContext().setAuthentication(this.auth); ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101); this.jdbcMutableAclService.createAcl(oid); - assertThat(this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull(); } @@ -445,27 +402,20 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L); - MutableAcl parent = this.jdbcMutableAclService.createAcl(parentOid); MutableAcl child = this.jdbcMutableAclService.createAcl(childOid); - child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid); parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true); this.jdbcMutableAclService.updateAcl(parent); - parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid); parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true); this.jdbcMutableAclService.updateAcl(parent); - child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid); parent = (MutableAcl) child.getParentAcl(); - assertThat(parent.getEntries()).hasSize(2) .withFailMessage("Fails because child has a stale reference to its parent"); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1); @@ -483,22 +433,16 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED"); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, 1L); - MutableAcl parent = this.jdbcMutableAclService.createAcl(rootObject); MutableAcl child = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L)); child.setParent(parent); this.jdbcMutableAclService.updateAcl(child); - parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true); this.jdbcMutableAclService.updateAcl(parent); - parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true); this.jdbcMutableAclService.updateAcl(parent); - child = (MutableAcl) this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L)); - parent = (MutableAcl) child.getParentAcl(); - assertThat(parent.getEntries()).hasSize(2); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16); assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR")); @@ -512,24 +456,19 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 110L); MutableAcl topParent = this.jdbcMutableAclService.createAcl(topParentOid); - // Add an ACE permission entry Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION); assertThat(cm.getMask()).isEqualTo(17); Sid benSid = new PrincipalSid(auth); topParent.insertAce(0, cm, benSid, true); assertThat(topParent.getEntries()).hasSize(1); - // Explicitly save the changed ACL topParent = this.jdbcMutableAclService.updateAcl(topParent); - // Check the mask was retrieved correctly assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17); assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue(); - SecurityContextHolder.clearContext(); } @@ -539,9 +478,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin new CustomJdbcMutableAclService(this.dataSource, this.lookupStrategy, this.aclCache)); CustomSid customSid = new CustomSid("Custom sid"); given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L); - Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false); - assertThat(new Long(1L)).isEqualTo(result); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java index f912ad7514..ab69977a56 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java @@ -75,11 +75,9 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ @Transactional public void identityWithUuidIdIsSupportedByCreateAcl() { SecurityContextHolder.getContext().setAuthentication(getAuth()); - UUID id = UUID.randomUUID(); ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id); getJdbcMutableAclService().createAcl(oid); - assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id))) .isNotNull(); } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java index 3d2a9c7928..9a3bd62400 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java @@ -89,37 +89,28 @@ public class SpringCacheBasedAclCacheTests { new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); AuditLogger auditLogger = new ConsoleAuditLogger(); - PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger); SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy); MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger); - assertThat(realCache).isEmpty(); myCache.putInCache(acl); - // Check we can get from cache the same objects we put in assertThat(acl).isEqualTo(myCache.getFromCache(1L)); assertThat(acl).isEqualTo(myCache.getFromCache(identity)); - // Put another object in cache ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, 101L); MutableAcl acl2 = new AclImpl(identity2, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger()); - myCache.putInCache(acl2); - // Try to evict an entry that doesn't exist myCache.evictFromCache(3L); myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, 102L)); assertThat(realCache).hasSize(4); - myCache.evictFromCache(1L); assertThat(realCache).hasSize(2); - // Check the second object inserted assertThat(acl2).isEqualTo(myCache.getFromCache(2L)); assertThat(acl2).isEqualTo(myCache.getFromCache(identity2)); - myCache.evictFromCache(identity2); assertThat(realCache).isEmpty(); } @@ -129,31 +120,24 @@ public class SpringCacheBasedAclCacheTests { public void cacheOperationsAclWithParent() throws Exception { Cache cache = getCache(); Map realCache = (Map) cache.getNativeCache(); - Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); - ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L); ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); AuditLogger auditLogger = new ConsoleAuditLogger(); - PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger); SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy); - MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger); MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger); - acl.setParent(parentAcl); - assertThat(realCache).isEmpty(); myCache.putInCache(acl); assertThat(4).isEqualTo(realCache.size()); - // Check we can get from cache the same objects we put in AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L); assertThat(aclFromCache).isEqualTo(acl); diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java index 0d5d0617a6..5922f8f670 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java @@ -50,16 +50,13 @@ public class SidRetrievalStrategyTests { public void correctSidsAreRetrieved() { SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl(); List sids = retrStrategy.getSids(this.authentication); - assertThat(sids).isNotNull(); assertThat(sids).hasSize(4); assertThat(sids.get(0)).isNotNull(); assertThat(sids.get(0) instanceof PrincipalSid).isTrue(); - for (int i = 1; i < sids.size(); i++) { assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue(); } - assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott"); assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A"); assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B"); @@ -72,7 +69,6 @@ public class SidRetrievalStrategyTests { List rhAuthorities = AuthorityUtils.createAuthorityList("D"); given(rh.getReachableGrantedAuthorities(anyCollection())).willReturn(rhAuthorities); SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh); - List sids = strat.getSids(this.authentication); assertThat(sids).hasSize(2); assertThat(sids.get(0)).isNotNull(); diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java index c9ae5a238b..3b566e8c92 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java @@ -46,17 +46,14 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - try { new PrincipalSid(""); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - new PrincipalSid("johndoe"); // throws no exception - // Check one Authentication-argument constructor try { Authentication authentication = null; @@ -65,7 +62,6 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - try { Authentication authentication = new TestingAuthenticationToken(null, "password"); new PrincipalSid(authentication); @@ -73,7 +69,6 @@ public class SidTests { } catch (IllegalArgumentException expected) { } - Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); new PrincipalSid(authentication); // throws no exception @@ -88,25 +83,19 @@ public class SidTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new GrantedAuthoritySid(""); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new GrantedAuthoritySid("ROLE_TEST"); - } catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); } - // Check one GrantedAuthority-argument constructor try { GrantedAuthority ga = null; @@ -114,22 +103,17 @@ public class SidTests { fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { GrantedAuthority ga = new SimpleGrantedAuthority(null); new GrantedAuthoritySid(ga); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); new GrantedAuthoritySid(ga); - } catch (IllegalArgumentException notExpected) { fail("It shouldn't have thrown IllegalArgumentException"); @@ -140,7 +124,6 @@ public class SidTests { public void testPrincipalSidEquals() { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); - assertThat(principalSid.equals(null)).isFalse(); assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(principalSid.equals(principalSid)).isTrue(); @@ -155,7 +138,6 @@ public class SidTests { public void testGrantedAuthoritySidEquals() { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); Sid gaSid = new GrantedAuthoritySid(ga); - assertThat(gaSid.equals(null)).isFalse(); assertThat(gaSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(gaSid.equals(gaSid)).isTrue(); @@ -170,7 +152,6 @@ public class SidTests { public void testPrincipalSidHashCode() { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); - assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode()); assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode()); assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode()); @@ -182,7 +163,6 @@ public class SidTests { public void testGrantedAuthoritySidHashCode() { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); Sid gaSid = new GrantedAuthoritySid(ga); - assertThat(gaSid.hashCode()).isEqualTo("ROLE_TEST".hashCode()); assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode()); assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode()); @@ -196,10 +176,8 @@ public class SidTests { PrincipalSid principalSid = new PrincipalSid(authentication); GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga); - assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue(); assertThat("scott".equals(principalSid.getPrincipal())).isFalse(); - assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue(); assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse(); } @@ -209,7 +187,6 @@ public class SidTests { User user = new User("user", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_TEST"))); Authentication authentication = new TestingAuthenticationToken(user, "password"); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("user").isEqualTo(principalSid.getPrincipal()); } @@ -217,7 +194,6 @@ public class SidTests { public void getPrincipalWhenPrincipalNotInstanceOfUserDetailsThenReturnsPrincipalName() { Authentication authentication = new TestingAuthenticationToken("token", "password"); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("token").isEqualTo(principalSid.getPrincipal()); } @@ -225,7 +201,6 @@ public class SidTests { public void getPrincipalWhenCustomAuthenticationPrincipalThenReturnsPrincipalName() { Authentication authentication = new CustomAuthenticationToken(new CustomToken("token"), null); PrincipalSid principalSid = new PrincipalSid(authentication); - assertThat("token").isEqualTo(principalSid.getPrincipal()); } diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java index f7d81ac042..9c0923a18a 100644 --- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java @@ -111,7 +111,6 @@ public class AnnotationSecurityAspectTests { @Test(expected = AccessDeniedException.class) public void internalPrivateCallIsIntercepted() { SecurityContextHolder.getContext().setAuthentication(this.anne); - try { this.secured.publicCallsPrivate(); fail("Expected AccessDeniedException"); @@ -124,7 +123,6 @@ public class AnnotationSecurityAspectTests { @Test(expected = AccessDeniedException.class) public void protectedMethodIsIntercepted() { SecurityContextHolder.getContext().setAuthentication(this.anne); - this.secured.protectedMethod(); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java index d9248e6eec..7f1233b7d5 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java @@ -35,11 +35,9 @@ public abstract class AbstractStatelessTicketCacheTests { protected CasAuthenticationToken getToken() { List proxyList = new ArrayList<>(); proxyList.add("https://localhost/newPortal/login/cas"); - User user = new User("rod", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); final Assertion assertion = new AssertionImpl("rod"); - return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java index 1d680d1683..d5bef694f1 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java @@ -71,7 +71,6 @@ public class CasAuthenticationProviderTests { final ServiceProperties serviceProperties = new ServiceProperties(); serviceProperties.setSendRenew(false); serviceProperties.setService("http://test.com"); - return serviceProperties; } @@ -80,27 +79,20 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setServiceProperties(makeServiceProperties()); - cap.setTicketValidator(new MockTicketValidator(true)); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "ST-123"); token.setDetails("details"); - Authentication result = cap.authenticate(token); - // Confirm ST-123 was NOT added to the cache assertThat(cache.getByTicketId("ST-456") == null).isTrue(); - if (!(result instanceof CasAuthenticationToken)) { fail("Should have returned a CasAuthenticationToken"); } - CasAuthenticationToken casResult = (CasAuthenticationToken) result; assertThat(casResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); assertThat(casResult.getCredentials()).isEqualTo("ST-123"); @@ -108,11 +100,9 @@ public class CasAuthenticationProviderTests { assertThat(casResult.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_B")); assertThat(casResult.getKeyHash()).isEqualTo(cap.getKey().hashCode()); assertThat(casResult.getDetails()).isEqualTo("details"); - // Now confirm the CasAuthenticationToken is automatically re-accepted. // To ensure TicketValidator not called again, set it to deliver an exception... cap.setTicketValidator(new MockTicketValidator(false)); - Authentication laterResult = cap.authenticate(result); assertThat(laterResult).isEqualTo(result); } @@ -122,34 +112,26 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, "ST-456"); token.setDetails("details"); - Authentication result = cap.authenticate(token); - // Confirm ST-456 was added to the cache assertThat(cache.getByTicketId("ST-456") != null).isTrue(); - if (!(result instanceof CasAuthenticationToken)) { fail("Should have returned a CasAuthenticationToken"); } - assertThat(result.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); assertThat(result.getCredentials()).isEqualTo("ST-456"); assertThat(result.getDetails()).isEqualTo("details"); - // Now try to authenticate again. To ensure TicketValidator not // called again, set it to deliver an exception... cap.setTicketValidator(new MockTicketValidator(false)); - // Previously created UsernamePasswordAuthenticationToken is OK Authentication newResult = cap.authenticate(token); assertThat(newResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator()); @@ -163,22 +145,17 @@ public class CasAuthenticationProviderTests { given(details.getServiceUrl()).willReturn(serviceUrl); TicketValidator validator = mock(TicketValidator.class); given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod")); - ServiceProperties serviceProperties = makeServiceProperties(); serviceProperties.setAuthenticateAllArtifacts(true); - CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - cap.setTicketValidator(validator); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); - String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); - Authentication result = cap.authenticate(token); } @@ -189,40 +166,31 @@ public class CasAuthenticationProviderTests { given(details.getServiceUrl()).willReturn(serviceUrl); TicketValidator validator = mock(TicketValidator.class); given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod")); - ServiceProperties serviceProperties = makeServiceProperties(); serviceProperties.setAuthenticateAllArtifacts(true); - CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - cap.setTicketValidator(validator); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); - String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); - Authentication result = cap.authenticate(token); verify(validator).validate(ticket, serviceProperties.getService()); - serviceProperties.setAuthenticateAllArtifacts(true); result = cap.authenticate(token); verify(validator, times(2)).validate(ticket, serviceProperties.getService()); - token.setDetails(details); result = cap.authenticate(token); verify(validator).validate(ticket, serviceUrl); - serviceProperties.setAuthenticateAllArtifacts(false); serviceProperties.setService(null); cap.setServiceProperties(serviceProperties); cap.afterPropertiesSet(); result = cap.authenticate(token); verify(validator, times(2)).validate(ticket, serviceUrl); - token.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); try { cap.authenticate(token); @@ -230,7 +198,6 @@ public class CasAuthenticationProviderTests { } catch (IllegalStateException success) { } - cap.setServiceProperties(null); cap.afterPropertiesSet(); try { @@ -246,16 +213,13 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, ""); - cap.authenticate(token); } @@ -265,16 +229,13 @@ public class CasAuthenticationProviderTests { CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); - StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", makeUserDetails(), "credentials", AuthorityUtils.createAuthorityList("XX"), makeUserDetails(), assertion); - cap.authenticate(token); } @@ -329,7 +290,6 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - // TODO disabled because why do we need to expose this? // assertThat(cap.getUserDetailsService() != null).isTrue(); assertThat(cap.getKey()).isEqualTo("qwerty"); @@ -346,10 +306,8 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(cap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(cap.authenticate(token)).isNull(); } @@ -363,7 +321,6 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("some_normal_user", "password", AuthorityUtils.createAuthorityList("ROLE_A")); assertThat(cap.authenticate(token)).isNull(); diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java index 2de2cc4ea6..21278296c5 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java @@ -59,35 +59,30 @@ public class CasAuthenticationTokenTests { } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", null, "Password", this.ROLES, makeUserDetails(), assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), null, this.ROLES, makeUserDetails(), assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, null, assertion); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(), assertion); @@ -106,13 +101,10 @@ public class CasAuthenticationTokenTests { @Test public void testEqualsWhenEqual() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(token2).isEqualTo(token1); } @@ -138,30 +130,24 @@ public class CasAuthenticationTokenTests { fail("Should have thrown NoSuchMethodException"); } catch (NoSuchMethodException expected) { - } } @Test public void testNotEqualsDueToAbstractParentEqualsCheck() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(!token1.equals(token2)).isTrue(); } @Test public void testNotEqualsDueToDifferentAuthenticationClass() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", this.ROLES); assertThat(!token1.equals(token2)).isTrue(); @@ -170,13 +156,10 @@ public class CasAuthenticationTokenTests { @Test public void testNotEqualsDueToKey() { final Assertion assertion = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - assertThat(!token1.equals(token2)).isTrue(); } @@ -184,13 +167,10 @@ public class CasAuthenticationTokenTests { public void testNotEqualsDueToAssertion() { final Assertion assertion = new AssertionImpl("test"); final Assertion assertion2 = new AssertionImpl("test"); - CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion); - CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion2); - assertThat(!token1.equals(token2)).isTrue(); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java index e571254522..513158a479 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java @@ -52,17 +52,13 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache(); cache.setCache(cacheManager.getCache("castickets")); cache.afterPropertiesSet(); - final CasAuthenticationToken token = getToken(); - // Check it gets stored in the cache cache.putTicketInCache(token); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token); - // Check it gets removed from the cache cache.removeTicketFromCache(getToken()); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull(); - // Check it doesn't return values for null or unknown service tickets assertThat(cache.getByTicketId(null)).isNull(); assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull(); @@ -71,15 +67,12 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe @Test public void testStartupDetectsMissingCache() throws Exception { EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache(); - try { cache.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - Ehcache myCache = cacheManager.getCache("castickets"); cache.setCache(myCache); assertThat(cache.getCache()).isEqualTo(myCache); diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java index b9bfffcd51..607ed39260 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java @@ -44,17 +44,13 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac @Test public void testCacheOperation() throws Exception { SpringCacheBasedTicketCache cache = new SpringCacheBasedTicketCache(cacheManager.getCache("castickets")); - final CasAuthenticationToken token = getToken(); - // Check it gets stored in the cache cache.putTicketInCache(token); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token); - // Check it gets removed from the cache cache.removeTicketFromCache(getToken()); assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull(); - // Check it doesn't return values for null or unknown service tickets assertThat(cache.getByTicketId(null)).isNull(); assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull(); diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java index 7ed182ccc9..4eed00cbe9 100644 --- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java +++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java @@ -74,7 +74,6 @@ public class CasAuthenticationTokenMixinTests { + "\"authorities\": " + AUTHORITIES_SET_JSON + "}"; // @formatter:on - private static final String CAS_TOKEN_JSON = "{" + "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", " + "\"keyHash\": " + KEY.hashCode() + "," + "\"principal\": " + USER_JSON + ", " + "\"credentials\": " diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java index 15cb9df2c4..825542cb79 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java @@ -38,7 +38,6 @@ public class CasAuthenticationEntryPointTests { public void testDetectsMissingLoginFormUrl() throws Exception { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setServiceProperties(new ServiceProperties()); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -52,7 +51,6 @@ public class CasAuthenticationEntryPointTests { public void testDetectsMissingServiceProperties() throws Exception { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -67,7 +65,6 @@ public class CasAuthenticationEntryPointTests { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); assertThat(ep.getLoginUrl()).isEqualTo("https://cas/login"); - ep.setServiceProperties(new ServiceProperties()); assertThat(ep.getServiceProperties() != null).isTrue(); } @@ -77,19 +74,14 @@ public class CasAuthenticationEntryPointTests { ServiceProperties sp = new ServiceProperties(); sp.setSendRenew(false); sp.setService("https://mycompany.com/bigWebApp/login/cas"); - CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); ep.setServiceProperties(sp); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); ep.commence(request, response, null); - assertThat( "https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8")) .isEqualTo(response.getRedirectedUrl()); @@ -100,16 +92,12 @@ public class CasAuthenticationEntryPointTests { ServiceProperties sp = new ServiceProperties(); sp.setSendRenew(true); sp.setService("https://mycompany.com/bigWebApp/login/cas"); - CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); ep.setServiceProperties(sp); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); ep.commence(request, response, null); assertThat("https://cas/login?service=" diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index e37c07619f..e704ecd3ff 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -69,12 +69,9 @@ public class CasAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/login/cas"); request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ"); - CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager((a) -> a); - assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue(); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); } @@ -85,7 +82,6 @@ public class CasAuthenticationFilterTests { filter.setAuthenticationManager((a) -> { throw new BadCredentialsException("Rejected"); }); - filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse()); } @@ -96,7 +92,6 @@ public class CasAuthenticationFilterTests { filter.setFilterProcessesUrl(url); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); } @@ -106,7 +101,6 @@ public class CasAuthenticationFilterTests { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/pgtCallback"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyReceptorUrl(request.getServletPath()); @@ -121,17 +115,14 @@ public class CasAuthenticationFilterTests { public void testRequiresAuthenticationAuthAll() { ServiceProperties properties = new ServiceProperties(); properties.setAuthenticateAllArtifacts(true); - String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); filter.setServiceProperties(properties); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); - request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); request.setParameter(properties.getArtifactParameter(), "value"); @@ -151,7 +142,6 @@ public class CasAuthenticationFilterTests { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); @@ -171,20 +161,17 @@ public class CasAuthenticationFilterTests { request.setServletPath("/authenticate"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setServiceProperties(serviceProperties); filter.setAuthenticationSuccessHandler(successHandler); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setAuthenticationManager(manager); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull() .withFailMessage("Authentication should not be null"); verify(chain).doFilter(request, response); verifyZeroInteractions(successHandler); - // validate for when the filterProcessUrl matches filter.setFilterProcessesUrl(request.getServletPath()); SecurityContextHolder.clearContext(); @@ -200,11 +187,9 @@ public class CasAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); - filter.doFilter(request, response, chain); verifyZeroInteractions(chain); } diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java index 47bd7db94b..cc61ac93be 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java @@ -68,10 +68,8 @@ public class ServicePropertiesTests { assertThat(sp.getArtifactParameter()).isEqualTo("notticket"); sp.setServiceParameter("notservice"); assertThat(sp.getServiceParameter()).isEqualTo("notservice"); - sp.setService("https://mycompany.com/service"); assertThat(sp.getService()).isEqualTo("https://mycompany.com/service"); - sp.afterPropertiesSet(); } } diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java index a292662cc4..d7d95ea3a7 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java @@ -55,7 +55,6 @@ public class DefaultServiceAuthenticationDetailsTests { this.request.setRequestURI("/cas-sample/secure/"); this.artifactPattern = DefaultServiceAuthenticationDetails .createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER); - } @After diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java index a6809b8574..7262646c80 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java @@ -86,7 +86,6 @@ public class HelloRSocketITests { public void retrieveMonoWhenSecureThenDenied() throws Exception { this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies()) .connectTcp("localhost", this.server.address().getPort()).block(); - String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isNotNull(); @@ -106,7 +105,6 @@ public class HelloRSocketITests { String hiRob = this.requester.route("secure.retrieve-mono") .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java index 12e27e88c9..f8b30d7e51 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java @@ -102,9 +102,7 @@ public class JwtITests { this.requester = requester() .setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -112,14 +110,11 @@ public class JwtITests { public void routeWhenAuthenticationBearerThenAuthorized() { MimeType authenticationMimeType = MimeTypeUtils .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); - BearerTokenMetadata credentials = new BearerTokenMetadata("token"); given(this.decoder.decode(any())).willReturn(Mono.just(jwt())); this.requester = requester().setupMetadata(credentials, authenticationMimeType) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java index 1a73888c74..ecacae6b21 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java @@ -94,9 +94,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -105,7 +103,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class) .block()).isInstanceOf(ApplicationErrorException.class); } @@ -116,12 +113,10 @@ public class RSocketMessageHandlerConnectionITests { this.requester = requester() .setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("secure.admin.retrieve-mono") .metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -131,12 +126,10 @@ public class RSocketMessageHandlerConnectionITests { this.requester = requester() .setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiUser = this.requester.route("secure.authority.retrieve-mono") .metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .data("Felipe").retrieveMono(String.class).block(); - assertThat(hiUser).isEqualTo("Hi Felipe"); } @@ -144,7 +137,6 @@ public class RSocketMessageHandlerConnectionITests { public void connectWhenNotAuthenticated() { this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort()) .block(); - assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block()) .isNotNull(); // FIXME: https://github.com/rsocket/rsocket-java/issues/686 @@ -156,7 +148,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block()) .isNotNull(); // FIXME: https://github.com/rsocket/rsocket-java/issues/686 @@ -168,7 +159,6 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - assertThatCode(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class); } @@ -178,9 +168,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiRob = this.requester.route("anyroute").data("rob").retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); } @@ -189,9 +177,7 @@ public class RSocketMessageHandlerConnectionITests { UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("admin", "password"); this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE) .connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block(); - String hiEbert = this.requester.route("management.users").data("admin").retrieveMono(String.class).block(); - assertThat(hiEbert).isEqualTo("Hi admin"); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java index eb22782c00..9b4f37a09d 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java @@ -79,7 +79,6 @@ public class RSocketMessageHandlerITests { this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY) .addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder()) .transport(TcpServerTransport.create("localhost", 0)).start().block(); - this.requester = RSocketRequester.builder() // .rsocketFactory((factory) -> // factory.addRequesterPlugin(payloadInterceptor)) @@ -99,7 +98,6 @@ public class RSocketMessageHandlerITests { String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -111,7 +109,6 @@ public class RSocketMessageHandlerITests { .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block()).isInstanceOf(ApplicationErrorException.class) .hasMessageContaining("Invalid Credentials"); - assertThat(this.controller.payloads).isEmpty(); } @@ -122,7 +119,6 @@ public class RSocketMessageHandlerITests { String hiRob = this.requester.route("secure.retrieve-mono") .metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data) .retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } @@ -131,7 +127,6 @@ public class RSocketMessageHandlerITests { public void retrieveMonoWhenPublicThenGranted() throws Exception { String data = "rob"; String hiRob = this.requester.route("retrieve-mono").data(data).retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } @@ -142,7 +137,6 @@ public class RSocketMessageHandlerITests { assertThatCode(() -> this.requester.route("secure.retrieve-flux").data(data, String.class) .retrieveFlux(String.class).collectList().block()).isInstanceOf(ApplicationErrorException.class) .hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -151,7 +145,6 @@ public class RSocketMessageHandlerITests { Flux data = Flux.just("a", "b", "c"); List hi = this.requester.route("retrieve-flux").data(data, String.class).retrieveFlux(String.class) .collectList().block(); - assertThat(hi).containsOnly("hello a", "hello b", "hello c"); assertThat(this.controller.payloads).containsOnlyElementsOf(data.collectList().block()); } @@ -162,7 +155,6 @@ public class RSocketMessageHandlerITests { assertThatCode( () -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block()) .isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied"); - assertThat(this.controller.payloads).isEmpty(); } @@ -170,7 +162,6 @@ public class RSocketMessageHandlerITests { public void sendWhenSecureThenDenied() throws Exception { String data = "hi"; this.requester.route("secure.send").data(data).send().block(); - assertThat(this.controller.payloads).isEmpty(); } @@ -248,7 +239,6 @@ public class RSocketMessageHandlerITests { @MessageMapping({ "secure.send", "send" }) Mono send(Mono payload) { return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll())); - } private synchronized void doNotifyAll() { diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java index fc3d4e01ed..29f1c3b495 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java @@ -92,7 +92,6 @@ public class SimpleAuthenticationITests { public void retrieveMonoWhenSecureThenDenied() throws Exception { this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies()) .connectTcp("localhost", this.server.address().getPort()).block(); - String data = "rob"; assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block()) .isInstanceOf(ApplicationErrorException.class); @@ -103,7 +102,6 @@ public class SimpleAuthenticationITests { public void retrieveMonoWhenAuthorizedThenGranted() { MimeType authenticationMimeType = MimeTypeUtils .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); - UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password"); this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType) .rsocketStrategies(this.handler.getRSocketStrategies()) @@ -111,7 +109,6 @@ public class SimpleAuthenticationITests { String data = "rob"; String hiRob = this.requester.route("secure.retrieve-mono").metadata(credentials, authenticationMimeType) .data(data).retrieveMono(String.class).block(); - assertThat(hiRob).isEqualTo("Hi rob"); assertThat(this.controller.payloads).containsOnly(data); } diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java index 53b57df075..103addaebd 100644 --- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java +++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java @@ -34,13 +34,11 @@ public class DataSourcePopulator implements InitializingBean { @Override public void afterPropertiesSet() { Assert.notNull(this.template, "dataSource required"); - this.template.execute( "CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);"); this.template.execute( "CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));"); this.template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);"); - /* * Passwords encoded using MD5, NOT in Base64 format, with null as salt Encoded * password for rod is "koala" Encoded password for dianne is "emu" Encoded diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java index 0730702b94..d570897460 100644 --- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java @@ -111,7 +111,6 @@ public class FilterChainProxyConfigTests { @Test public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() { FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class); - List chains = fcp.getFilterChains(); assertThat(getPattern(chains.get(0))).isEqualTo("/login*"); assertThat(getPattern(chains.get(1))).isEqualTo("/logout"); @@ -127,17 +126,14 @@ public class FilterChainProxyConfigTests { List filters = filterChainProxy.getFilters("/foo/blah;x=1"); assertThat(filters).hasSize(1); assertThat(filters.get(0) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); - filters = filterChainProxy.getFilters("/some;x=2,y=3/other/path;z=4/blah"); assertThat(filters).isNotNull(); assertThat(filters).hasSize(3); assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue(); assertThat(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); assertThat(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter).isTrue(); - filters = filterChainProxy.getFilters("/do/not/filter;x=7"); assertThat(filters).isEmpty(); - filters = filterChainProxy.getFilters("/another/nonspecificmatch"); assertThat(filters).hasSize(3); assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue(); @@ -148,13 +144,10 @@ public class FilterChainProxyConfigTests { private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.setServletPath("/foo/secure/super/somefile.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); - filterChainProxy.doFilter(request, response, chain); verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - request.setServletPath("/a/path/which/doesnt/match/any/filter.html"); chain = mock(FilterChain.class); filterChainProxy.doFilter(request, response, chain); diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java index 1a08796e61..fdec646a62 100644 --- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java +++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java @@ -37,7 +37,6 @@ public class MockUserServiceBeanPostProcessor implements BeanPostProcessor { if (bean instanceof PostProcessedMockUserDetailsService) { ((PostProcessedMockUserDetailsService) bean).setPostProcessorWasHere("Hello from the post processor!"); } - return bean; } diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java index 9b7ccaf51a..454209e4f0 100644 --- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java @@ -90,13 +90,10 @@ public class SecurityNamespaceHandlerTests { PowerMockito.spy(ClassUtils.class); PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class)); - Log logger = mock(Log.class); SecurityNamespaceHandler handler = new SecurityNamespaceHandler(); ReflectionTestUtils.setField(handler, "logger", logger); - handler.init(); - PowerMockito.verifyStatic(ClassUtils.class); ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class)); verifyZeroInteractions(logger); diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java index c1cf8715e9..b98c51df78 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java @@ -43,10 +43,8 @@ public class SecurityConfigurerAdapterClosureTests { return l; } }); - this.conf.init(builder); this.conf.configure(builder); - assertThat(this.conf.list).contains("a"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java index b6e0a5a87b..9e6aeba683 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java @@ -36,7 +36,6 @@ public class SecurityConfigurerAdapterTests { public void postProcessObjectPostProcessorsAreSorted() { this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE)); this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE)); - assertThat(this.adapter.postProcess("hi")) .isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java index fd6749db83..2c3a719c01 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java @@ -76,11 +76,9 @@ public class AuthenticationManagerBuilderTests { public void buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationProvider provider = mock(AuthenticationProvider.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.authenticationProvider(provider); builder.build(); - verify(opp, never()).postProcess(provider); } @@ -92,13 +90,11 @@ public class AuthenticationManagerBuilderTests { given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0)); AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep) .inMemoryAuthentication().and().build(); - try { am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } catch (AuthenticationException success) { } - verify(aep).publishAuthenticationFailure(any(), any()); } @@ -107,9 +103,7 @@ public class AuthenticationManagerBuilderTests { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -119,9 +113,7 @@ public class AuthenticationManagerBuilderTests { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -129,9 +121,7 @@ public class AuthenticationManagerBuilderTests { @Test public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception { this.spring.register(MultiAuthenticationProvidersConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("USER")); - this.mockMvc.perform(formLogin().user("admin")) .andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN")); } @@ -140,11 +130,9 @@ public class AuthenticationManagerBuilderTests { public void buildWhenAuthenticationProviderThenIsConfigured() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationProvider provider = mock(AuthenticationProvider.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.authenticationProvider(provider); builder.build(); - assertThat(builder.isConfigured()).isTrue(); } @@ -152,27 +140,22 @@ public class AuthenticationManagerBuilderTests { public void buildWhenParentThenIsConfigured() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); AuthenticationManager parent = mock(AuthenticationManager.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.parentAuthenticationManager(parent); builder.build(); - assertThat(builder.isConfigured()).isTrue(); } @Test public void buildWhenNotConfiguredThenIsConfiguredFalse() throws Exception { ObjectPostProcessor opp = mock(ObjectPostProcessor.class); - AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp); builder.build(); - assertThat(builder.isConfigured()).isFalse(); } public void buildWhenUserFromProperties() throws Exception { this.spring.register(UserFromPropertiesConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("joe", "joespassword")) .andExpect(authenticated().withUsername("joe").withRoles("USER")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java index a4ca8c40b1..d21faea9ea 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java @@ -47,10 +47,8 @@ public class NamespaceAuthenticationManagerTests { @Test public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception { this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire(); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull())); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull())); // no exception due to username being cleared out @@ -59,10 +57,8 @@ public class NamespaceAuthenticationManagerTests { @Test public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(EraseCredentialsFalseConfig.class).autowire(); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); - this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); // no exception due to username being cleared out @@ -72,7 +68,6 @@ public class NamespaceAuthenticationManagerTests { // SEC-2533 public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire(); - this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers .authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull())); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java index 61d1e1e660..f29882cea9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java @@ -49,7 +49,6 @@ public class NamespaceAuthenticationProviderTests { // authentication-provider@ref public void authenticationProviderRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } @@ -57,7 +56,6 @@ public class NamespaceAuthenticationProviderTests { // authentication-provider@user-service-ref public void authenticationProviderUserServiceRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java index e8a4d77abe..58556a7463 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java @@ -53,14 +53,12 @@ public class NamespaceJdbcUserServiceTests { @Test public void jdbcUserService() throws Exception { this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user")); } @Test public void jdbcUserServiceCustom() throws Exception { this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER")); } @@ -118,7 +116,6 @@ public class NamespaceJdbcUserServiceTests { // jdbc-user-service@role-prefix .rolePrefix("ROLE_"); // @formatter:on - } static class CustomUserCache implements UserCache { diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java index 1068e37d13..91759cd703 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java @@ -52,21 +52,18 @@ public class NamespacePasswordEncoderTests { @Test public void passwordEncoderRefWithInMemory() throws Exception { this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @Test public void passwordEncoderRefWithJdbc() throws Exception { this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @Test public void passwordEncoderRefWithUserDetailsService() throws Exception { this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } @@ -91,7 +88,6 @@ public class NamespacePasswordEncoderTests { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); // @formatter:off auth diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java index 086f7cbc00..456efd48f6 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java @@ -51,7 +51,6 @@ public class PasswordEncoderConfigurerTests { @Test public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception { this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java index 3194b6cff7..3c6ec39bf5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java @@ -48,7 +48,6 @@ public class AuthenticationConfigurationPublishTests { @Test public void authenticationEventPublisherBeanUsedByDefault() { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThat(this.listener.getEvents()).hasSize(1); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java index e02f237cd8..9c5c153200 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java @@ -88,7 +88,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableGlobalMethodSecurity() { this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -98,7 +97,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableWebSecurity() { this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -108,7 +106,6 @@ public class AuthenticationConfigurationTests { public void orderingAutowiredOnEnableWebMvcSecurity() { this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); @@ -117,7 +114,6 @@ public class AuthenticationConfigurationTests { @Test public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) .isNull(); } @@ -126,7 +122,6 @@ public class AuthenticationConfigurationTests { public void getAuthenticationManagerWhenNoOpGlobalAuthenticationConfigurerAdapterThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, NoOpGlobalAuthenticationConfigurerAdapter.class).autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) .isNull(); } @@ -136,10 +131,8 @@ public class AuthenticationConfigurationTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, UserGlobalAuthenticationConfigurerAdapter.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); - assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @@ -148,11 +141,9 @@ public class AuthenticationConfigurationTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, AuthenticationManagerBeanConfig.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); given(authentication.authenticate(token)).willReturn(TestAuthentication.authenticatedUser()); - assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @@ -173,13 +164,10 @@ public class AuthenticationConfigurationTests { config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(), new BootGlobalAuthenticationConfigurerAdapter())); AuthenticationManager authenticationManager = config.getAuthenticationManager(); - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy( () -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"))) .isInstanceOf(AuthenticationException.class); - } @Test @@ -188,7 +176,6 @@ public class AuthenticationConfigurationTests { AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter())); AuthenticationManager authenticationManager = config.getAuthenticationManager(); - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")); } @@ -198,17 +185,14 @@ public class AuthenticationConfigurationTests { this.spring.register(Sec2531Config.class).autowire(); ObjectPostProcessor opp = this.spring.getContext().getBean(ObjectPostProcessor.class); given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0)); - AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.getAuthenticationManager(); - verify(opp).postProcess(any(ProxyFactoryBean.class)); } @Test public void getAuthenticationManagerWhenSec2822ThenCannotForceAuthenticationAlreadyBuilt() throws Exception { this.spring.register(Sec2822WebSecurity.class, Sec2822UseAuth.class, Sec2822Config.class).autowire(); - this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); // no exception } @@ -222,9 +206,7 @@ public class AuthenticationConfigurationTests { AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid"))) .isInstanceOf(AuthenticationException.class); } @@ -239,9 +221,7 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid"))) .isInstanceOf(AuthenticationException.class); } @@ -257,9 +237,7 @@ public class AuthenticationConfigurationTests { given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); given(manager.updatePassword(any(), any())).willReturn(user); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); - verify(manager).updatePassword(eq(user), startsWith("{bcrypt}")); } @@ -272,7 +250,6 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -285,7 +262,6 @@ public class AuthenticationConfigurationTests { .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); - am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -314,9 +290,7 @@ public class AuthenticationConfigurationTests { throws Exception { this.spring.register(AuthenticationConfigurationSubclass.class).autowire(); AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class); - this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); - assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class); } @@ -447,15 +421,11 @@ public class AuthenticationConfigurationTests { if (auth.isConfigured()) { return; } - UserDetails user = User.withUserDetails(PasswordEncodedUser.user()).username("boot").build(); - List users = Arrays.asList(user); InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager(users); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setUserDetailsService(inMemory); - auth.authenticationProvider(provider); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java index 4f6d9e735f..8a5e0db601 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java @@ -40,29 +40,23 @@ public class EnableGlobalAuthenticationTests { @Test public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception { this.spring.register(Config.class).autowire(); - AuthenticationConfiguration auth = this.spring.getContext().getBean(AuthenticationConfiguration.class); - assertThat(auth.getAuthenticationManager()).isNotNull(); } @Test public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java index fcadd1ec3d..40e9f8e149 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java @@ -40,7 +40,6 @@ public class LdapAuthenticationProviderConfigurerTests { assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(SimpleAuthorityMapper.class); this.configurer.authoritiesMapper(new NullAuthoritiesMapper()); assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class); - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java index a6e2e698c7..67a8747c78 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java @@ -46,7 +46,6 @@ public class UserDetailsManagerConfigurerTests { UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").roles("USER").disabled(true) .accountExpired(true).accountLocked(true).credentialsExpired(true).build(); - assertThat(userDetails.getUsername()).isEqualTo("user"); assertThat(userDetails.getPassword()).isEqualTo("password"); assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo("ROLE_USER"); @@ -59,31 +58,25 @@ public class UserDetailsManagerConfigurerTests { @Test public void authoritiesWithGrantedAuthorityWorks() { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(authority).build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority); } @Test public void authoritiesWithStringAuthorityWorks() { String authority = "ROLE_USER"; - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(authority).build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority); } @Test public void authoritiesWithAListOfGrantedAuthorityWorks() { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - UserDetails userDetails = new UserDetailsManagerConfigurer>( this.userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority)) .build(); - assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java index 78d24959c0..c0efa4c5e7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java @@ -54,7 +54,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenApplicationContextAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ApplicationContextAware toPostProcess = mock(ApplicationContextAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setApplicationContext(isNotNull()); @@ -63,17 +62,14 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenApplicationEventPublisherAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ApplicationEventPublisherAware toPostProcess = mock(ApplicationEventPublisherAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setApplicationEventPublisher(isNotNull()); - } @Test public void postProcessWhenBeanClassLoaderAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - BeanClassLoaderAware toPostProcess = mock(BeanClassLoaderAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setBeanClassLoader(isNotNull()); @@ -82,7 +78,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenBeanFactoryAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - BeanFactoryAware toPostProcess = mock(BeanFactoryAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setBeanFactory(isNotNull()); @@ -91,7 +86,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenEnvironmentAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - EnvironmentAware toPostProcess = mock(EnvironmentAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setEnvironment(isNotNull()); @@ -100,7 +94,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenMessageSourceAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - MessageSourceAware toPostProcess = mock(MessageSourceAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setMessageSource(isNotNull()); @@ -109,7 +102,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenServletContextAwareThenAwareInvoked() { this.spring.register(Config.class).autowire(); - ServletContextAware toPostProcess = mock(ServletContextAware.class); this.objectObjectPostProcessor.postProcess(toPostProcess); verify(toPostProcess).setServletContext(isNotNull()); @@ -118,21 +110,16 @@ public class AutowireBeanFactoryObjectPostProcessorTests { @Test public void postProcessWhenDisposableBeanThenAwareInvoked() throws Exception { this.spring.register(Config.class).autowire(); - DisposableBean toPostProcess = mock(DisposableBean.class); this.objectObjectPostProcessor.postProcess(toPostProcess); - this.spring.getContext().close(); - verify(toPostProcess).destroy(); } @Test public void postProcessWhenSmartInitializingSingletonThenAwareInvoked() { this.spring.register(Config.class, SmartConfig.class).autowire(); - SmartConfig config = this.spring.getContext().getBean(SmartConfig.class); - verify(config.toTest).afterSingletonsInstantiated(); } @@ -140,9 +127,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests { // SEC-2382 public void autowireBeanFactoryWhenBeanNameAutoProxyCreatorThenWorks() { this.spring.testConfigLocations("AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml").autowire(); - MyAdvisedBean bean = this.spring.getContext().getBean(MyAdvisedBean.class); - assertThat(bean.doStuff()).isEqualTo("null"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java index fa946076f7..47535d1ce5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java +++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java @@ -52,12 +52,10 @@ public class ApplicationConfig { vendorAdapter.setDatabase(Database.HSQL); vendorAdapter.setGenerateDdl(true); vendorAdapter.setShowSql(true); - LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean(); factory.setJpaVendorAdapter(vendorAdapter); factory.setPackagesToScan(User.class.getPackage().getName()); factory.setDataSource(dataSource()); - return factory; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java index 751199fb55..44e6e6a0d3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java @@ -81,23 +81,19 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.monoFindById(1L)).willReturn(Mono.from(this.result)); - this.delegate.monoFindById(1L); - this.result.assertNoSubscribers(); } @Test public void monoWhenPermitAllThenSuccess() { given(this.delegate.monoFindById(1L)).willReturn(Mono.just("success")); - StepVerifier.create(this.delegate.monoFindById(1L)).expectNext("success").verifyComplete(); } @Test public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); @@ -106,28 +102,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -135,7 +126,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result")); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -143,27 +133,22 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result)); - Mono findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void monoPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeFindById(1L)).willReturn(Mono.just("user")); - Mono findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -171,7 +156,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -179,7 +163,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("user")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -187,7 +170,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("anonymous")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -195,33 +177,27 @@ public class EnableReactiveMethodSecurityTests { @Test public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized")); - Mono findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } // Flux tests - @Test public void fluxWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.fluxFindById(1L)).willReturn(Flux.from(this.result)); - this.delegate.fluxFindById(1L); - this.result.assertNoSubscribers(); } @Test public void fluxWhenPermitAllThenSuccess() { given(this.delegate.fluxFindById(1L)).willReturn(Flux.just("success")); - StepVerifier.create(this.delegate.fluxFindById(1L)).expectNext("success").verifyComplete(); } @Test public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result")) @@ -231,28 +207,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -260,7 +231,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result")); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -268,27 +238,22 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result)); - Flux findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void fluxPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeFindById(1L)).willReturn(Flux.just("user")); - Flux findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -296,7 +261,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -304,7 +268,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("user")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -312,7 +275,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("anonymous")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -320,33 +282,27 @@ public class EnableReactiveMethodSecurityTests { @Test public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized")); - Flux findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } // Publisher tests - @Test public void publisherWhenPermitAllThenAopDoesNotSubscribe() { given(this.delegate.publisherFindById(1L)).willReturn(this.result); - this.delegate.publisherFindById(1L); - this.result.assertNoSubscribers(); } @Test public void publisherWhenPermitAllThenSuccess() { given(this.delegate.publisherFindById(1L)).willReturn(publisherJust("success")); - StepVerifier.create(this.delegate.publisherFindById(1L)).expectNext("success").verifyComplete(); } @Test public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result")); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result")) @@ -356,28 +312,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); - Publisher findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L)) .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); @@ -386,7 +337,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); - Publisher findById = this.messageService.publisherPreAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -394,28 +344,23 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPreAuthorizeBeanWhenNoAuthenticationThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); - Publisher findById = this.messageService.publisherPreAuthorizeBeanFindById(1L); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); - Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); - this.result.assertNoSubscribers(); } @Test public void publisherPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); @@ -424,7 +369,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); @@ -433,7 +377,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); @@ -442,7 +385,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("anonymous")); - Publisher findById = this.messageService.publisherPostAuthorizeBeanFindById(2L); StepVerifier.create(findById).expectNext("anonymous").verifyComplete(); } @@ -450,7 +392,6 @@ public class EnableReactiveMethodSecurityTests { @Test public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); - Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java index d5a8b8ef35..713839542b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java @@ -110,13 +110,11 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void methodSecurityAuthenticationManagerPublishesEvent() { this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire(); - try { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar")); } catch (AuthenticationException ex) { } - assertThat(this.events.getEvents()).extracting(Object::getClass) .containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class); } @@ -125,14 +123,10 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void methodSecurityWhenAuthenticationTrustResolverIsBeanThenAutowires() { this.spring.register(CustomTrustResolverConfig.class).autowire(); - AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class); given(trustResolver.isAnonymous(any())).willReturn(true, false); - assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeNotAnonymous(); - verify(trustResolver, atLeastOnce()).isAnonymous(any()); } @@ -142,9 +136,7 @@ public class GlobalMethodSecurityConfigurationTests { public void defaultWebSecurityExpressionHandlerHasBeanResolverSet() { this.spring.register(ExpressionHandlerHasBeanResolverSetConfig.class).autowire(); Authz authz = this.spring.getContext().getBean(Authz.class); - assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeBean(true); } @@ -152,9 +144,7 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.postAnnotation("deny")).isInstanceOf(AccessDeniedException.class); - this.service.postAnnotation("grant"); // no exception } @@ -165,17 +155,14 @@ public class GlobalMethodSecurityConfigurationTests { this.spring.register(AutowirePermissionEvaluatorConfig.class).autowire(); PermissionEvaluator permission = this.spring.getContext().getBean(PermissionEvaluator.class); given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false); - this.service.hasPermission("something"); // no exception - assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class); } @Test public void multiPermissionEvaluatorConfig() { this.spring.register(MultiPermissionEvaluatorConfig.class).autowire(); - // no exception } @@ -184,7 +171,6 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void enableGlobalMethodSecurityWorksOnSuperclass() { this.spring.register(ChildConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -200,7 +186,6 @@ public class GlobalMethodSecurityConfigurationTests { child.register(Sec2479ChildConfig.class); child.refresh(); this.spring.context(child).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } } @@ -209,9 +194,7 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void enableGlobalMethodSecurityDoesNotTriggerEagerInitializationOfBeansInGlobalAuthenticationConfigurer() { this.spring.register(Sec2815Config.class).autowire(); - MockBeanPostProcessor pp = this.spring.getContext().getBean(MockBeanPostProcessor.class); - assertThat(pp.beforeInit).containsKeys("dataSource"); assertThat(pp.afterInit).containsKeys("dataSource"); } @@ -220,9 +203,9 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void globalSecurityProxiesSecurity() { this.spring.register(Sec3005Config.class).autowire(); - assertThat(this.service.getClass()).matches((c) -> !Proxy.isProxyClass(c), "is not proxy class"); } + // // // gh-3797 // def preAuthorizeBeanSpel() { @@ -241,14 +224,11 @@ public class GlobalMethodSecurityConfigurationTests { // thrown(AccessDeniedException) // } // - @Test @WithMockUser public void preAuthorizeBeanSpel() { this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class); - this.service.preAuthorizeBean(true); } @@ -257,7 +237,6 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser public void roleHierarchy() { this.spring.register(RoleHierarchyConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); this.service.preAuthorizeAdmin(); } @@ -266,12 +245,9 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser(authorities = "ROLE:USER") public void grantedAuthorityDefaultsAutowires() { this.spring.register(CustomGrantedAuthorityConfig.class).autowire(); - CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() .getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - customService.customPrefixRoleUser(); // no exception } @@ -280,12 +256,9 @@ public class GlobalMethodSecurityConfigurationTests { @WithMockUser(authorities = "USER") public void grantedAuthorityDefaultsWithEmptyRolePrefix() { this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire(); - EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() .getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class); - assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class); - customService.emptyPrefixRoleUser(); // no exception } @@ -297,7 +270,6 @@ public class GlobalMethodSecurityConfigurationTests { .getBean(MethodInterceptor.class); MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext() .getBean(MethodSecurityMetadataSource.class); - assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java index 3c0532b3f3..90d0d45f08 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java @@ -54,9 +54,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @WithMockUser public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPreAuthorizesAccordingly() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.hasPermission("granted")).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.hasPermission("denied")).isInstanceOf(AccessDeniedException.class); } @@ -64,9 +62,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @WithMockUser public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPostAuthorizesAccordingly() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.postHasPermission("granted")).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.postHasPermission("denied")).isInstanceOf(AccessDeniedException.class); } @@ -76,7 +72,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { @Override protected MethodSecurityExpressionHandler createExpressionHandler() { DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); - expressionHandler.setPermissionEvaluator(new PermissionEvaluator() { @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, @@ -90,7 +85,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { throw new UnsupportedOperationException(); } }); - return expressionHandler; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java index 5266e15d28..e61d475da5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java @@ -78,18 +78,14 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - } @Test @WithMockUser public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() { this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class); } @@ -97,7 +93,6 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() { this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class); } @@ -105,15 +100,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenJsr250EnabledThenAuthorizes() { this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); - assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException(); - } @Test @@ -121,11 +111,8 @@ public class NamespaceGlobalMethodSecurityTests { public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() { this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class) .autowire(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); } @@ -133,12 +120,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception { this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); - // TODO diagnose why aspectj isn't weaving method security advice around // MethodSecurityServiceImpl } @@ -146,24 +131,19 @@ public class NamespaceGlobalMethodSecurityTests { @Test public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire() throws Exception { - this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); - } @Test @WithMockUser public void methodSecurityWhenOrderSpecifiedThenConfigured() { this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(-135); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class); } @@ -171,10 +151,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class); } @@ -183,10 +161,8 @@ public class NamespaceGlobalMethodSecurityTests { public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class) .autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); - assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class); } @@ -194,11 +170,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() { this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -206,11 +179,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() { this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -218,10 +188,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenProxyTargetClassThenDoesNotWireToInterface() { this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire(); - // make sure service was actually proxied assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -229,9 +197,7 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenDefaultProxyThenWiresToInterface() { this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -239,7 +205,6 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() { this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.service.runAs().getAuthorities()) .anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority())); } @@ -248,13 +213,9 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenSecuredEnabledThenSecures() { this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class); - assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); } @@ -269,11 +230,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() { this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThatCode(() -> this.service.secured()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @@ -320,7 +278,6 @@ public class NamespaceGlobalMethodSecurityTests { @Override public Object decide(Authentication authentication, Object object, Collection attributes, Object returnedObject) throws AccessDeniedException { - throw new AccessDeniedException("custom AfterInvocationManager"); } @@ -403,7 +360,6 @@ public class NamespaceGlobalMethodSecurityTests { BeanDefinitionRegistry registry) { BeanDefinitionBuilder advice = BeanDefinitionBuilder.rootBeanDefinition(ExceptingInterceptor.class); registry.registerBeanDefinition("exceptingInterceptor", advice.getBeanDefinition()); - BeanDefinitionBuilder advisor = BeanDefinitionBuilder .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java index 961e0e3bf1..f4c7d66b2f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java @@ -46,15 +46,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException { this.spring.register(WithRolePrefixConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "CUSTOM_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isFalse(); assertThat(root.hasRole("ROLE_CUSTOM_ABC")).isFalse(); assertThat(root.hasRole("CUSTOM_ABC")).isTrue(); @@ -64,15 +61,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithDefaultConfig() throws NoSuchMethodException { this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isTrue(); assertThat(root.hasRole("ABC")).isTrue(); } @@ -80,15 +74,12 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException { this.spring.register(SubclassConfig.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC"); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); - EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue(); - assertThat(root.hasRole("ROLE_ABC")).isTrue(); assertThat(root.hasRole("ABC")).isTrue(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java index 91ad7a5c96..4984b241eb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java @@ -60,19 +60,15 @@ public class SampleEnableGlobalMethodSecurityTests { @Test public void preAuthorize() { this.spring.register(SampleWebSecurityConfig.class).autowire(); - assertThat(this.methodSecurityService.secured()).isNull(); assertThat(this.methodSecurityService.jsr250()).isNull(); - assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class); } @Test public void customPermissionHandler() { this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire(); - assertThat(this.methodSecurityService.hasPermission("allowed")).isNull(); - assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied")) .isInstanceOf(AccessDeniedException.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java index 80472bb588..bbca9375c7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java @@ -68,20 +68,15 @@ public class Sec2758Tests { @WithMockUser(authorities = "CUSTOM") @Test public void requestWhenNullifyingRolePrefixThenPassivityRestored() throws Exception { - this.spring.register(SecurityConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @WithMockUser(authorities = "CUSTOM") @Test public void methodSecurityWhenNullifyingRolePrefixThenPassivityRestored() { - this.spring.register(SecurityConfig.class).autowire(); - assertThatCode(() -> this.service.doJsr250()).doesNotThrowAnyException(); - assertThatCode(() -> this.service.doPreAuthorize()).doesNotThrowAnyException(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java index bf6cbe1e3e..98232d5a6d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java @@ -77,7 +77,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .antMatchers("/demo/**").permitAll(); // @formatter:on - } } @@ -93,7 +92,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .mvcMatchers("/demo/**").permitAll(); // @formatter:on - } } @@ -109,7 +107,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .regexMatchers(".*").permitAll(); // @formatter:on - } } @@ -125,7 +122,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .anyRequest().permitAll(); // @formatter:on - } } @@ -141,7 +137,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { .anyRequest().authenticated() .requestMatchers(new AntPathRequestMatcher("/**")).permitAll(); // @formatter:on - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java index 53aff06eec..8250a819ad 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java @@ -69,7 +69,6 @@ public class SampleWebSecurityConfigurerAdapterTests { this.request = new MockHttpServletRequest("GET", ""); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response); this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); @@ -78,136 +77,112 @@ public class SampleWebSecurityConfigurerAdapterTests { @Test public void helloWorldSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.addHeader("Accept", "text/html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void helloWorldSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addHeader("Accept", "text/html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void helloWorldSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addHeader("Accept", "text/html"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void readmeSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @Test public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); } @Test public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); } @Test public void multiHttpSampleWhenRequestProtectedResourceThenStatusUnauthorized() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void multiHttpSampleWhenRequestAdminResourceWithRegularUserThenStatusForbidden() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:password".getBytes())); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @Test public void multiHttpSampleWhenRequestAdminResourceWithAdminUserThenStatusOk() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); - this.request.setServletPath("/api/admin/test"); this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes())); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java index 7a46bdddcb..cccc804823 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java @@ -84,9 +84,7 @@ public class WebSecurityConfigurerAdapterPowermockTests { PowerMockito .when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) .thenReturn(Arrays.asList(configurer)); - loadConfig(Config.class); - assertThat(configurer.init).isTrue(); assertThat(configurer.configure).isTrue(); } @@ -94,21 +92,16 @@ public class WebSecurityConfigurerAdapterPowermockTests { @Test public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception { this.spring.register(WebAsyncPopulatedByDefaultConfig.class).autowire(); - WebAsyncManager webAsyncManager = mock(WebAsyncManager.class); - this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager)); - ArgumentCaptor callableProcessingInterceptorArgCaptor = ArgumentCaptor .forClass(CallableProcessingInterceptor.class); verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(), callableProcessingInterceptorArgCaptor.capture()); - CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor .getAllValues().stream() .filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass())) .findFirst().orElse(null); - assertThat(callableProcessingInterceptor).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java index 8c0d1914f5..68b3b22b1e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java @@ -84,7 +84,6 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenRequestSecureThenDefaultSecurityHeadersReturned() throws Exception { this.spring.register(HeadersArePopulatedByDefaultConfig.class).autowire(); - this.mockMvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff")) .andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) @@ -96,9 +95,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception { this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty(); assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1); } @@ -106,9 +103,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureProtectedConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); } @@ -116,9 +111,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureGlobalConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); - UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); } @@ -128,10 +121,8 @@ public class WebSecurityConfigurerAdapterTests { OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock( ContentNegotiationStrategy.class); this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire(); - OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext() .getBean(OverrideContentNegotiationStrategySharedObjectConfig.class); - assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) .isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN); @@ -140,10 +131,8 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() { this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire(); - ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext() .getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class); - assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) .isInstanceOf(HeaderContentNegotiationStrategy.class); @@ -152,9 +141,7 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() { this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire(); - MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class); - assertThatCode(() -> myFilter.userDetailsService.loadUserByUsername("user")).doesNotThrowAnyException(); assertThatExceptionOfType(UsernameNotFoundException.class) .isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin")); @@ -164,10 +151,8 @@ public class WebSecurityConfigurerAdapterTests { @Test public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() { this.spring.register(ApplicationContextSharedObjectConfig.class).autowire(); - ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext() .getBean(ApplicationContextSharedObjectConfig.class); - assertThat(securityConfig.applicationContextSharedObject).isNotNull(); assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext()); } @@ -176,9 +161,7 @@ public class WebSecurityConfigurerAdapterTests { public void loadConfigWhenCustomAuthenticationTrustResolverBeanThenOverridesDefault() { CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class); this.spring.register(CustomTrustResolverConfig.class).autowire(); - CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class); - assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull(); assertThat(securityConfig.authenticationTrustResolverSharedObject) .isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN); @@ -195,12 +178,9 @@ public class WebSecurityConfigurerAdapterTests { @Test public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire(); - AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext() .getBean(AuthenticationEventPublisher.class); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); - verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class)); } @@ -208,14 +188,11 @@ public class WebSecurityConfigurerAdapterTests { @Test public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire(); - AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER; - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since // no // providers // configured - verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class), any(Authentication.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java index 404fcc566e..5fa3a802fa 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java @@ -74,9 +74,7 @@ public class HttpConfigurationTests { public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception { CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter()); this.spring.register(CasAuthenticationFilterConfig.class).autowire(); - this.mockMvc.perform(get("/")); - verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class)); } @@ -84,7 +82,6 @@ public class HttpConfigurationTests { @Test public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception { this.spring.register(RequestMatcherRegistryConfigs.class).autowire(); - this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java index 3ae4b97201..4dbdf6dd1b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java @@ -93,11 +93,8 @@ public class NamespaceHttpTests { given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).willReturn(true); given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class))) .willReturn(true); - this.spring.register(AccessDecisionManagerRefConfig.class).autowire(); - this.mockMvc.perform(get("/")); - verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class), any(), anyCollection()); } @@ -105,7 +102,6 @@ public class NamespaceHttpTests { @Test // http@access-denied-page public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception { this.spring.register(AccessDeniedPageConfig.class).autowire(); - this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden()) .andExpect(forwardedUrl("/AccessDeniedPage")); } @@ -114,19 +110,15 @@ public class NamespaceHttpTests { public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception { AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(AuthenticationManagerRefConfig.class).autowire(); - this.mockMvc.perform(formLogin()); - verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class)); } @Test // http@create-session=always public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception { this.spring.register(CreateSessionAlwaysConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNotNull(); assertThat(session.isNew()).isTrue(); } @@ -134,25 +126,19 @@ public class NamespaceHttpTests { @Test // http@create-session=stateless public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception { this.spring.register(CreateSessionStatelessConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @Test // http@create-session=ifRequired public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception { this.spring.register(IfRequiredConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); - mvcResult = this.mockMvc.perform(formLogin()).andReturn(); session = mvcResult.getRequest().getSession(false); - assertThat(session).isNotNull(); assertThat(session.isNew()).isTrue(); } @@ -160,10 +146,8 @@ public class NamespaceHttpTests { @Test // http@create-session=never public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception { this.spring.register(CreateSessionNeverConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -171,7 +155,6 @@ public class NamespaceHttpTests { public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint() throws Exception { this.spring.register(EntryPointRefConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrlPattern("**/entry-point")); } @@ -180,22 +163,17 @@ public class NamespaceHttpTests { public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception { LoginContext loginContext = mock(LoginContext.class); given(loginContext.getSubject()).willReturn(new Subject()); - JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class); given(authenticationToken.isAuthenticated()).willReturn(true); given(authenticationToken.getLoginContext()).willReturn(loginContext); - this.spring.register(JaasApiProvisionConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(authenticationToken))); - verify(loginContext, times(1)).getSubject(); } @Test // http@realm public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception { this.spring.register(RealmConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\"")); } @@ -203,9 +181,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref ant public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() { this.spring.register(RequestMatcherAntConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -215,9 +191,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref regex public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() { this.spring.register(RequestMatcherRegexConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -227,9 +201,7 @@ public class NamespaceHttpTests { @Test // http@request-matcher-ref public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() { this.spring.register(RequestMatcherRefConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -240,9 +212,7 @@ public class NamespaceHttpTests { @Test // http@security=none public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() { this.spring.register(SecurityNoneConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() .get(0); @@ -250,7 +220,6 @@ public class NamespaceHttpTests { assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()) .isEqualTo("/resources/**"); assertThat(securityFilterChain.getFilters()).isEmpty(); - assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class); securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class); @@ -262,7 +231,6 @@ public class NamespaceHttpTests { @Test // http@security-context-repository-ref public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextRepoConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); @@ -271,9 +239,7 @@ public class NamespaceHttpTests { @Test // http@servlet-api-provision=false public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception { this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire(); - this.mockMvc.perform(get("/")); - assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE) .isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class); } @@ -281,9 +247,7 @@ public class NamespaceHttpTests { @Test // http@servlet-api-provision defaults to true public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception { this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire(); - this.mockMvc.perform(get("/")); - assertThat(SecurityContextHolderAwareRequestWrapper.class) .isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE); } @@ -291,9 +255,7 @@ public class NamespaceHttpTests { @Test // http@use-expressions=true public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() { this.spring.register(UseExpressionsConfig.class).autowire(); - UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class); - assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class) .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } @@ -301,9 +263,7 @@ public class NamespaceHttpTests { @Test // http@use-expressions=false public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() { this.spring.register(DisableUseExpressionsConfig.class).autowire(); - DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class); - assertThat(DefaultFilterInvocationSecurityMetadataSource.class) .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java index 25b5785f18..8e58db3ec9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java @@ -75,66 +75,44 @@ public class WebSecurityTests { @Test public void ignoringMvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setRequestURI("/other"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void ignoringMvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @@ -143,7 +121,6 @@ public class WebSecurityTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java index 8d5e1d5ca0..f66ab12ebd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java @@ -67,9 +67,7 @@ public class AuthenticationPrincipalArgumentResolverTests { context.setAuthentication( new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities())); SecurityContextHolder.setContext(context); - MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user")); } @@ -84,12 +82,10 @@ public class AuthenticationPrincipalArgumentResolverTests { .inMemoryAuthentication(); // @formatter:off } - @Bean public UsernameExtractor usernameExtractor() { return new UsernameExtractor(); } - @RestController static class UserController { @GetMapping("/users/self") @@ -98,7 +94,6 @@ public class AuthenticationPrincipalArgumentResolverTests { } } } - static class UsernameExtractor { public String extract(User u) { return "extracted-" + u.getUsername(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java index 15594e6498..96b058bd50 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -57,7 +57,6 @@ public class EnableWebSecurityTests { @Test public void configureWhenOverrideAuthenticationManagerBeanThenAuthenticationManagerBeanRegistered() { this.spring.register(SecurityConfig.class).autowire(); - AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class); Authentication authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken("user", "password")); @@ -73,7 +72,6 @@ public class EnableWebSecurityTests { @Test public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); } @@ -81,7 +79,6 @@ public class EnableWebSecurityTests { @Test public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire(); - this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); } @@ -89,20 +86,16 @@ public class EnableWebSecurityTests { @Test public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java index 732eebe133..12818336b9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java @@ -81,7 +81,6 @@ public class HttpSecurityConfigurationTests { @Test public void getWhenDefaultFilterChainBeanThenDefaultHeadersInResponse() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, @@ -100,48 +99,39 @@ public class HttpSecurityConfigurationTests { @Test public void logoutWhenDefaultFilterChainBeanThenCreatesDefaultLogoutEndpoint() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class).autowire(); - this.mockMvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/login?logout")); } @Test public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception { this.spring.register(DefaultWithFilterChainConfig.class, NameController.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob"))).andExpect(request().asyncStarted()) .andReturn(); - this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob")); } @Test public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception { this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); } @Test public void authenticateWhenDefaultFilterChainBeanThenSessionIdChanges() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mockMvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void authenticateWhenDefaultFilterChainBeanThenRedirectsToSavedRequest() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages")).andReturn().getRequest() .getSession(); - this.mockMvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andExpect(redirectedUrl("http://localhost/messages")); @@ -150,7 +140,6 @@ public class HttpSecurityConfigurationTests { @Test public void authenticateWhenDefaultFilterChainBeanThenRolePrefixIsSet() throws Exception { this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, UserController.class).autowire(); - this.mockMvc .perform(get("/user") .with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")))) @@ -160,7 +149,6 @@ public class HttpSecurityConfigurationTests { @Test public void loginWhenUsingDefaultsThenDefaultLoginPageGenerated() throws Exception { this.spring.register(SecurityEnabledConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java index bd872e58e4..815317885a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java @@ -77,29 +77,23 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId(clientRegistrationId).build(); given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId))) .willReturn(clientRegistration); - OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class); given(authorizedClient.getClientRegistration()).willReturn(clientRegistration); given(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication), any(HttpServletRequest.class))).willReturn(authorizedClient); - OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class); given(authorizedClient.getAccessToken()).willReturn(accessToken); - OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); - OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient; this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) @@ -113,25 +107,20 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() .registrationId(clientRegistrationId).build(); given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build(); given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class))) .willReturn(accessTokenResponse); - OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient; this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) @@ -177,28 +166,22 @@ public class OAuth2ClientConfigurationTests { String clientRegistrationId = "client1"; String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId(clientRegistrationId).build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName, TestOAuth2AccessTokens.noScopes()); - given(authorizedClientManager.authorize(any())).willReturn(authorizedClient); - OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager; this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire(); - this.mockMvc .perform(get("/authorized-client") .with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("resolved")); - verify(authorizedClientManager).authorize(any()); verifyNoInteractions(clientRegistrationRepository); verifyNoInteractions(authorizedClientRepository); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java index 37542b9fbb..77ee64ea66 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java @@ -60,7 +60,6 @@ public class Sec2515Tests { .getContext(); context.setClassLoader(new URLClassLoader(new URL[0], context.getClassLoader())); this.spring.autowire(); - assertThat(this.spring.getContext().getBean(AuthenticationManager.class)).isNotNull(); } // SEC-2515 diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java index a870dbc6e9..9f63464d12 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java @@ -63,7 +63,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { public void requestWhenUsingFilterThenBearerTokenPropagated() throws Exception { BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer(); this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire(); - this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("Bearer token")); } @@ -73,7 +72,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { public void requestWhenNotUsingFilterThenBearerTokenNotPropagated() throws Exception { BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer(); this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire(); - this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication))) .andExpect(status().isOk()).andExpect(content().string("")); } @@ -155,7 +153,6 @@ public class SecurityReactorContextConfigurationResourceServerTests { String header = request.getHeader("Authorization"); if (StringUtils.isBlank(header)) { return response; - } return response.setBody(header); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java index f4e09b2fe6..60e719b57a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java @@ -106,10 +106,8 @@ public class SecurityReactorContextConfigurationTests { RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - String testKey = "test_key"; String testValue = "test_value"; - BaseSubscriber parent = new BaseSubscriber() { @Override public Context currentContext() { @@ -117,9 +115,7 @@ public class SecurityReactorContextConfigurationTests { } }; CoreSubscriber subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent); - Context resultContext = subscriber.currentContext(); - assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue); Map securityContextAttributes = resultContext .getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null); @@ -134,7 +130,6 @@ public class SecurityReactorContextConfigurationTests { RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - Context parentContext = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>()); BaseSubscriber parent = new BaseSubscriber() { @@ -144,7 +139,6 @@ public class SecurityReactorContextConfigurationTests { } }; CoreSubscriber subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent); - Context resultContext = subscriber.currentContext(); assertThat(resultContext).isSameAs(parentContext); } @@ -189,7 +183,6 @@ public class SecurityReactorContextConfigurationTests { return null; } }); - CoreSubscriber subscriber = this.subscriberRegistrar .createSubscriberIfNecessary(Operators.emptySubscriber()); assertThat(subscriber).isInstanceOf(SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.class); @@ -200,14 +193,11 @@ public class SecurityReactorContextConfigurationTests { // Trigger the importing of SecurityReactorContextConfiguration via // OAuth2ImportSelector this.spring.register(SecurityConfig.class).autowire(); - // Setup for SecurityReactorContextSubscriberRegistrar RequestContextHolder .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); - ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build(); - ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext() .filter((ctx) -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)) .map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class) @@ -221,18 +211,14 @@ public class SecurityReactorContextConfigurationTests { return ClientResponse.create(HttpStatus.NOT_FOUND).build(); } }); - ClientRequest clientRequest = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); MockExchangeFunction exchange = new MockExchangeFunction(); - Map expectedContextAttributes = new HashMap<>(); expectedContextAttributes.put(HttpServletRequest.class, this.servletRequest); expectedContextAttributes.put(HttpServletResponse.class, this.servletResponse); expectedContextAttributes.put(Authentication.class, this.authentication); - Mono clientResponseMono = filter.filter(clientRequest, exchange) .flatMap((response) -> filter.filter(clientRequest, exchange)); - StepVerifier.create(clientResponseMono).expectAccessibleContext() .contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes) .then().expectNext(clientResponseOk).verifyComplete(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java index d3e2f8cce2..09d5c6d44b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java @@ -94,7 +94,6 @@ public class WebMvcSecurityConfigurationTests { public void csrfToken() throws Exception { CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token"); MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken); - this.mockMvc.perform(request).andExpect(assertResult(csrfToken)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java index 534425c175..5950691cc5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java @@ -89,30 +89,22 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebSecurityConfigurersHaveOrderThenFilterChainsOrdered() { this.spring.register(SortedWebSecurityConfigurerAdaptersConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); assertThat(filterChains).hasSize(6); - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); - request.setServletPath("/ignore1"); assertThat(filterChains.get(0).matches(request)).isTrue(); assertThat(filterChains.get(0).getFilters()).isEmpty(); - request.setServletPath("/ignore2"); assertThat(filterChains.get(1).matches(request)).isTrue(); assertThat(filterChains.get(1).getFilters()).isEmpty(); - request.setServletPath("/role1/**"); assertThat(filterChains.get(2).matches(request)).isTrue(); - request.setServletPath("/role2/**"); assertThat(filterChains.get(3).matches(request)).isTrue(); - request.setServletPath("/role3/**"); assertThat(filterChains.get(4).matches(request)).isTrue(); - request.setServletPath("/**"); assertThat(filterChains.get(5).matches(request)).isTrue(); } @@ -120,22 +112,16 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() { this.spring.register(SortedSecurityFilterChainConfig.class).autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); assertThat(filterChains).hasSize(4); - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); - request.setServletPath("/role1/**"); assertThat(filterChains.get(0).matches(request)).isTrue(); - request.setServletPath("/role2/**"); assertThat(filterChains.get(1).matches(request)).isTrue(); - request.setServletPath("/role3/**"); assertThat(filterChains.get(2).matches(request)).isTrue(); - request.setServletPath("/**"); assertThat(filterChains.get(3).matches(request)).isTrue(); } @@ -143,7 +129,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() { Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class) .hasMessageContaining("@Order on WebSecurityConfigurers must be unique") .hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName()) @@ -153,9 +138,7 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebInvocationPrivilegeEvaluatorSetThenIsRegistered() { PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class); - this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) .isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR); } @@ -165,9 +148,7 @@ public class WebSecurityConfigurationTests { WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class); given(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser()) .willReturn(mock(ExpressionParser.class)); - this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) .isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER); } @@ -176,7 +157,6 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() { Throwable thrown = catchThrowable( () -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class); assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class); } @@ -184,7 +164,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() { this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) .isInstanceOf(DefaultWebSecurityExpressionHandler.class); } @@ -195,7 +174,6 @@ public class WebSecurityConfigurationTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused", "ROLE_ADMIN"); FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); - AbstractSecurityExpressionHandler handler = this.spring.getContext() .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); @@ -210,7 +188,6 @@ public class WebSecurityConfigurationTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused"); FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); - AbstractSecurityExpressionHandler handler = this.spring.getContext() .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); @@ -222,7 +199,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenDefaultIsRegistered() { this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) .isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class); } @@ -239,7 +215,6 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenDefaultSecurityExpressionHandlerThenBeanResolverSet() throws Exception { this.spring.register(DefaultExpressionHandlerSetsBeanResolverConfig.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); this.mockMvc.perform(post("/")).andExpect(status().isForbidden()); } @@ -248,14 +223,11 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() { this.spring.register(ParentConfig.class).autowire(); - this.child.register(ChildConfig.class); this.child.getContext().setParent(this.spring.getContext()); this.child.autowire(); - assertThat(this.spring.getContext().getBean("springSecurityFilterChain")).isNotNull(); assertThat(this.child.getContext().getBean("springSecurityFilterChain")).isNotNull(); - assertThat(this.spring.getContext().containsBean("springSecurityFilterChain")).isTrue(); assertThat(this.child.getContext().containsBean("springSecurityFilterChain")).isTrue(); } @@ -271,17 +243,14 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() { this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class) .autowire(); - FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); - assertThat(filterChains).hasSize(4); } @Test public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() { Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire()); - assertThat(thrown).isInstanceOf(BeanCreationException.class) .hasRootCauseExactlyInstanceOf(IllegalStateException.class) .hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain."); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java index 57a1ca74f1..729c041d08 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java @@ -39,10 +39,8 @@ public class Sec2377Tests { @Test public void refreshContextWhenParentAndChildRegisteredThenNoException() { this.parent.register(Sec2377AConfig.class).autowire(); - ConfigurableApplicationContext context = this.child.register(Sec2377BConfig.class).getContext(); context.setParent(this.parent.getContext()); - this.child.autowire(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java index c585d27f40..39a50575ff 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java @@ -41,7 +41,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testGetRequestMatcherIsTypeRegexMatcher() { List requestMatchers = this.registry.regexMatchers(HttpMethod.GET, "/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class); } @@ -50,7 +49,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testRequestMatcherIsTypeRegexMatcher() { List requestMatchers = this.registry.regexMatchers("/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class); } @@ -59,7 +57,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testGetRequestMatcherIsTypeAntPathRequestMatcher() { List requestMatchers = this.registry.antMatchers(HttpMethod.GET, "/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class); } @@ -68,7 +65,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests { @Test public void testRequestMatcherIsTypeAntPathRequestMatcher() { List requestMatchers = this.registry.antMatchers("/a.*"); - for (RequestMatcher requestMatcher : requestMatchers) { assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java index 71e4af4647..c25de5ebaf 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java @@ -52,28 +52,24 @@ public class AnonymousConfigurerTests { @Test public void requestWhenAnonymousTwiceInvokedThenDoesNotOverride() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(content().string("principal")); } @Test public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception { this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(content().string("principal")); } @Test public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception { this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isForbidden()); } @Test public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception { this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire(); - this.mockMvc.perform(get("/")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java index 935e4c62d4..22792f926e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java @@ -94,9 +94,7 @@ public class AuthorizeRequestsTests { public void antMatchersMethodAndNoPatterns() throws Exception { loadConfig(AntMatchersNoPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -104,9 +102,7 @@ public class AuthorizeRequestsTests { public void postWhenPostDenyAllInLambdaThenRespondsWithForbidden() throws Exception { loadConfig(AntMatchersNoPatternsInLambdaConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -114,18 +110,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariables() throws Exception { loadConfig(AntPatchersPathVariables.class); - this.request.setServletPath("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -133,18 +123,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariablesCaseInsensitive() throws Exception { loadConfig(AntPatchersPathVariables.class); - this.request.setServletPath("/USER/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/USER/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -152,18 +136,12 @@ public class AuthorizeRequestsTests { @Test public void antMatchersPathVariablesCaseInsensitiveCamelCaseVariables() throws Exception { loadConfig(AntMatchersPathVariablesCamelCaseVariables.class); - this.request.setServletPath("/USER/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setServletPath("/USER/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -171,185 +149,126 @@ public class AuthorizeRequestsTests { @Test public void roleHiearchy() throws Exception { loadConfig(RoleHiearchyConfig.class); - SecurityContext securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused", AuthorityUtils.createAuthorityList("ROLE_USER"))); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherDenyAllThenRespondsWithUnauthorized() throws Exception { loadConfig(MvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherServletPathDenyAllThenMatchesOnServletPath() throws Exception { loadConfig(MvcMatcherServletPathInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void mvcMatcherPathVariables() throws Exception { loadConfig(MvcMatcherPathVariablesConfig.class); - this.request.setRequestURI("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setRequestURI("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestWhenMvcMatcherPathVariablesThenMatchesOnPathVariables() throws Exception { loadConfig(MvcMatcherPathVariablesInLambdaConfig.class); - this.request.setRequestURI("/user/user"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - this.setup(); this.request.setRequestURI("/user/deny"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -358,7 +277,6 @@ public class AuthorizeRequestsTests { this.context.register(configs); this.context.setServletContext(this.servletContext); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java index 11f93dafb3..491c1960ea 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java @@ -56,7 +56,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnInsecureChannelProcessor() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(InsecureChannelProcessor.class)); } @@ -64,7 +63,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecureChannelProcessor() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecureChannelProcessor.class)); } @@ -72,7 +70,6 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelDecisionManagerImpl() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelDecisionManagerImpl.class)); } @@ -80,21 +77,18 @@ public class ChannelSecurityConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelProcessingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelProcessingFilter.class)); } @Test public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/")); } @Test public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception { this.spring.register(RequiresChannelInLambdaConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java index a238e07b2c..0530f29de3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java @@ -73,7 +73,6 @@ public class CorsConfigurerTests { @Test public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -82,7 +81,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -93,7 +91,6 @@ public class CorsConfigurerTests { @Test public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -102,7 +99,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -113,7 +109,6 @@ public class CorsConfigurerTests { @Test public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -122,7 +117,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -134,7 +128,6 @@ public class CorsConfigurerTests { public void getWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -144,7 +137,6 @@ public class CorsConfigurerTests { public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -155,7 +147,6 @@ public class CorsConfigurerTests { @Test public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -164,7 +155,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) @@ -175,7 +165,6 @@ public class CorsConfigurerTests { @Test public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) .andExpect(header().exists("Access-Control-Allow-Origin")) .andExpect(header().exists("X-Content-Type-Options")); @@ -184,7 +173,6 @@ public class CorsConfigurerTests { @Test public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java index 14c59ab078..7ae673cef3 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java @@ -50,43 +50,31 @@ public class CsrfConfigurerIgnoringRequestMatchersTests { @Test public void requestWhenIgnoringRequestMatchersThenAugmentedByConfiguredRequestMatcher() throws Exception { this.spring.register(IgnoringRequestMatchers.class, BasicController.class).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isForbidden()); - this.mvc.perform(post("/path")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception { this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isForbidden()); - this.mvc.perform(post("/path")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception { - this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()); - this.mvc.perform(post("/csrf")).andExpect(status().isOk()); - this.mvc.perform(put("/no-csrf")).andExpect(status().isOk()); } @Test public void requestWhenIgnoringRequestMatcherInLambdaThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception { - this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()); - this.mvc.perform(post("/csrf")).andExpect(status().isOk()); - this.mvc.perform(put("/no-csrf")).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java index 387ec6a009..108f04abb2 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java @@ -50,21 +50,18 @@ public class CsrfConfigurerNoWebMvcTests { @Test public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() { loadContext(EnableWebConfig.class); - assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } @Test public void findDispatcherServletPreventsCsrfRequestDataValueProcessor() { loadContext(EnableWebMvcConfig.class); - assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } @Test public void overrideCsrfRequestDataValueProcessor() { loadContext(EnableWebOverrideRequestDataConfig.class); - assertThat(this.context.getBean(RequestDataValueProcessor.class).getClass()) .isNotEqualTo(CsrfRequestDataValueProcessor.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java index 2162872879..dbdc70f79e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java @@ -96,7 +96,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(post("/")).andExpect(status().isForbidden()); } @@ -105,7 +104,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(put("/")).andExpect(status().isForbidden()); } @@ -114,7 +112,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(patch("/")).andExpect(status().isForbidden()); } @@ -123,7 +120,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(delete("/")).andExpect(status().isForbidden()); } @@ -132,7 +128,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(request("INVALID", URI.create("/"))).andExpect(status().isForbidden()); } @@ -141,7 +136,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -150,7 +144,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(head("/")).andExpect(status().isOk()); } @@ -159,7 +152,6 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(request(HttpMethod.TRACE, "/")).andExpect(status().isOk()); } @@ -168,28 +160,24 @@ public class CsrfConfigurerTests { this.spring .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) .autowire(); - this.mvc.perform(options("/")).andExpect(status().isOk()); } @Test public void enableWebSecurityWhenDefaultConfigurationThenCreatesRequestDataValueProcessor() { this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class).autowire(); - assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull(); } @Test public void postWhenCsrfDisabledThenRespondsWithOk() throws Exception { this.spring.register(DisableCsrfConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); } @Test public void postWhenCsrfDisabledInLambdaThenRespondsWithOk() throws Exception { this.spring.register(DisableCsrfInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); } @@ -197,9 +185,7 @@ public class CsrfConfigurerTests { @Test public void loginWhenCsrfDisabledThenRedirectsToPreviousPostRequest() throws Exception { this.spring.register(DisableCsrfEnablesRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/to-save")).andReturn(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password") .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/to-save")); @@ -212,12 +198,10 @@ public class CsrfConfigurerTests { given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn(); this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("/")); - verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) .loadToken(any(HttpServletRequest.class)); } @@ -229,12 +213,10 @@ public class CsrfConfigurerTests { given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn(); this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/some-url")); - verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) .loadToken(any(HttpServletRequest.class)); } @@ -243,10 +225,8 @@ public class CsrfConfigurerTests { @Test public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception { this.spring.register(InvalidSessionUrlConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")).andExpect(status().isFound()) .andExpect(redirectedUrl("/error/sessionError")).andReturn(); - this.mvc.perform(post("/").session((MockHttpSession) mvcResult.getRequest().getSession())) .andExpect(status().isForbidden()); } @@ -255,7 +235,6 @@ public class CsrfConfigurerTests { public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception { this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire(); given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(false); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -264,7 +243,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherConfig.MATCHER = mock(RequestMatcher.class); given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(true); this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isForbidden()); } @@ -273,7 +251,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class); this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire(); given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(false); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -282,7 +259,6 @@ public class CsrfConfigurerTests { RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class); given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(true); this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isForbidden()); } @@ -292,7 +268,6 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryConfig.REPO.loadToken(any())) .willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token")); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryConfig.REPO).loadToken(any(HttpServletRequest.class)); } @@ -301,9 +276,7 @@ public class CsrfConfigurerTests { public void logoutWhenCustomCsrfTokenRepositoryThenCsrfTokenIsCleared() throws Exception { CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user"))); - verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -315,10 +288,8 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfTokenRepositoryConfig.REPO.generateToken(any())).willReturn(csrfToken); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); - verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -329,7 +300,6 @@ public class CsrfConfigurerTests { given(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any())) .willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token")); this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class)); } @@ -338,9 +308,7 @@ public class CsrfConfigurerTests { public void getWhenCustomAccessDeniedHandlerThenHandlerIsUsed() throws Exception { AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class); this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/")).andExpect(status().isOk()); - verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any()); } @@ -348,7 +316,6 @@ public class CsrfConfigurerTests { @Test public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isForbidden()).andExpect(unauthenticated()); } @@ -356,7 +323,6 @@ public class CsrfConfigurerTests { @Test public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden()) .andExpect(authenticated()); } @@ -365,14 +331,12 @@ public class CsrfConfigurerTests { @Test public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated()); } @Test public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception { this.spring.register(LogoutAllowsGetConfig.class).autowire(); - this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated()); } @@ -386,9 +350,7 @@ public class CsrfConfigurerTests { @Test public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception { this.spring.register(DefaultDoesNotCreateSession.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); - assertThat(mvcResult.getRequest().getSession(false)).isNull(); } @@ -401,12 +363,9 @@ public class CsrfConfigurerTests { @Test public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception { CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class); - this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); - verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java index ef9220d001..f16d989226 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java @@ -100,10 +100,8 @@ public class DefaultFiltersTests { assertThat(filterChains.size()).isEqualTo(2); DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0); DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1); - assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true); assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class); - List> classes = secondFilter.getFilters().stream().map(Filter::getClass) .collect(Collectors.toList()); assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue(); @@ -125,11 +123,9 @@ public class DefaultFiltersTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest("POST", ""); request.setServletPath("/logout"); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response); request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); - this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response, new MockFilterChain()); assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java index 3b398acaac..3b7ff75b02 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java @@ -68,7 +68,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void getWhenFormLoginEnabledThenRedirectsToLoginPage() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); } @@ -77,7 +76,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -103,7 +101,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginWhenNoCredentialsThenRedirectedToLoginPageWithError() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error")); } @@ -112,9 +109,7 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf())).andReturn(); - this.mvc.perform(get("/login?error").session((MockHttpSession) mvcResult.getRequest().getSession()) .sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" @@ -142,7 +137,6 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginWhenValidCredentialsThenRedirectsToDefaultSuccessPage() throws Exception { this.spring.register(DefaultLoginPageConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); } @@ -152,7 +146,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -179,14 +172,12 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginPageWhenLoggedOutAndCustomLogoutSuccessHandlerThenDoesNotRenderLoginPage() throws Exception { this.spring.register(DefaultLoginPageCustomLogoutSuccessHandlerConfig.class).autowire(); - this.mvc.perform(get("/login?logout")).andExpect(content().string("")); } @Test public void loginPageWhenLoggedOutAndCustomLogoutSuccessUrlThenDoesNotRenderLoginPage() throws Exception { this.spring.register(DefaultLoginPageCustomLogoutSuccessUrlConfig.class).autowire(); - this.mvc.perform(get("/login?logout")).andExpect(content().string("")); } @@ -195,7 +186,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -223,10 +213,8 @@ public class DefaultLoginPageConfigurerTests { @Test public void loginPageWhenOpenIdLoginConfiguredThenOpedIdLoginPage() throws Exception { this.spring.register(DefaultLoginPageWithOpenIDConfig.class).autowire(); - CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -251,7 +239,6 @@ public class DefaultLoginPageConfigurerTests { this.spring.register(DefaultLoginPageWithFormLoginOpenIDRememberMeConfig.class).autowire(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN"); - this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)) .andExpect(content().string("\n" + "\n" + " \n" + " \n" @@ -290,7 +277,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnDefaultLoginPageGeneratingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(DefaultLoginPageGeneratingFilter.class)); } @@ -298,7 +284,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @@ -307,7 +292,6 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class)); } @@ -315,14 +299,12 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } @Test public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() { this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire(); - FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChain.getFilterChains().get(0).getFilters().stream() .filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java index 139b2ab63b..1022b268e5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java @@ -55,9 +55,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenThenCustomizesResponseByRequest() throws Exception { this.spring.register(RequestMatcherBasedAccessDeniedHandlerConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden()); } @@ -65,9 +63,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception { this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden()); } @@ -75,9 +71,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { @WithMockUser(roles = "ANYTHING") public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception { this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire(); - this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot()); - this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java index bc22565be6..594083644f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java @@ -67,7 +67,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } @@ -75,7 +74,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML)) .andExpect(status().isFound()); } @@ -84,7 +82,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImageGifThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_GIF)).andExpect(status().isFound()); } @@ -92,7 +89,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImageJpgThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_JPEG)).andExpect(status().isFound()); } @@ -100,7 +96,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsImagePngThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_PNG)).andExpect(status().isFound()); } @@ -108,7 +103,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextHtmlThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)).andExpect(status().isFound()); } @@ -116,7 +110,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextPlainThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_PLAIN)).andExpect(status().isFound()); } @@ -124,7 +117,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML)) .andExpect(status().isUnauthorized()); } @@ -133,7 +125,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED)) .andExpect(status().isUnauthorized()); } @@ -142,7 +133,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationJsonThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON)) .andExpect(status().isUnauthorized()); } @@ -151,7 +141,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM)) .andExpect(status().isUnauthorized()); } @@ -160,7 +149,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA)) .andExpect(status().isUnauthorized()); } @@ -169,7 +157,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptHeaderIsTextXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_XML)).andExpect(status().isUnauthorized()); } @@ -177,14 +164,12 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptIsAnyThenRespondsWith401() throws Exception { this.spring.register(DefaultSecurityConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.ALL)).andExpect(status().isUnauthorized()); } @Test public void getWhenAcceptIsChromeThenRespondsWith302() throws Exception { this.spring.register(DefaultSecurityConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8")) .andExpect(status().isFound()); @@ -193,7 +178,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptIsTextPlainAndXRequestedWithIsXHRThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); - this.mvc.perform(get("/").header("Accept", MediaType.TEXT_PLAIN).header("X-Requested-With", "XMLHttpRequest")) .andExpect(status().isUnauthorized()); } @@ -202,9 +186,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception { this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class) .autowire(); - this.mvc.perform(get("/")); - verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce()) .resolveMediaTypes(any(NativeWebRequest.class)); } @@ -212,7 +194,6 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception { this.spring.register(DefaultHttpConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")) .andExpect(redirectedUrl("http://localhost/login")); } @@ -220,16 +201,13 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception { this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized()); } @Test public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -278,17 +256,14 @@ public class ExceptionHandlingConfigurerTests { // @formatter:off } } - @EnableWebSecurity static class HttpBasicAndFormLoginEntryPointsConfig extends WebSecurityConfigurerAdapter { - @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } - @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java index d4fb8ebf88..f1abe4e97a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java @@ -93,7 +93,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenNoCustomAccessDecisionManagerThenUsesAffirmativeBased() { this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire(); - verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor).postProcess(any(AffirmativeBased.class)); } @@ -113,7 +112,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -122,7 +120,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -130,14 +127,12 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAnyAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -146,7 +141,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -154,14 +148,12 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER")))) .andExpect(status().isOk()); } @@ -169,7 +161,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -178,7 +169,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleOtherThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER")))) .andExpect(status().isForbidden()); } @@ -186,49 +176,42 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAuthorityRoleUserOrAdminAuthRequiredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenHasAnyRoleUserConfiguredAndRoleIsAdminThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsAdminThenRespondsWithOk() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isOk()); } @Test public void getWhenRoleUserOrAdminConfiguredAndRoleIsOtherThenRespondsWithForbidden() throws Exception { this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden()); } @Test public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception { this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with((request) -> { request.setRemoteAddr("192.168.1.0"); return request; @@ -238,7 +221,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenHasIpAddressConfiguredAndIpAddressDoesNotMatchThenRespondsWithUnauthorized() throws Exception { this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with((request) -> { request.setRemoteAddr("192.168.1.1"); return request; @@ -248,28 +230,24 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenAnonymousConfiguredAndAnonymousUserThenRespondsWithOk() throws Exception { this.spring.register(AnonymousConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void getWhenAnonymousConfiguredAndLoggedInUserThenRespondsWithForbidden() throws Exception { this.spring.register(AnonymousConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden()); } @Test public void getWhenRememberMeConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(RememberMeConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWhenRememberMeConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception { this.spring.register(RememberMeConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isOk()); @@ -278,28 +256,24 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception { this.spring.register(DenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); } @Test public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception { this.spring.register(DenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception { this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception { this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isOk()); @@ -308,7 +282,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception { this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(authentication( new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"))))) .andExpect(status().isUnauthorized()); @@ -317,35 +290,30 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception { this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception { this.spring.register(AccessConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized()); } @Test public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception { this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire(); - this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized()); } @@ -358,58 +326,49 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenApplicationListenerInvokedOnAuthorizedEvent() throws Exception { this.spring.register(AuthorizedRequestsWithPostProcessorConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(AuthorizedRequestsWithPostProcessorConfig.AL).onApplicationEvent(any(AuthorizedEvent.class)); } @Test public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @Test public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @@ -417,7 +376,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @@ -425,7 +383,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() { this.spring.register(Sec3011Config.class).autowire(); - verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class)); } @@ -433,7 +390,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeMatchesThenRespondsWithOk() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow")).andExpect(status().isOk()); } @@ -441,7 +397,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny")).andExpect(status().isForbidden()); } @@ -449,7 +404,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectMatchesThenRespondsWithOk() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allowObject")).andExpect(status().isOk()); } @@ -457,21 +411,18 @@ public class ExpressionUrlAuthorizationConfigurerTests { public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectDoesNotMatchThenRespondsWithForbidden() throws Exception { this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden()); } @Test public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception { this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk()); } @Test public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception { this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire(); - this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden()); } @@ -939,7 +890,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Bean PermissionEvaluator permissionEvaluator() { return new PermissionEvaluator() { - @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { @@ -951,7 +901,6 @@ public class ExpressionUrlAuthorizationConfigurerTests { Object permission) { return "ID".equals(targetId) && "TYPE".equals(targetType) && "PERMISSION".equals(permission); } - }; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java index 505d5313a4..af6618b1fa 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java @@ -69,29 +69,22 @@ public class FormLoginConfigurerTests { @Test public void requestCache() throws Exception { this.spring.register(RequestCacheConfig.class, AuthenticationTestConfiguration.class).autowire(); - RequestCacheConfig config = this.spring.getContext().getBean(RequestCacheConfig.class); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); - verify(config.requestCache).getRequest(any(), any()); } @Test public void requestCacheAsBean() throws Exception { this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire(); - RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); - this.mockMvc.perform(formLogin()).andExpect(authenticated()); - verify(requestCache).getRequest(any(), any()); } @Test public void loginWhenFormLoginConfiguredThenHasDefaultUsernameAndPasswordParameterNames() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("username", "user").password("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -99,7 +92,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginConfiguredThenHasDefaultFailureUrl() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -107,28 +99,24 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginConfiguredThenHasDefaultSuccessUrl() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void getLoginPageWhenFormLoginConfiguredThenNotSecured() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isFound()); } @Test public void loginWhenFormLoginConfiguredThenSecured() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(post("/login")).andExpect(status().isForbidden()); } @Test public void requestProtectedWhenFormLoginConfiguredThenRedirectsToLogin() throws Exception { this.spring.register(FormLoginConfig.class).autowire(); - this.mockMvc.perform(get("/private")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -136,7 +124,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultUsernameAndPasswordParameterNames() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("username", "user").password("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -144,7 +131,6 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultFailureUrl() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -152,28 +138,24 @@ public class FormLoginConfigurerTests { @Test public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultSuccessUrl() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void getLoginPageWhenFormLoginDefaultsInLambdaThenNotSecured() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()); } @Test public void loginWhenFormLoginDefaultsInLambdaThenSecured() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(post("/login")).andExpect(status().isForbidden()); } @Test public void requestProtectedWhenFormLoginDefaultsInLambdaThenRedirectsToLogin() throws Exception { this.spring.register(FormLoginInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/private")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -181,21 +163,18 @@ public class FormLoginConfigurerTests { @Test public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(get("/login")).andExpect(status().isOk()).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWithErrorQueryWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(get("/login?error")).andExpect(status().isOk()).andExpect(redirectedUrl(null)); } @Test public void loginWhenFormLoginPermitAllAndInvalidUserThenRedirectsToLoginPageWithError() throws Exception { this.spring.register(FormLoginConfigPermitAll.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?error")); } @@ -203,21 +182,18 @@ public class FormLoginConfigurerTests { @Test public void getLoginPageWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWithErrorQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate?error")).andExpect(redirectedUrl(null)); } @Test public void loginWhenCustomLoginPageAndInvalidUserThenRedirectsToCustomLoginPageWithError() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(formLogin("/authenticate").user("invalid")).andExpect(status().isFound()) .andExpect(redirectedUrl("/authenticate?error")); } @@ -225,35 +201,30 @@ public class FormLoginConfigurerTests { @Test public void logoutWhenCustomLoginPageThenRedirectsToCustomLoginPage() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(logout()).andExpect(redirectedUrl("/authenticate?logout")); } @Test public void getLoginPageWithLogoutQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate?logout")).andExpect(redirectedUrl(null)); } @Test public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception { this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null)); } @Test public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception { this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire(); - this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @Test public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception { this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire(); - this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -262,17 +233,14 @@ public class FormLoginConfigurerTests { FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class); given(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).willReturn(9443); this.spring.register(FormLoginUsesPortMapperConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost:9443/login")); - verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any()); } @Test public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception { this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire(); - this.mockMvc.perform(get("/login?error")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -280,21 +248,18 @@ public class FormLoginConfigurerTests { @Test public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated()); } @Test public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception { this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url")); } @Test public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception { this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire(); - this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url")); } @@ -302,7 +267,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @@ -311,7 +275,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class)); } @@ -319,7 +282,6 @@ public class FormLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java index 12d4c472cb..6dd607e894 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java @@ -48,7 +48,6 @@ public class HeadersConfigurerEagerHeadersTests { @Test public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception { this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff")) .andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java index 81a541d42d..c4da0f5809 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java @@ -62,7 +62,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeadersConfiguredThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) @@ -80,7 +79,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeadersConfiguredInLambdaThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) @@ -99,7 +97,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndContentTypeConfiguredThenOnlyContentTypeHeaderInResponse() throws Exception { this.spring.register(ContentTypeOptionsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); @@ -108,7 +105,6 @@ public class HeadersConfigurerTests { @Test public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception { this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); @@ -118,7 +114,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndFrameOptionsConfiguredThenOnlyFrameOptionsHeaderInResponse() throws Exception { this.spring.register(FrameOptionsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS); @@ -128,7 +123,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndHstsConfiguredThenOnlyStrictTransportSecurityHeaderInResponse() throws Exception { this.spring.register(HstsConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect( header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) @@ -140,7 +134,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndCacheControlConfiguredThenCacheControlAndExpiresAndPragmaHeadersInResponse() throws Exception { this.spring.register(CacheControlConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) .andExpect(header().string(HttpHeaders.EXPIRES, "0")) @@ -153,7 +146,6 @@ public class HeadersConfigurerTests { public void getWhenOnlyCacheControlConfiguredInLambdaThenCacheControlAndExpiresAndPragmaHeadersInResponse() throws Exception { this.spring.register(CacheControlInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) .andExpect(header().string(HttpHeaders.EXPIRES, "0")) @@ -166,7 +158,6 @@ public class HeadersConfigurerTests { public void getWhenHeaderDefaultsDisabledAndXssProtectionConfiguredThenOnlyXssProtectionHeaderInResponse() throws Exception { this.spring.register(XssProtectionConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); @@ -175,7 +166,6 @@ public class HeadersConfigurerTests { @Test public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception { this.spring.register(XssProtectionInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); @@ -184,7 +174,6 @@ public class HeadersConfigurerTests { @Test public void getWhenFrameOptionsSameOriginConfiguredThenFrameOptionsHeaderHasValueSameOrigin() throws Exception { this.spring.register(HeadersCustomSameOriginConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) .andReturn(); @@ -194,7 +183,6 @@ public class HeadersConfigurerTests { public void getWhenFrameOptionsSameOriginConfiguredInLambdaThenFrameOptionsHeaderHasValueSameOrigin() throws Exception { this.spring.register(HeadersCustomSameOriginInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) .andReturn(); @@ -203,7 +191,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHeaderDefaultsDisabledAndPublicHpkpWithNoPinThenNoHeadersInResponse() throws Exception { this.spring.register(HpkpConfigNoPins.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty(); } @@ -211,7 +198,6 @@ public class HeadersConfigurerTests { @Test public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception { this.spring.register(HpkpConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -222,7 +208,6 @@ public class HeadersConfigurerTests { @Test public void getWhenInsecureRequestHeaderDefaultsDisabledAndHpkpWithPinThenNoHeadersInResponse() throws Exception { this.spring.register(HpkpConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty(); } @@ -231,7 +216,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse() throws Exception { this.spring.register(HpkpConfigWithPins.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"")) @@ -242,7 +226,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception { this.spring.register(HpkpConfigCustomAge.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -253,7 +236,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception { this.spring.register(HpkpConfigTerminateConnection.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -265,7 +247,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse() throws Exception { this.spring.register(HpkpConfigIncludeSubDomains.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains")) @@ -276,7 +257,6 @@ public class HeadersConfigurerTests { @Test public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpConfigWithReportURI.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -288,7 +268,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpConfigWithReportURIAsString.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -300,7 +279,6 @@ public class HeadersConfigurerTests { public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception { this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string( HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY, "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -311,7 +289,6 @@ public class HeadersConfigurerTests { @Test public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY); @@ -321,7 +298,6 @@ public class HeadersConfigurerTests { public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY, "default-src 'self'; script-src trustedscripts.example.com")) @@ -334,7 +310,6 @@ public class HeadersConfigurerTests { public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse() throws Exception { this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY, "default-src 'self'; script-src trustedscripts.example.com")) @@ -358,7 +333,6 @@ public class HeadersConfigurerTests { @Test public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception { this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY); @@ -367,7 +341,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception { this.spring.register(ReferrerPolicyDefaultConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -376,7 +349,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception { this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -386,7 +358,6 @@ public class HeadersConfigurerTests { public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse() throws Exception { this.spring.register(ReferrerPolicyCustomConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -395,7 +366,6 @@ public class HeadersConfigurerTests { @Test public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception { this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy"); @@ -404,7 +374,6 @@ public class HeadersConfigurerTests { @Test public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception { this.spring.register(FeaturePolicyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) .andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy"); @@ -420,7 +389,6 @@ public class HeadersConfigurerTests { public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse() throws Exception { this.spring.register(HstsWithPreloadConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header() .string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload")) .andReturn(); @@ -431,7 +399,6 @@ public class HeadersConfigurerTests { public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse() throws Exception { this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header() .string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload")) .andReturn(); @@ -659,7 +626,6 @@ public class HeadersConfigurerTests { Map pins = new LinkedHashMap<>(); pins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); pins.put("E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=", "sha256"); - // @formatter:off http .headers() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java index 493a85479d..2626139e22 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java @@ -67,14 +67,12 @@ public class HttpBasicConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnBasicAuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(BasicAuthenticationFilter.class)); } @Test public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\"")); } @@ -83,7 +81,6 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(DefaultsEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\"")); } @@ -91,9 +88,7 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenUsingCustomAuthenticationEntryPointThenResponseIncludesBasicChallenge() throws Exception { this.spring.register(CustomAuthenticationEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -101,9 +96,7 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenInvokedTwiceThenUsesOriginalEntryPoint() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -112,7 +105,6 @@ public class HttpBasicConfigurerTests { @Test public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception { this.spring.register(BasicUsesRememberMeConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true")) .andExpect(cookie().exists("remember-me")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java index 5357ad70da..9690aed1dd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java @@ -73,9 +73,7 @@ public class HttpSecurityAntMatchersTests { public void antMatchersMethodAndNoPatterns() throws Exception { loadConfig(AntMatchersNoPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -84,9 +82,7 @@ public class HttpSecurityAntMatchersTests { public void antMatchersMethodAndEmptyPatterns() throws Exception { loadConfig(AntMatchersEmptyPatternsConfig.class); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -94,7 +90,6 @@ public class HttpSecurityAntMatchersTests { this.context = new AnnotationConfigWebApplicationContext(); this.context.register(configs); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java index 11ac70b1a6..da18813b49 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java @@ -73,17 +73,13 @@ public class HttpSecurityLogoutTests { @Test public void clearAuthenticationFalse() throws Exception { loadConfig(ClearAuthenticationFalseConfig.class); - SecurityContext currentContext = SecurityContextHolder.createEmptyContext(); currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext); this.request.setMethod("POST"); this.request.setServletPath("/logout"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(currentContext.getAuthentication()).isNotNull(); } @@ -91,7 +87,6 @@ public class HttpSecurityLogoutTests { this.context = new AnnotationConfigWebApplicationContext(); this.context.register(configs); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java index 652e5852aa..ca4ae5ff5b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java @@ -78,135 +78,92 @@ public class HttpSecurityRequestMatchersTests { @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherGetFiltersNoUnsupportedMethodExceptionFromDummyRequest() { loadConfig(MvcMatcherConfig.class); - assertThat(this.springSecurityFilterChain.getFilters("/path")).isNotEmpty(); } @Test public void requestMatchersMvcMatcher() throws Exception { loadConfig(RequestMatchersMvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestMatchersWhenMvcMatcherInLambdaThenPathIsSecured() throws Exception { loadConfig(RequestMatchersMvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void requestMatchersMvcMatcherServletPath() throws Exception { loadConfig(RequestMatchersMvcMatcherServeltPathConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath(""); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void requestMatcherWhensMvcMatcherServletPathInLambdaThenPathIsSecured() throws Exception { loadConfig(RequestMatchersMvcMatcherServletPathInLambdaConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath(""); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/other"); this.request.setRequestURI("/other/path"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -215,7 +172,6 @@ public class HttpSecurityRequestMatchersTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java index 0f3eefb8ed..bb9e239a48 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java @@ -56,7 +56,6 @@ public class Issue55Tests { TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this"); this.spring.register(WebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class); this.spring.getContext().getBean(FilterChainProxy.class); - FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0); assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT); } @@ -67,10 +66,8 @@ public class Issue55Tests { TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this"); this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class); this.spring.getContext().getBean(FilterChainProxy.class); - FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0); assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT); - FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 1); assertThat(secondFilter.getAuthenticationManager().authenticate(token)) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java index 485689185d..88e80b78bb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java @@ -61,7 +61,6 @@ public class JeeConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eePreAuthenticatedProcessingFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(J2eePreAuthenticatedProcessingFilter.class)); } @@ -70,7 +69,6 @@ public class JeeConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class)); } @@ -80,7 +78,6 @@ public class JeeConfigurerTests { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -93,7 +90,6 @@ public class JeeConfigurerTests { this.spring.register(JeeMappableRolesConfig.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -106,7 +102,6 @@ public class JeeConfigurerTests { this.spring.register(JeeMappableAuthoritiesConfig.class).autowire(); Principal user = mock(Principal.class); given(user.getName()).willReturn("user"); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); @@ -124,7 +119,6 @@ public class JeeConfigurerTests { given(user.getName()).willReturn("user"); given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any())) .willReturn(userDetails); - this.mvc.perform(get("/").principal(user).with((request) -> { request.addUserRole("ROLE_ADMIN"); request.addUserRole("ROLE_USER"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java index ac8ed76df9..42b88900f7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java @@ -67,7 +67,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypeGetThenHeaderNotPresentt() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(get("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER)); } @@ -76,7 +75,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER)); } @@ -85,7 +83,6 @@ public class LogoutConfigurerClearSiteDataTests { @WithMockUser public void logoutWhenRequestTypePostAndSecureThenHeaderIsPresent() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf())) .andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java index c6a722e127..45bf708553 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java @@ -91,14 +91,12 @@ public class LogoutConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LogoutFilter.class)); } @Test public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(post("/custom/logout").with(csrf())).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -107,42 +105,36 @@ public class LogoutConfigurerTests { @Test public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(get("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPostRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(post("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPutRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(put("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenDeleteRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenPostRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(post("/custom/logout")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -150,14 +142,12 @@ public class LogoutConfigurerTests { @Test public void logoutWhenPutRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(put("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @Test public void logoutWhenDeleteRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire(); - this.mvc.perform(delete("/custom/logout")).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -165,7 +155,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception { this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); } @@ -186,7 +175,6 @@ public class LogoutConfigurerTests { @Test public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception { this.spring.register(RememberMeNoLogoutHandler.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound()) .andExpect(redirectedUrl("/login?logout")); } @@ -194,7 +182,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform( post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE)) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); @@ -204,7 +191,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptApplicationJsonThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isNoContent()); } @@ -213,7 +199,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptAllThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform( post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE)) .andExpect(status().isNoContent()); @@ -223,7 +208,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenAcceptFromChromeThenRedirectsToLogin() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); @@ -233,7 +217,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenXMLHttpRequestThenReturnsStatusNoContent() throws Exception { this.spring.register(BasicSecurityConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user")) .header(HttpHeaders.ACCEPT, "text/html,application/json").header("X-Requested-With", "XMLHttpRequest")) .andExpect(status().isNoContent()); @@ -242,7 +225,6 @@ public class LogoutConfigurerTests { @Test public void logoutWhenDisabledThenLogoutUrlNotFound() throws Exception { this.spring.register(LogoutDisabledConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isNotFound()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java index 1d66dfce56..18e2fc89af 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java @@ -65,24 +65,18 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(HttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\"")); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @Test public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception { this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\"")); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @@ -92,7 +86,6 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); } @@ -100,7 +93,6 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); } @@ -111,12 +103,9 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire(); - AuthenticationDetailsSource source = this.spring.getContext() .getBean(AuthenticationDetailsSource.class); - this.mvc.perform(get("/").with(httpBasic("user", "password"))); - verify(source).buildDetails(any(HttpServletRequest.class)); } @@ -124,12 +113,9 @@ public class NamespaceHttpBasicTests { public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - AuthenticationDetailsSource source = this.spring.getContext() .getBean(AuthenticationDetailsSource.class); - this.mvc.perform(get("/").with(httpBasic("user", "password"))); - verify(source).buildDetails(any(HttpServletRequest.class)); } @@ -139,22 +125,16 @@ public class NamespaceHttpBasicTests { @Test public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception { this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @Test public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999)); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java index b080cf6754..074fa8a2ec 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java @@ -63,11 +63,8 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWhenDefaultConfigurationThenMatchesNamespace() throws Exception { this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error")); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/")); } @@ -75,12 +72,9 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login")); - this.mvc.perform(post("/authentication/login/process").with(csrf())) .andExpect(redirectedUrl("/authentication/login?failed")); - this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password") .with(csrf())).andExpect(redirectedUrl("/default")); } @@ -88,12 +82,9 @@ public class NamespaceHttpFormLoginTests { @Test public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure")); verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class)); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/custom/targetUrl")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java index eef4ba934a..c9f11e767f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java @@ -50,7 +50,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class NamespaceHttpHeadersTests { static final Map defaultHeaders = new LinkedHashMap<>(); - static { defaultHeaders.put("X-Content-Type-Options", "nosniff"); defaultHeaders.put("X-Frame-Options", "DENY"); @@ -60,7 +59,6 @@ public class NamespaceHttpHeadersTests { defaultHeaders.put("Pragma", "no-cache"); defaultHeaders.put("X-XSS-Protection", "1; mode=block"); } - @Rule public final SpringTestRule spring = new SpringTestRule(); @@ -70,28 +68,24 @@ public class NamespaceHttpHeadersTests { @Test public void secureRequestWhenDefaultConfigThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeadersDefaultConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includesDefaults()); } @Test public void secureRequestWhenCacheControlOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeadersCacheControlConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includes("Cache-Control", "Expires", "Pragma")); } @Test public void secureRequestWhenHstsOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HstsConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(includes("Strict-Transport-Security")); } @Test public void requestWhenHstsCustomThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HstsCustomConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000"))); } @@ -99,14 +93,12 @@ public class NamespaceHttpHeadersTests { @Test public void requestWhenFrameOptionsSameOriginThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FrameOptionsSameOriginConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN"))); } @Test public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FrameOptionsAllowFromConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com"))); } @@ -114,28 +106,24 @@ public class NamespaceHttpHeadersTests { @Test public void requestWhenXssOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(XssProtectionConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes("X-XSS-Protection")); } @Test public void requestWhenXssCustomThenBehaviorMatchesNamespace() throws Exception { this.spring.register(XssProtectionCustomConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1"))); } @Test public void requestWhenXContentTypeOptionsOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(ContentTypeOptionsConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(includes("X-Content-Type-Options")); } @Test public void requestWhenCustomHeaderOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeaderRefConfig.class).autowire(); - this.mvc.perform(get("/")) .andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue"))); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java index e88dd304e4..bd4d5ac0a9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java @@ -60,32 +60,26 @@ public class NamespaceHttpInterceptUrlTests { @Test public void unauthenticatedRequestWhenUrlRequiresAuthenticationThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/users")).andExpect(status().isForbidden()); } @Test public void authenticatedRequestWhenUrlRequiresElevatedPrivilegesThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/users").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden()); } @Test public void authenticatedRequestWhenAuthorizedThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire(); - this.mvc.perform(get("/users").with(authentication(user("ROLE_ADMIN")))).andExpect(status().isOk()).andReturn(); } @Test public void requestWhenMappedByPostInterceptUrlThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire(); - this.mvc.perform(get("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isOk()); - this.mvc.perform(post("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden()); - this.mvc.perform(post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -93,11 +87,8 @@ public class NamespaceHttpInterceptUrlTests { @Test public void requestWhenRequiresChannelThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlConfig.class).autowire(); - this.mvc.perform(get("/login")).andExpect(redirectedUrl("https://localhost/login")); - this.mvc.perform(get("/secured/a")).andExpect(redirectedUrl("https://localhost/secured/a")); - this.mvc.perform(get("https://localhost/user")).andExpect(redirectedUrl("http://localhost/user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java index 96a9287fe8..f83e15ba4a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java @@ -62,10 +62,8 @@ public class NamespaceHttpJeeTests { @Test public void requestWhenJeeUserThenBehaviorDiffersFromNamespaceForRoleNames() throws Exception { this.spring.register(JeeMappableRolesConfig.class, BaseController.class).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - this.mvc.perform(get("/roles").principal(user).with((request) -> { request.addUserRole("ROLE_admin"); request.addUserRole("ROLE_user"); @@ -77,18 +75,13 @@ public class NamespaceHttpJeeTests { @Test public void requestWhenCustomAuthenticatedUserDetailsServiceThenBehaviorMatchesNamespace() throws Exception { this.spring.register(JeeUserServiceRefConfig.class, BaseController.class).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - User result = new User(user.getName(), "N/A", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_user")); - given(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).willReturn(result); - this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk()) .andExpect(content().string("ROLE_user")); - verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java index 3f69893ed9..8b93855cb9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java @@ -72,7 +72,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(HttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull)); } @@ -81,7 +80,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception { this.spring.register(HttpLogoutDisabledInLambdaConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound()); } @@ -92,7 +90,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception { this.spring.register(CustomHttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/logout-success")) .andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1)) @@ -103,7 +100,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/logout-success")) .andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1)) @@ -117,7 +113,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception { this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies()) .andExpect(session(Objects::isNull)); @@ -127,7 +122,6 @@ public class NamespaceHttpLogoutTests { @WithMockUser public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception { this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false)) .andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies()) .andExpect(session(Objects::isNull)); @@ -224,7 +218,6 @@ public class NamespaceHttpLogoutTests { protected void configure(HttpSecurity http) throws Exception { SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig"); - // @formatter:off http .logout((logout) -> logout.logoutSuccessHandler(logoutSuccessHandler)); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java index 373c29186a..26ad03f0de 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java @@ -104,18 +104,14 @@ public class NamespaceHttpOpenIDLoginTests { given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform(get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://www.google.com/1")) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); @@ -144,25 +140,20 @@ public class NamespaceHttpOpenIDLoginTests { public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception { OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, "identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type"))); - OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class); given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class))) .willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource()); OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class); - this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire(); - given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))) .willThrow(new AuthenticationServiceException("boom")); this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity")) .andExpect(redirectedUrl("/custom/failure")); reset(OpenIDLoginCustomRefsConfig.CONSUMER); - given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).willReturn(token); this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity")) .andExpect(redirectedUrl("/custom/targetUrl")); - verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class)); verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java index 3d4d1a8874..011409d9fb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java @@ -49,12 +49,9 @@ public class NamespaceHttpPortMappingsTests { @Test public void portMappingWhenRequestRequiresChannelThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HttpInterceptUrlWithPortMapperConfig.class).autowire(); - this.mvc.perform(get("http://localhost:9080/login")).andExpect(redirectedUrl("https://localhost:9443/login")); - this.mvc.perform(get("http://localhost:9080/secured/a")) .andExpect(redirectedUrl("https://localhost:9443/secured/a")); - this.mvc.perform(get("https://localhost:9443/user")).andExpect(redirectedUrl("http://localhost:9080/user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java index a67380193c..be604a4b8a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java @@ -68,9 +68,7 @@ public class NamespaceHttpRequestCacheTests { @Test public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception { this.spring.register(DefaultRequestCacheRefConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn(); - HttpSession session = result.getRequest().getSession(false); assertThat(session).isNotNull(); assertThat(session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java index f431f397be..03c12efdb5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java @@ -69,7 +69,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests { @Test public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception { this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden()) .andExpect(forwardedUrl("/AccessDeniedPageConfig")); } @@ -85,9 +84,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests { @Test public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception { this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire(); - this.mvc.perform(get("/").with(authentication(user()))); - verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java index e6d6576183..5f30c3c7c8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java @@ -81,10 +81,8 @@ public class NamespaceHttpX509Tests { @Test public void x509AuthenticationWhenHasCustomAuthenticationDetailsSourceThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire(); - X509Certificate certificate = loadCert("rod.cer"); this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod")); - verifyBean(AuthenticationDetailsSource.class).buildDetails(any()); } @@ -183,7 +181,6 @@ public class NamespaceHttpX509Tests { @Bean AuthenticationDetailsSource authenticationDetailsSource() { - return mock(AuthenticationDetailsSource.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java index 949fea0e42..5a5347c334 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java @@ -82,19 +82,15 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception { this.spring.register(RememberMeConfig.class, SecurityController.class).autowire(); MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); Cookie rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull(); this.mvc.perform(get("/authentication-class").cookie(rememberMe)) .andExpect(content().string(RememberMeAuthenticationToken.class.getName())); - result = this.mvc.perform(post("/logout").with(csrf()).session(session).cookie(rememberMe)) .andExpect(redirectedUrl("/login?logout")).andReturn(); - rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0); - this.mvc.perform(post("/authentication-class").with(csrf()).cookie(rememberMe)) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); } @@ -105,11 +101,9 @@ public class NamespaceRememberMeTests { public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception { RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class); this.spring.register(RememberMeServicesRefConfig.class).autowire(); - this.mvc.perform(get("/")); verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class), any(HttpServletResponse.class)); - this.mvc.perform(post("/login").with(csrf())); verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -119,15 +113,11 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception { AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class); this.spring.register(AuthSuccessConfig.class).autowire(); - MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn(); - verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER); - Cookie rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull(); this.mvc.perform(get("/somewhere").cookie(rememberMe)); - verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); } @@ -137,10 +127,8 @@ public class NamespaceRememberMeTests { this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire(); Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin())) .andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me"); - this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); - Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound()); @@ -148,16 +136,13 @@ public class NamespaceRememberMeTests { // http/remember-me@services-alias is not supported use standard aliasing instead // (i.e. @Bean("alias")) - // http/remember-me@data-source-ref is not supported directly. Instead use // http/remember-me@token-repository-ref example @Test public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception { TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class); this.spring.register(TokenRepositoryRefConfig.class).autowire(); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class)); } @@ -166,7 +151,6 @@ public class NamespaceRememberMeTests { this.spring.register(TokenValiditySecondsConfig.class).autowire(); Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314); } @@ -175,7 +159,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeConfig.class).autowire(); Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S); } @@ -184,7 +167,6 @@ public class NamespaceRememberMeTests { this.spring.register(UseSecureCookieConfig.class).autowire(); Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("remember-me"); - assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true); } @@ -193,7 +175,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeConfig.class).autowire(); Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn() .getResponse().getCookie("remember-me"); - assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true); } @@ -202,7 +183,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeParameterConfig.class).autowire(); Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn() .getResponse().getCookie("remember-me"); - assertThat(rememberMe).isNotNull(); } @@ -212,7 +192,6 @@ public class NamespaceRememberMeTests { this.spring.register(RememberMeCookieNameConfig.class).autowire(); Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse() .getCookie("rememberMe"); - assertThat(rememberMe).isNotNull(); } @@ -220,9 +199,7 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenGlobalUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception { DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class); this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire(); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user"); } @@ -230,12 +207,9 @@ public class NamespaceRememberMeTests { public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception { UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class); this.spring.register(UserServiceRefConfig.class).autowire(); - given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user")) .willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); - this.mvc.perform(post("/login").with(rememberMeLogin())); - verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user"); } @@ -363,7 +337,6 @@ public class NamespaceRememberMeTests { protected void configure(HttpSecurity http) throws Exception { // JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl() // tokenRepository.setDataSource(dataSource); - // @formatter:off http .formLogin() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java index 6f08c7290a..8ddd312c45 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java @@ -82,20 +82,16 @@ public class NamespaceSessionManagementTests { public void authenticateWhenDefaultSessionManagementThenMatchesNamespace() throws Exception { this.spring.register(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionIdValid(false); request.setRequestedSessionId("id"); @@ -106,13 +102,11 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingExpiredUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(); SessionInformation sessionInformation = new SessionInformation(new Object(), session.getId(), new Date(0)); sessionInformation.expireNow(); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); given(sessionRegistry.getSessionInformation(session.getId())).willReturn(sessionInformation); - this.mvc.perform(get("/auth").session(session)).andExpect(redirectedUrl("/expired-session")); } @@ -120,9 +114,7 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingMaxSessionsThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/session-auth-error")); } @@ -131,12 +123,10 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingFailureUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpServletRequest mock = spy(MockHttpServletRequest.class); mock.setSession(new MockHttpSession()); given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class); mock.setMethod("GET"); - this.mvc.perform(get("/auth").with((request) -> mock).with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/session-auth-error")); } @@ -145,11 +135,8 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingSessionRegistryThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class)); } @@ -157,13 +144,11 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception { this.spring.register(InvalidSessionStrategyConfig.class).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionIdValid(false); request.setRequestedSessionId("id"); return request; })).andExpect(status().isOk()); - verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -172,9 +157,7 @@ public class NamespaceSessionManagementTests { public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception { this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -184,13 +167,11 @@ public class NamespaceSessionManagementTests { this.spring .register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) .autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isEqualTo(resultingSession.getId()); } @@ -198,15 +179,12 @@ public class NamespaceSessionManagementTests { public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception { this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isEqualTo("value"); } @@ -215,25 +193,20 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception { this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire(); - this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()); - verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class)); } @Test public void authenticateWhenNewSessionFixationProtectionThenMatchesNamespace() throws Exception { this.spring.register(SFPNewSessionSessionManagementConfig.class, UserDetailsServiceConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isNull(); } @@ -465,11 +438,8 @@ public class NamespaceSessionManagementTests { assertThat(result.getRequest().getSession(false)).isNull(); return; } - assertThat(result.getRequest().getSession(false)).isNotNull(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); @@ -478,7 +448,6 @@ public class NamespaceSessionManagementTests { assertThat(session.isInvalid()).isTrue(); } } - if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java index f30939fb0d..ce7a15b331 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java @@ -49,7 +49,6 @@ public class PermitAllSupportTests { @Test public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception { this.spring.register(PermitAllConfig.class).autowire(); - this.mvc.perform(get("/app/xyz").contextPath("/app")).andExpect(status().isNotFound()); this.mvc.perform(get("/app/xyz?def").contextPath("/app")).andExpect(status().isFound()); this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app")).andExpect(status().isNotFound()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java index 6c7f1d59ea..bf21abbd7c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java @@ -47,21 +47,18 @@ public class PortMapperConfigurerTests { @Test public void requestWhenPortMapperTwiceInvokedThenDoesNotOverride() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } @Test public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception { this.spring.register(HttpMapsToInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } @Test public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception { this.spring.register(CustomPortMapperInLambdaConfig.class).autowire(); - this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java index 8ec6c1b5a7..54bc6ee582 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java @@ -81,7 +81,6 @@ public class RememberMeConfigurerTests { @Test public void postWhenNoUserDetailsServiceThenException() { this.spring.register(NullUserDetailsConfig.class).autowire(); - assertThatThrownBy(() -> this.mvc.perform(post("/login").param("username", "user").param("password", "password") .param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required"); } @@ -89,7 +88,6 @@ public class RememberMeConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RememberMeAuthenticationFilter.class)); } @@ -98,16 +96,13 @@ public class RememberMeConfigurerTests { given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString())) .willReturn(new User("user", "password", Collections.emptyList())); this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true")); - verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user"); } @Test public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")); } @@ -115,11 +110,9 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationToken() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated() .withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class))); } @@ -127,12 +120,10 @@ public class RememberMeConfigurerTests { @Test public void logoutWhenRememberMeCookieThenAuthenticationIsRememberMeCookieExpired() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); HttpSession session = mvcResult.getRequest().getSession(); - this.mvc.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session)) .andExpect(redirectedUrl("/login?logout")).andExpect(cookie().maxAge("remember-me", 0)); } @@ -140,7 +131,6 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieAndLoggedOutThenRedirectsToLogin() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult loginMvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = loginMvcResult.getResponse().getCookie("remember-me"); @@ -149,7 +139,6 @@ public class RememberMeConfigurerTests { .perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session)) .andReturn(); Cookie expiredRememberMeCookie = logoutMvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").with(csrf()).cookie(expiredRememberMeCookie)) .andExpect(redirectedUrl("http://localhost/login")); } @@ -157,7 +146,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception { this.spring.register(RememberMeInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")); } @@ -165,7 +153,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception { this.spring.register(RememberMeCookieDomainConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")) .andExpect(cookie().domain("remember-me", "spring.io")); @@ -174,7 +161,6 @@ public class RememberMeConfigurerTests { @Test public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception { this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password") .param("remember-me", "true")).andExpect(cookie().exists("remember-me")) .andExpect(cookie().domain("remember-me", "spring.io")); @@ -190,11 +176,9 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception { this.spring.register(FallbackRememberMeKeyConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") .param("password", "password").param("remember-me", "true")).andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); - this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated() .withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class))); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java index d769b5869d..5079480e76 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java @@ -69,16 +69,13 @@ public class RequestCacheConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() { this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RequestCacheAwareFilter.class)); } @Test public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(InvokeTwiceDoesNotOverrideConfig.requestCache).getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -86,10 +83,8 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // favicon.ico } @@ -97,10 +92,8 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedUrlIsFaviconPngThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // favicon.png } @@ -109,14 +102,11 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsApplicationJsonThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // application/json - // This is desirable since JSON requests are typically not invoked directly from // the browser and we don't want the browser to replay them } @@ -125,13 +115,10 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsXRequestedWithThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header("X-Requested-With", "XMLHttpRequest")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); - // This is desirable since XHR requests are typically not invoked directly from // the browser and we don't want the browser to replay them } @@ -139,14 +126,11 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores // text/event-stream - // This is desirable since event-stream requests are typically not invoked // directly from the browser and we don't want the browser to replay them } @@ -154,45 +138,37 @@ public class RequestCacheConfigurerTests { @Test public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsTextHtmlThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsChromeThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @Test public void getWhenBookmarkedRequestIsRequestedWithAndroidThenPostAuthenticationRemembers() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc .perform(get("/messages").header("X-Requested-With", "com.android")) .andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages")); } @@ -201,9 +177,7 @@ public class RequestCacheConfigurerTests { public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception { this.spring.register(RequestCacheDisabledConfig.class, ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @@ -211,12 +185,9 @@ public class RequestCacheConfigurerTests { @Test public void postWhenRequestIsMultipartThenPostAuthenticationRedirectsToRoot() throws Exception { this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire(); - MockMultipartFile aFile = new MockMultipartFile("aFile", "A_FILE".getBytes()); - MockHttpSession session = (MockHttpSession) this.mvc.perform(multipart("/upload").file(aFile)).andReturn() .getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @@ -224,27 +195,21 @@ public class RequestCacheConfigurerTests { public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception { this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } @Test public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception { this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob")); } @Test public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception { this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession(); - this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java index e820678b2f..f0c8500cc1 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java @@ -47,7 +47,6 @@ public class RequestMatcherConfigurerTests { @Test public void authorizeRequestsWhenInvokedMultipleTimesThenChainsPaths() throws Exception { this.spring.register(Sec2908Config.class).autowire(); - this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden()); this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden()); } @@ -55,7 +54,6 @@ public class RequestMatcherConfigurerTests { @Test public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception { this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire(); - this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden()); this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java index e3bb13407c..fc99c2772d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java @@ -67,7 +67,6 @@ public class SecurityContextConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextPersistenceFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecurityContextPersistenceFilter.class)); } @@ -75,9 +74,7 @@ public class SecurityContextConfigurerTests { public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).willReturn(mock(SecurityContext.class)); - this.mvc.perform(get("/")); - verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class)); } @@ -85,14 +82,12 @@ public class SecurityContextConfigurerTests { @Test public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception { this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire(); - this.mvc.perform(get("/")); } @Test public void requestWhenSecurityContextWithDefaultsInLambdaThenSessionIsCreated() throws Exception { this.spring.register(SecurityContextWithDefaultsInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNotNull(); @@ -101,7 +96,6 @@ public class SecurityContextConfigurerTests { @Test public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); @@ -110,7 +104,6 @@ public class SecurityContextConfigurerTests { @Test public void requestWhenNullSecurityContextRepositoryInLambdaThenContextNotSavedInSession() throws Exception { this.spring.register(NullSecurityContextRepositoryInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java index 274b156c11..ed71acbf53 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java @@ -88,7 +88,6 @@ public class ServletApiConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextHolderAwareRequestFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(SecurityContextHolderAwareRequestFilter.class)); } @@ -97,14 +96,12 @@ public class ServletApiConfigurerTests { @Test public void configureWhenUsingDefaultsThenAuthenticationManagerIsNotNull() { this.spring.register(ServletApiConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("customAuthenticationManager")).isNotNull(); } @Test public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception { this.spring.register(ServletApiConfig.class).autowire(); - this.mvc.perform(formLogin()).andExpect(status().isFound()); } @@ -112,7 +109,6 @@ public class ServletApiConfigurerTests { @Test public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception { this.spring.register(ServletApiConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")))) .andExpect(status().isOk()); @@ -121,9 +117,7 @@ public class ServletApiConfigurerTests { @Test public void requestWhenCustomAuthenticationEntryPointThenEntryPointUsed() throws Exception { this.spring.register(CustomEntryPointConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -131,11 +125,9 @@ public class ServletApiConfigurerTests { @Test public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception { this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")))) .andExpect(status().isOk()); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -143,16 +135,13 @@ public class ServletApiConfigurerTests { @Test public void configureWhenSharedObjectTrustResolverThenTrustResolverUsed() throws Exception { this.spring.register(SharedTrustResolverConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any()); } @Test public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception { this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire(); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isOk()); } @@ -160,11 +149,9 @@ public class ServletApiConfigurerTests { @Test public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception { this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire(); - this.mvc.perform( get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")))) .andExpect(status().isOk()); - this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")))) .andExpect(status().isForbidden()); } @@ -172,18 +159,13 @@ public class ServletApiConfigurerTests { @Test public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() { this.spring.register(ServletApiWithLogoutConfig.class); - SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class); LogoutFilter logoutFilter = getFilter(LogoutFilter.class); - LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler"); assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); - List scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers"); List lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers"); - assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers); - assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java index 10362b3eb7..53f7b0ec8a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java @@ -95,11 +95,8 @@ public class SessionManagementConfigurerServlet31Tests { repository.saveToken(token, request, this.response); request.setParameter(token.getParameterName(), token.getToken()); request.getSession().setAttribute("attribute1", "value1"); - loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1"); } @@ -116,7 +113,6 @@ public class SessionManagementConfigurerServlet31Tests { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response); repo.loadContext(requestResponseHolder); - SecurityContextImpl securityContextImpl = new SecurityContextImpl(); securityContextImpl.setAuthentication(auth); repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse()); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java index 11f60b1e9e..d86e005146 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java @@ -47,31 +47,22 @@ public class SessionManagementConfigurerSessionCreationPolicyTests { @Test public void getWhenSharedObjectSessionCreationPolicyConfigurationThenOverrides() throws Exception { - this.spring.register(StatelessCreateSessionSharedObjectConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception { - this.spring.register(StatelessCreateSessionUserConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception { - this.spring.register(DefaultConfig.class, BasicController.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @@ -96,7 +87,6 @@ public class SessionManagementConfigurerSessionCreationPolicyTests { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on - http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java index 095c01d59c..0c66f6da6f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java @@ -83,9 +83,7 @@ public class SessionManagementConfigurerTests { public void sessionManagementWhenConfiguredThenDoesNotOverrideRequestCache() throws Exception { SessionManagementRequestCacheConfig.REQUEST_CACHE = mock(RequestCache.class); this.spring.register(SessionManagementRequestCacheConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SessionManagementRequestCacheConfig.REQUEST_CACHE).getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -96,9 +94,7 @@ public class SessionManagementConfigurerTests { given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO .loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class)); this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire(); - this.mvc.perform(get("/")); - verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO) .saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -106,10 +102,8 @@ public class SessionManagementConfigurerTests { @Test public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -120,25 +114,20 @@ public class SessionManagementConfigurerTests { this.spring.register(DisableSessionFixationEnableConcurrencyControlConfig.class).autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult mvcResult = this.mvc.perform(get("/").with(httpBasic("user", "password")).session(session)) .andExpect(status().isNotFound()).andReturn(); - assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId); } @Test public void authenticateWhenNewSessionFixationProtectionInLambdaThenCreatesNewSession() throws Exception { this.spring.register(SFPNewSessionInLambdaConfig.class).autowire(); - MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); - MockHttpSession resultingSession = (MockHttpSession) this.mvc .perform(get("/auth").session(givenSession).with(httpBasic("user", "password"))) .andExpect(status().isNotFound()).andReturn().getRequest().getSession(false); - assertThat(givenSessionId).isNotEqualTo(resultingSession.getId()); assertThat(resultingSession.getAttribute("name")).isNull(); } @@ -146,9 +135,7 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception { this.spring.register(ConcurrencyControlConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?error")); } @@ -156,13 +143,11 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserSessionExpiredAndMaxSessionsIsOneThenLoggedIn() throws Exception { this.spring.register(ConcurrencyControlConfig.class).autowire(); - MvcResult mvcResult = this.mvc .perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andReturn(); HttpSession authenticatedSession = mvcResult.getRequest().getSession(); this.spring.getContext().publishEvent(new HttpSessionDestroyedEvent(authenticatedSession)); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -170,9 +155,7 @@ public class SessionManagementConfigurerTests { @Test public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception { this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire(); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")); - this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")) .andExpect(status().isFound()).andExpect(redirectedUrl("/login?error")); } @@ -180,10 +163,8 @@ public class SessionManagementConfigurerTests { @Test public void requestWhenSessionCreationPolicyStateLessInLambdaThenNoSessionCreated() throws Exception { this.spring.register(SessionCreationPolicyStateLessInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); - assertThat(session).isNull(); } @@ -191,7 +172,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSessionManagementFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SessionManagementFilter.class)); } @@ -199,7 +179,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ConcurrentSessionFilter.class)); } @@ -207,7 +186,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionControlAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(ConcurrentSessionControlAuthenticationStrategy.class)); } @@ -216,7 +194,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnCompositeSessionAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(CompositeSessionAuthenticationStrategy.class)); } @@ -225,7 +202,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRegisterSessionAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(RegisterSessionAuthenticationStrategy.class)); } @@ -234,7 +210,6 @@ public class SessionManagementConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChangeSessionIdAuthenticationStrategy() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor) .postProcess(any(ChangeSessionIdAuthenticationStrategy.class)); } @@ -245,9 +220,7 @@ public class SessionManagementConfigurerTests { SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class); given(SharedTrustResolverConfig.TR.isAnonymous(any())).willReturn(false); this.spring.register(SharedTrustResolverConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(get("/")).andReturn(); - assertThat(mvcResult.getRequest().getSession(false)).isNotNull(); } @@ -255,10 +228,8 @@ public class SessionManagementConfigurerTests { public void whenOneSessionRegistryBeanThenUseIt() throws Exception { SessionRegistryOneBeanConfig.SESSION_REGISTRY = mock(SessionRegistry.class); this.spring.register(SessionRegistryOneBeanConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext()); this.mvc.perform(get("/").session(session)); - verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId()); } @@ -267,10 +238,8 @@ public class SessionManagementConfigurerTests { SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE = mock(SessionRegistry.class); SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO = mock(SessionRegistry.class); this.spring.register(SessionRegistryTwoBeansConfig.class).autowire(); - MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext()); this.mvc.perform(get("/").session(session)); - verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE); verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java index 7323136e1c..c5b5dd2cc5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java @@ -50,7 +50,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception { - this.spring.register(WithTransientAuthenticationConfig.class).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNull(); @@ -58,7 +57,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception { - this.spring.register(AlwaysCreateSessionConfig.class).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java index b9b61ad579..34dcb0f52d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java @@ -78,67 +78,45 @@ public class UrlAuthorizationConfigurerTests { @Test public void mvcMatcher() throws Exception { loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class); - this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setRequestURI("/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @Test public void mvcMatcherServletPath() throws Exception { loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path.html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/spring"); this.request.setRequestURI("/spring/path/"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); - setup(); - this.request.setServletPath("/foo"); this.request.setRequestURI("/foo/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); - setup(); - this.request.setServletPath("/"); this.request.setRequestURI("/path"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -152,7 +130,6 @@ public class UrlAuthorizationConfigurerTests { this.context.register(configs); this.context.setServletContext(new MockServletContext()); this.context.refresh(); - this.context.getAutowireCapableBeanFactory().autowireBean(this); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java index 5fe6a6b770..110b468030 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java @@ -61,7 +61,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "ROLE_USER") public void hasAnyAuthorityWhenAuthoritySpecifiedThenMatchesAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user-authority")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-admin-authority")).andExpect(status().isForbidden()); @@ -71,7 +70,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "ROLE_ADMIN") public void hasAnyAuthorityWhenAuthoritiesSpecifiedThenMatchesAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user-admin-authority")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user-admin")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user-authority")).andExpect(status().isForbidden()); @@ -81,7 +79,6 @@ public class UrlAuthorizationsTests { @WithMockUser(roles = "USER") public void hasAnyRoleWhenRoleSpecifiedThenMatchesRole() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden()); } @@ -90,7 +87,6 @@ public class UrlAuthorizationsTests { @WithMockUser(roles = "ADMIN") public void hasAnyRoleWhenRolesSpecifiedThenMatchesRole() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-admin-user")).andExpect(status().isNotFound()); this.mvc.perform(get("/role-user")).andExpect(status().isForbidden()); } @@ -99,7 +95,6 @@ public class UrlAuthorizationsTests { @WithMockUser(authorities = "USER") public void hasAnyRoleWhenRoleSpecifiedThenDoesNotMatchAuthority() throws Exception { this.spring.register(RoleConfig.class).autowire(); - this.mvc.perform(get("/role-user")).andExpect(status().isForbidden()); this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden()); } @@ -107,7 +102,6 @@ public class UrlAuthorizationsTests { @Test public void configureWhenNoAccessDecisionManagerThenDefaultsToAffirmativeBased() { this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire(); - FilterSecurityInterceptor interceptor = getFilter(FilterSecurityInterceptor.class); assertThat(interceptor).isNotNull(); assertThat(interceptor).extracting("accessDecisionManager").isInstanceOf(AffirmativeBased.class); @@ -151,7 +145,6 @@ public class UrlAuthorizationsTests { ApplicationContext context = getApplicationContext(); UrlAuthorizationConfigurer.StandardInterceptUrlRegistry registry = http .apply(new UrlAuthorizationConfigurer(context)).getRegistry(); - registry.antMatchers("/a").hasRole("ADMIN").anyRequest().hasRole("USER"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java index 64ca605e85..655ed245be 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java @@ -61,7 +61,6 @@ public class X509ConfigurerTests { @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnX509AuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(X509AuthenticationFilter.class)); } @@ -69,7 +68,6 @@ public class X509ConfigurerTests { public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); X509Certificate certificate = loadCert("rodatexampledotcom.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } @@ -77,7 +75,6 @@ public class X509ConfigurerTests { public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception { this.spring.register(DefaultsInLambdaConfig.class).autowire(); X509Certificate certificate = loadCert("rod.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } @@ -85,7 +82,6 @@ public class X509ConfigurerTests { public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception { this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire(); X509Certificate certificate = loadCert("rodatexampledotcom.cer"); - this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 7e96a853e8..f9a3df7356 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -120,7 +120,6 @@ public class OAuth2ClientConfigurerTests { authorizedClientService); authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, "/oauth2/authorization"); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build(); accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); @@ -132,7 +131,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenAuthorizationCodeRequestThenRedirectForAuthorization() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) @@ -143,7 +141,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenOauth2ClientInLambdaThenRedirectForAuthorization() throws Exception { this.spring.register(OAuth2ClientInLambdaConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) @@ -154,7 +151,6 @@ public class OAuth2ClientConfigurerTests { @Test public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - // Setup the Authorization Request in the session Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); @@ -162,21 +158,16 @@ public class OAuth2ClientConfigurerTests { .authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()) .clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state") .attributes(attributes).build(); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); MockHttpServletResponse response = new MockHttpServletResponse(); authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - MockHttpSession session = (MockHttpSession) request.getSession(); - String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code") .param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1")); - OAuth2AuthorizedClient authorizedClient = authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request); assertThat(authorizedClient).isNotNull(); @@ -186,20 +177,17 @@ public class OAuth2ClientConfigurerTests { public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1"))) .andExpect(status().is3xxRedirection()).andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); - verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test public void configureWhenRequestCacheProvidedAndClientAuthorizationSucceedsThenRequestCacheUsed() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); - // Setup the Authorization Request in the session Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); @@ -207,21 +195,16 @@ public class OAuth2ClientConfigurerTests { .authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()) .clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state") .attributes(attributes).build(); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); MockHttpServletResponse response = new MockHttpServletResponse(); authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - MockHttpSession session = (MockHttpSession) request.getSession(); - String principalName = "user1"; TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); - this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code") .param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1")); - verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -234,12 +217,9 @@ public class OAuth2ClientConfigurerTests { authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class); given(authorizationRequestResolver.resolve(any())) .willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0))); - this.spring.register(OAuth2ClientConfig.class).autowire(); - this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection()) .andReturn(); - verify(authorizationRequestResolver).resolve(any()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java index 206b1157c2..6845659dce 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java @@ -157,18 +157,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2Login() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -184,9 +180,7 @@ public class OAuth2LoginConfigurerTests { this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); @@ -199,18 +193,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWhenSuccessThenAuthenticationSuccessEventPublished() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions assertThat(OAuth2LoginConfig.EVENTS).isNotEmpty(); assertThat(OAuth2LoginConfig.EVENTS).hasSize(1); @@ -221,18 +211,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -245,18 +231,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -269,18 +251,14 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginCustomWithUserServiceBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomUserServiceBeanRegistration.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -294,19 +272,15 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginConfigLoginProcessingUrl() throws Exception { // setup application context loadConfig(OAuth2LoginConfigLoginProcessingUrl.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.request.setServletPath("/login/oauth2/google"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -327,13 +301,10 @@ public class OAuth2LoginConfigurerTests { "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1") .build(); given(resolver.resolve(any())).willReturn(result); - String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1"); } @@ -350,13 +321,10 @@ public class OAuth2LoginConfigurerTests { "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1") .build(); given(resolver.resolve(any())).willReturn(result); - String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1"); } @@ -365,13 +333,10 @@ public class OAuth2LoginConfigurerTests { @Test public void oauth2LoginWithOneClientConfiguredThenRedirectForAuthorization() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google"); } @@ -380,14 +345,11 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/favicon.ico"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.request.addHeader(HttpHeaders.ACCEPT, new MediaType("image", "*").toString()); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); } @@ -395,13 +357,10 @@ public class OAuth2LoginConfigurerTests { @Test public void oauth2LoginWithMultipleClientsConfiguredThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfigMultipleClients.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); } @@ -410,40 +369,31 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception { loadConfig(OAuth2LoginConfig.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.request.addHeader("X-Requested-With", "XMLHttpRequest"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).doesNotMatch("http://localhost/oauth2/authorization/google"); } @Test public void oauth2LoginWithCustomLoginPageThenRedirectCustomLoginPage() throws Exception { loadConfig(OAuth2LoginConfigCustomLoginPage.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login"); } @Test public void requestWhenOauth2LoginWithCustomLoginPageInLambdaThenRedirectCustomLoginPage() throws Exception { loadConfig(OAuth2LoginConfigCustomLoginPageInLambda.class); - String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login"); } @@ -451,18 +401,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLogin() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -475,18 +421,14 @@ public class OAuth2LoginConfigurerTests { public void requestWhenOauth2LoginInLambdaAndOidcThenAuthenticationContainsOidcUserAuthority() throws Exception { // setup application context loadConfig(OAuth2LoginInLambdaConfig.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -499,18 +441,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -523,18 +461,14 @@ public class OAuth2LoginConfigurerTests { public void oidcLoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class, JwtDecoderFactoryConfig.class); - // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response); - // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -555,10 +489,8 @@ public class OAuth2LoginConfigurerTests { @Test public void logoutWhenUsingOidcLogoutHandlerThenRedirects() throws Exception { this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire(); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, "registration-id"); - this.mvc.perform(post("/logout").with(authentication(token)).with(csrf())) .andExpect(redirectedUrl("https://logout?id_token_hint=id-token")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java index 407342ba0e..47540c3e06 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java @@ -195,22 +195,18 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @Test public void getWhenUsingDefaultsInLambdaWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultInLambdaConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @@ -220,7 +216,6 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(WebServerConfig.class, JwkSetUriConfig.class, BasicController.class).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @@ -230,90 +225,73 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(WebServerConfig.class, JwkSetUriInLambdaConfig.class, BasicController.class).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("ok")); } @Test public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations("malformed"); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken() throws Exception { - this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire(); this.web.shutdown(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Bearer token is malformed")); } @Test public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("MalformedPayload"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()).andExpect( invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload")); } @Test public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); String token = this.token("Unsigned"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Unsupported algorithm of none")); } @Test public void getWhenUsingDefaultsWithBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); this.mockRestOperations(jwks("Default")); String token = this.token("TooEarly"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/").with(bearerToken("token")).with(bearerToken("token").asParam())) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); @@ -321,22 +299,17 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("access_token", "token1"); params.add("access_token", "token2"); - this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); } @Test public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(post("/") // engage csrf .with(bearerToken("token").asParam())).andExpect(status().isForbidden()) .andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); @@ -344,9 +317,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.register(CsrfDisabledConfig.class).autowire(); - this.mvc.perform(post("/").with(bearerToken("token").asParam())).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @@ -357,232 +328,184 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isNotFound()); } @Test public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @Test public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingDefaultsWithInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingDefaultsWithInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingDefaultsAndAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Empty")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenUsingDefaultsAndAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void getWhenUsingDefaultsAndKeyMatchesByKidThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("Kid"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingMethodSecurityWithValidBearerTokenHavingScpAttributeThenAcceptsRequest() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScp"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("[SCOPE_message:read]")); } @Test public void getWhenUsingMethodSecurityWithInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); - } @Test public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void getWhenUsingMethodSecurityWithDenyAllThenInsufficientScopeError() throws Exception { - this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/ms-deny").with(bearerToken(token))).andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader()); } @Test public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @Test public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies() throws Exception { - this.spring.register(JwkSetUriConfig.class).autowire(); - this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden()) .andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); } @Test public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated() throws Exception { - this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire(); mockRestOperations(json("Active")); - MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() throws Exception { - this.spring.register(JwkSetUriConfig.class, BasicController.class).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception { - this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted() throws Exception { - this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); - this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -590,17 +513,13 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted() throws Exception { - this.spring .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); - this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -608,13 +527,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform( post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf())) .andExpect(status().isBadRequest()) @@ -624,14 +540,11 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN)) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -641,16 +554,12 @@ public class OAuth2ResourceServerConfigurerTests { public void getBearerTokenResolverWhenDuplicateResolverBeansAndAnotherOnTheDslThenTheDslOneIsUsed() { BearerTokenResolver resolverBean = mock(BearerTokenResolver.class); BearerTokenResolver resolver = mock(BearerTokenResolver.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("resolverOne", BearerTokenResolver.class, () -> resolverBean); context.registerBean("resolverTwo", BearerTokenResolver.class, () -> resolverBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); - oauth2.bearerTokenResolver(resolver); - assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver); } @@ -665,63 +574,46 @@ public class OAuth2ResourceServerConfigurerTests { public void getBearerTokenResolverWhenResolverBeanAndAnotherOnTheDslThenTheDslOneIsUsed() { BearerTokenResolver resolver = mock(BearerTokenResolver.class); BearerTokenResolver resolverBean = mock(BearerTokenResolver.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(BearerTokenResolver.class, () -> resolverBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); oauth2.bearerTokenResolver(resolver); - assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver); } @Test public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() { ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext(); - OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context); - assertThat(oauth2.getBearerTokenResolver()).isInstanceOf(DefaultBearerTokenResolver.class); } @Test public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderOnDsl.class, BasicController.class).autowire(); - CustomJwtDecoderOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderOnDsl.class); JwtDecoder decoder = config.decoder(); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @Test public void requestWhenCustomJwtDecoderInLambdaOnDslThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderInLambdaOnDsl.class, BasicController.class).autowire(); - CustomJwtDecoderInLambdaOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderInLambdaOnDsl.class); JwtDecoder decoder = config.decoder(); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @Test public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed() throws Exception { - this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); - given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); } @@ -729,107 +621,77 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getJwtDecoderWhenConfiguredWithDecoderAndJwkSetUriThenLastOneWins() { ApplicationContext context = mock(ApplicationContext.class); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - JwtDecoder decoder = mock(JwtDecoder.class); - jwtConfigurer.jwkSetUri(JWK_SET_URI); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); - jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - jwtConfigurer.decoder(decoder); jwtConfigurer.jwkSetUri(JWK_SET_URI); - assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class); - } @Test public void getJwtDecoderWhenConflictingJwtDecodersThenTheDslWiredOneTakesPrecedence() { - JwtDecoder decoderBean = mock(JwtDecoder.class); JwtDecoder decoder = mock(JwtDecoder.class); - ApplicationContext context = mock(ApplicationContext.class); given(context.getBean(JwtDecoder.class)).willReturn(decoderBean); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); } @Test public void getJwtDecoderWhenContextHasBeanAndUserConfiguresJwkSetUriThenJwkSetUriTakesPrecedence() { - JwtDecoder decoder = mock(JwtDecoder.class); ApplicationContext context = mock(ApplicationContext.class); given(context.getBean(JwtDecoder.class)).willReturn(decoder); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - jwtConfigurer.jwkSetUri(JWK_SET_URI); - assertThat(jwtConfigurer.getJwtDecoder()).isNotEqualTo(decoder); assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class); } @Test public void getJwtDecoderWhenTwoJwtDecoderBeansAndAnotherWiredOnDslThenDslWiredOneTakesPrecedence() { - JwtDecoder decoderBean = mock(JwtDecoder.class); JwtDecoder decoder = mock(JwtDecoder.class); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("decoderOne", JwtDecoder.class, () -> decoderBean); context.registerBean("decoderTwo", JwtDecoder.class, () -> decoderBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.decoder(decoder); - assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder); } @Test public void getJwtDecoderWhenTwoJwtDecoderBeansThenThrowsException() { - JwtDecoder decoder = mock(JwtDecoder.class); GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("decoderOne", JwtDecoder.class, () -> decoder); context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder); - this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class); } @Test public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception { - this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); } @Test public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception { - this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped"))) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -851,100 +713,77 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception { - this.spring.register(RestOperationsConfig.class, CustomJwtValidatorConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - OAuth2TokenValidator jwtValidator = this.spring.getContext().getBean(CustomJwtValidatorConfig.class) .getJwtValidator(); - OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri"); - given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error)); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description"))); } @Test public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception { - this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()); } @Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { - this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Jwt expired at")); } @Test public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception { - this.spring.register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class, BasicController.class).autowire(); - Converter jwtAuthenticationConverter = this.spring.getContext() .getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter(); given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN); - JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()); - verify(jwtAuthenticationConverter).convert(JWT); } @Test public void requestWhenJwtAuthenticationConverterCustomizedAuthoritiesThenThoseAuthoritiesArePropagated() throws Exception { - this.spring.register(JwtDecoderConfig.class, CustomAuthorityMappingConfig.class, BasicController.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(JWT_TOKEN)).willReturn(JWT); - this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()); } @Test public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception { - this.spring.register(SingleKeyConfig.class, BasicController.class).autowire(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()); } @Test public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception { - this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongSignature"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("signature")); } @Test public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception { - this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongAlgorithm"); - this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("algorithm")); } @@ -952,11 +791,8 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisher.class).autowire(); - given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem")); - this.mvc.perform(get("/").with(bearerToken("token"))); - verifyBean(AuthenticationEventPublisher.class) .publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class)); } @@ -964,12 +800,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenCustomJwtAuthenticationManagerThenUsed() throws Exception { this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(JWT_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @@ -977,7 +811,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectingThenOk() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @@ -987,7 +820,6 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class) .autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); } @@ -996,7 +828,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectionFailsThenUnauthorized() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire(); mockRestOperations(json("Inactive")); - this.mvc.perform(get("/").with(bearerToken("token"))).andExpect(status().isUnauthorized()).andExpect( header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active"))); } @@ -1005,7 +836,6 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire(); mockRestOperations(json("ActiveNoScopes")); - this.mvc.perform(get("/requires-read-scope").with(bearerToken("token"))).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope"))); } @@ -1013,24 +843,20 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenCustomIntrospectionAuthenticationManagerThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @Test public void getWhenCustomIntrospectionAuthenticationManagerInLambdaThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire(); - given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk()) .andExpect(content().string("mock-test-subject")); - verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class)); } @@ -1043,26 +869,18 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() { ApplicationContext context = mock(ApplicationContext.class); - OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer( context).opaqueToken(); - OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class); - opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI); opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); opaqueTokenConfigurer.introspector(client); - assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client); - opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(context).opaqueToken(); - opaqueTokenConfigurer.introspector(client); opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI); opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); - assertThat(opaqueTokenConfigurer.getIntrospector()).isInstanceOf(NimbusOpaqueTokenIntrospector.class); - } @Test @@ -1070,65 +888,48 @@ public class OAuth2ResourceServerConfigurerTests { GenericApplicationContext context = new GenericApplicationContext(); registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class); registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class); - OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context) .opaqueToken(); opaqueToken.introspectionUri(INTROSPECTION_URI); opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); - assertThat(opaqueToken.getIntrospector()).isNotNull(); } @Test public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception { - this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); } @Test public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { - this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isUnauthorized()) .andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest() throws Exception { - this.spring .register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password"))) .andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE)); - this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped"))) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); @@ -1136,15 +937,12 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception { - this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class) .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password"))) .andExpect(status().isOk()).andExpect(content().string("basic-user")); } @@ -1153,12 +951,10 @@ public class OAuth2ResourceServerConfigurerTests { public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() { ApplicationContext context = mock(ApplicationContext.class); HttpSecurityBuilder http = mock(HttpSecurityBuilder.class); - OAuth2ResourceServerConfigurer oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context); AuthenticationManager authenticationManager = mock(AuthenticationManager.class); oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class)); assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager); - oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context); oauth2ResourceServer.opaqueToken().authenticationManager(authenticationManager) .introspector(mock(OpaqueTokenIntrospector.class)); @@ -1169,7 +965,6 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception { this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire(); - MockWebServer server = this.spring.getContext().getBean(MockWebServer.class); String metadata = "{\n" + " \"issuer\": \"%s\", \n" + " \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}"; @@ -1180,36 +975,28 @@ public class OAuth2ResourceServerConfigurerTests { String jwtOne = jwtFromIssuer(issuerOne); String jwtTwo = jwtFromIssuer(issuerTwo); String jwtThree = jwtFromIssuer(issuerThree); - mockWebServer(String.format(metadata, issuerOne, issuerOne)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - mockWebServer(String.format(metadata, issuerTwo, issuerTwo)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo))).andExpect(status().isOk()) .andExpect(content().string("test-subject")); - mockWebServer(String.format(metadata, issuerThree, issuerThree)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree))).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Invalid issuer")); } @Test public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() { - assertThatCode(() -> this.spring.register(JwtlessConfig.class).autowire()) .isInstanceOf(BeanCreationException.class).hasMessageContaining("neither was found"); } @Test public void configureWhenMissingJwkSetUriThenWiringException() { - assertThatCode(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire()) .isInstanceOf(BeanCreationException.class).hasMessageContaining("No qualifying bean of type"); } @@ -1230,22 +1017,17 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() { ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class); } @Test public void getJwtAuthenticationConverterWhenConverterBeanSpecified() { JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean); } @@ -1253,14 +1035,11 @@ public class OAuth2ResourceServerConfigurerTests { public void getJwtAuthenticationConverterWhenConverterBeanAndAnotherOnTheDslThenTheDslOneIsUsed() { JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean(JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.jwtAuthenticationConverter(converter); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter); } @@ -1268,29 +1047,23 @@ public class OAuth2ResourceServerConfigurerTests { public void getJwtAuthenticationConverterWhenDuplicateConverterBeansAndAnotherOnTheDslThenTheDslOneIsUsed() { JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean); context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); jwtConfigurer.jwtAuthenticationConverter(converter); - assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter); } @Test public void getJwtAuthenticationConverterWhenDuplicateConverterBeansThenThrowsException() { JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter(); - GenericWebApplicationContext context = new GenericWebApplicationContext(); context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean); context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean); this.spring.context(context).autowire(); - OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); - assertThatCode(jwtConfigurer::getJwtAuthenticationConverter) .isInstanceOf(NoUniqueBeanDefinitionException.class); } @@ -1947,7 +1720,6 @@ public class OAuth2ResourceServerConfigurerTests { @Override protected void configure(HttpSecurity http) throws Exception { this.jwtDecoder.setJwtValidator(this.jwtValidator); - // @formatter:off http .oauth2ResourceServer() @@ -1973,9 +1745,7 @@ public class OAuth2ResourceServerConfigurerTests { ZoneId.systemDefault()); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1)); jwtValidator.setClock(nearlyAnHourFromTokenExpiry); - this.jwtDecoder.setJwtValidator(jwtValidator); - // @formatter:off http .oauth2ResourceServer() @@ -1997,16 +1767,13 @@ public class OAuth2ResourceServerConfigurerTests { ZoneId.systemDefault()); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1)); jwtValidator.setClock(justOverOneHourAfterExpiry); - this.jwtDecoder.setJwtValidator(jwtValidator); - // @formatter:off http .oauth2ResourceServer() .jwt(); } } - @EnableWebSecurity static class SingleKeyConfig extends WebSecurityConfigurerAdapter { byte[] spec = Base64.getDecoder().decode( @@ -2017,7 +1784,6 @@ public class OAuth2ResourceServerConfigurerTests { "iZCtPzL/IffDUcfhLQteGebhW8A6eUHgpD5A1PQ+JCw/G7UOzZAjjDjtNM2eqm8j" + "+Ms/gqnm4MiCZ4E+9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1Hu" + "QwIDAQAB"); - @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off @@ -2202,7 +1968,6 @@ public class OAuth2ResourceServerConfigurerTests { String issuerTwo = this.web.url("/issuerTwo").toString(); JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( issuerOne, issuerTwo); - // @formatter:off http .oauth2ResourceServer() @@ -2367,7 +2132,6 @@ public class OAuth2ResourceServerConfigurerTests { else { request.addHeader("Authorization", "Bearer " + this.token); } - return request; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java index 66d8cf2701..e4dfd717b0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java @@ -71,7 +71,6 @@ public class OpenIDLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationFilter() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationFilter.class)); } @@ -79,14 +78,12 @@ public class OpenIDLoginConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationProvider() { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); - verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationProvider.class)); } @Test public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login/custom")); } @@ -94,7 +91,6 @@ public class OpenIDLoginConfigurerTests { @Test public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception { this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login/custom")); } @@ -109,18 +105,14 @@ public class OpenIDLoginConfigurerTests { given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); @@ -147,18 +139,14 @@ public class OpenIDLoginConfigurerTests { given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesNullNameConfig.class).autowire(); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java index 601473a3e6..1b3462112e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java @@ -169,7 +169,6 @@ public class Saml2LoginConfigurerTests { @Test public void saml2LoginWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception { this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire(); - Saml2AuthenticationRequestContext context = TestSaml2AuthenticationRequestContexts .authenticationRequestContext().build(); Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver; @@ -181,7 +180,6 @@ public class Saml2LoginConfigurerTests { @Test public void authenticationRequestWhenAuthnRequestConsumerResolverThenUses() throws Exception { this.spring.register(CustomAuthnRequestConsumerResolver.class).autowire(); - MvcResult result = this.mvc.perform(get("/saml2/authenticate/registration-id")).andReturn(); UriComponents components = UriComponentsBuilder.fromHttpUrl(result.getResponse().getRedirectedUrl()).build(); String samlRequest = components.getQueryParams().getFirst("SAMLRequest"); @@ -228,10 +226,8 @@ public class Saml2LoginConfigurerTests { // setup authentication parameters this.request.setParameter("SAMLResponse", Base64.getEncoder().encodeToString("saml2-xml-response-object".getBytes())); - // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); - // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); @@ -263,7 +259,6 @@ public class Saml2LoginConfigurerTests { private static AuthenticationManager getAuthenticationManagerMock(String role) { return new AuthenticationManager() { - @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!supports(authentication.getClass())) { @@ -306,7 +301,6 @@ public class Saml2LoginConfigurerTests { return provider; } }; - http.saml2Login().addObjectPostProcessor(processor); super.configure(http); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java index ec88b8feae..5c9908836c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java @@ -62,13 +62,10 @@ public class MessageSecurityMetadataSourceRegistryTests { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll(); - assertThat(getAttribute()).isNull(); - this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -77,13 +74,10 @@ public class MessageSecurityMetadataSourceRegistryTests { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher(".")); - assertThat(getAttribute()).isNull(); - this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); this.messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher(".")); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -95,7 +89,6 @@ public class MessageSecurityMetadataSourceRegistryTests { @Test public void matchersFalse() { this.messages.matchers(this.matcher).permitAll(); - assertThat(getAttribute()).isNull(); } @@ -103,35 +96,30 @@ public class MessageSecurityMetadataSourceRegistryTests { public void matchersTrue() { given(this.matcher.matches(this.message)).willReturn(true); this.messages.matchers(this.matcher).permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersExact() { this.messages.simpDestMatchers("location").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersMulti() { this.messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMatchersRole() { this.messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')"); } @Test public void simpDestMatchersAnyRole() { this.messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')"); } @@ -139,7 +127,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAuthority() { this.messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage() .fullyAuthenticated(); - assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')"); } @@ -147,7 +134,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAccess() { String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated"; this.messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo(expected); } @@ -155,56 +141,48 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestMatchersAnyAuthority() { this.messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT") .anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')"); } @Test public void simpDestMatchersRememberMe() { this.messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("rememberMe"); } @Test public void simpDestMatchersAnonymous() { this.messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("anonymous"); } @Test public void simpDestMatchersFullyAuthenticated() { this.messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll(); - assertThat(getAttribute()).isEqualTo("fullyAuthenticated"); } @Test public void simpDestMatchersDenyAll() { this.messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpDestMessageMatchersNotMatch() { this.messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @Test public void simpDestMessageMatchersMatch() { this.messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpDestSubscribeMatchersNotMatch() { this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -212,16 +190,13 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpDestSubscribeMatchersMatch() { this.message = MessageBuilder.fromMessage(this.message) .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build(); - this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void nullDestMatcherNotMatches() { this.messages.nullDestMatcher().denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -229,16 +204,13 @@ public class MessageSecurityMetadataSourceRegistryTests { public void nullDestMatcherMatch() { this.message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build(); - this.messages.nullDestMatcher().denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpTypeMatchersMatch() { this.messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @@ -246,14 +218,12 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpTypeMatchersMatchMulti() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage() .permitAll(); - assertThat(getAttribute()).isEqualTo("denyAll"); } @Test public void simpTypeMatchersNotMatch() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } @@ -261,7 +231,6 @@ public class MessageSecurityMetadataSourceRegistryTests { public void simpTypeMatchersNotMatchMulti() { this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage() .permitAll(); - assertThat(getAttribute()).isEqualTo("permitAll"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index f4024587df..683c35f2bd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -90,9 +90,7 @@ public class EnableWebFluxSecurityTests { @Test public void defaultRequiresAuthentication() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); } @@ -100,18 +98,14 @@ public class EnableWebFluxSecurityTests { @Test public void defaultMediaAllThenUnAuthorized() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").accept(MediaType.ALL).exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); } @Test public void authenticateWhenBasicThenNoSession() { this.spring.register(Config.class).autowire(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - FluxExchangeResult result = client.get().headers((headers) -> headers.setBasicAuth("user", "password")) .exchange().expectStatus().isOk().returnResult(String.class); result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty())); @@ -133,7 +127,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName())); } @@ -148,7 +141,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus() .isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user")); @@ -157,7 +149,6 @@ public class EnableWebFluxSecurityTests { @Test public void requestDataValueProcessor() { this.spring.register(Config.class).autowire(); - ConfigurableApplicationContext context = this.spring.getContext(); CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME, CsrfRequestDataValueProcessor.class); @@ -174,7 +165,6 @@ public class EnableWebFluxSecurityTests { .map(SecurityContext::getAuthentication).flatMap((principal) -> exchange .getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus() .isOk().expectBody(String.class) .consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user")); @@ -184,9 +174,7 @@ public class EnableWebFluxSecurityTests { public void passwordUpdateManagerUsed() { this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/").headers((h) -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk(); - ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class); assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}"); } @@ -198,7 +186,6 @@ public class EnableWebFluxSecurityTests { chain) -> Mono.subscriberContext().flatMap((c) -> c.>get(Authentication.class)).flatMap( (principal) -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName()))))) .build(); - MultiValueMap data = new LinkedMultiValueMap<>(); data.add("username", "user"); data.add("password", "password"); @@ -211,9 +198,7 @@ public class EnableWebFluxSecurityTests { public void multiWorks() { this.spring.register(MultiSecurityHttpConfig.class).autowire(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build(); - client.get().uri("/api/test").exchange().expectStatus().isUnauthorized().expectBody().isEmpty(); - client.get().uri("/test").exchange().expectStatus().isOk(); } @@ -221,9 +206,7 @@ public class EnableWebFluxSecurityTests { @WithMockUser public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); - WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build(); - client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user"); } @@ -236,20 +219,16 @@ public class EnableWebFluxSecurityTests { @Test public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isSameAs(childBean); } @Test public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { this.spring.register(BeanProxyDisabledConfig.class).autowire(); - Child childBean = this.spring.getContext().getBean(Child.class); Parent parentBean = this.spring.getContext().getBean(Parent.class); - assertThat(parentBean.getChild()).isNotSameAs(childBean); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java index 4a7c033ea2..b791eba328 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java @@ -41,7 +41,6 @@ public class ServerHttpSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); - assertThat(serverHttpSecurity).isNotNull(); } @@ -50,7 +49,6 @@ public class ServerHttpSecurityConfigurationTests { this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); - assertThat(serverHttpSecurity).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java index fed6517951..43fb7fb1da 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java @@ -41,7 +41,6 @@ public class WebFluxSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); - assertThat(webFilterChainProxy).isNotNull(); } @@ -50,7 +49,6 @@ public class WebFluxSecurityConfigurationTests { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); - assertThat(webFilterChainProxy).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java index 5b38a0668c..de09d8ec07 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java @@ -75,9 +75,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { @Test public void securityMappings() { loadConfig(WebSocketSecurityConfig.class); - clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE)); - try { clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE)); fail("Expected Exception"); @@ -140,7 +138,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { .simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4> .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5> .anyMessage().denyAll(); // <6> - } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java index 4aecda3869..37a4687617 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java @@ -107,9 +107,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void simpleRegistryMappings() { loadConfig(SockJsSecurityConfig.class); - clientInboundChannel().send(message("/permitAll")); - try { clientInboundChannel().send(message("/denyAll")); fail("Expected Exception"); @@ -122,7 +120,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void annonymousSupported() { loadConfig(SockJsSecurityConfig.class); - this.messageUser = null; clientInboundChannel().send(message("/permitAll")); } @@ -131,7 +128,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void beanResolver() { loadConfig(SockJsSecurityConfig.class); - this.messageUser = null; clientInboundChannel().send(message("/beanResolver")); } @@ -139,11 +135,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsAuthenticationPrincipalResolver() { loadConfig(SockJsSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); Message message = message("/permitAll/authentication"); messageChannel.send(message); - assertThat(this.context.getBean(MyController.class).authenticationPrincipal) .isEqualTo((String) this.messageUser.getPrincipal()); } @@ -151,11 +145,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsAuthenticationPrincipalResolverWhenNoAuthorization() { loadConfig(NoInboundSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); Message message = message("/permitAll/authentication"); messageChannel.send(message); - assertThat(this.context.getBean(MyController.class).authenticationPrincipal) .isEqualTo((String) this.messageUser.getPrincipal()); } @@ -163,11 +155,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void addsCsrfProtectionWhenNoAuthorization() { loadConfig(NoInboundSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); - try { messageChannel.send(message); fail("Expected Exception"); @@ -180,11 +170,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void csrfProtectionForConnect() { loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); - try { messageChannel.send(message); fail("Expected Exception"); @@ -197,73 +185,57 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void csrfProtectionDisabledForConnect() { loadConfig(CsrfDisabledSockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/permitAll/connect"); MessageChannel messageChannel = clientInboundChannel(); - messageChannel.send(message); } @Test public void csrfProtectionDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); CsrfChannelInterceptor csrfChannelInterceptor = this.context.getBean(CsrfChannelInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(csrfChannelInterceptor); } @Test public void messagesConnectUseCsrfTokenHandshakeInterceptor() throws Exception { - loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = sockjsHttpRequest("/chat"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void messagesConnectUseCsrfTokenHandshakeInterceptorMultipleMappings() throws Exception { loadConfig(SockJsSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = sockjsHttpRequest("/other"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void messagesConnectWebSocketUseCsrfTokenHandshakeInterceptor() throws Exception { loadConfig(WebSocketSecurityConfig.class); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); Message message = message(headers, "/authentication"); MockHttpServletRequest request = websocketHttpRequest("/websocket"); HttpRequestHandler handler = handler(request); - handler.handleRequest(request, new MockHttpServletResponse()); - assertHandshake(request); } @Test public void msmsRegistryCustomPatternMatcher() { loadConfig(MsmsRegistryCustomPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a.b")); - try { clientInboundChannel().send(message("/app/a.b.c")); fail("Expected Exception"); @@ -276,9 +248,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void overrideMsmsRegistryCustomPatternMatcher() { loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a/b")); - try { clientInboundChannel().send(message("/app/a/b/c")); fail("Expected Exception"); @@ -291,9 +261,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void defaultPatternMatcher() { loadConfig(DefaultPatternMatcherConfig.class); - clientInboundChannel().send(message("/app/a/b")); - try { clientInboundChannel().send(message("/app/a/b/c")); fail("Expected Exception"); @@ -306,9 +274,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void customExpression() { loadConfig(CustomExpressionConfig.class); - clientInboundChannel().send(message("/denyRob")); - this.messageUser = new TestingAuthenticationToken("rob", "password", "ROLE_USER"); try { clientInboundChannel().send(message("/denyRob")); @@ -321,24 +287,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void channelSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() { - loadConfig(SockJsProxylessSecurityConfig.class); - ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class); MessageSecurityMetadataSource messageSecurityMetadataSource = this.context .getBean(MessageSecurityMetadataSource.class); - assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource); } @Test public void securityContextChannelInterceptorDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); SecurityContextChannelInterceptor securityContextChannelInterceptor = this.context .getBean(SecurityContextChannelInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()) .contains(securityContextChannelInterceptor); } @@ -346,10 +307,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Test public void inboundChannelSecurityDefinedByBean() { loadConfig(SockJsProxylessSecurityConfig.class); - MessageChannel messageChannel = clientInboundChannel(); ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class); - assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity); } @@ -377,7 +336,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket"); request.setRequestURI(mapping + "/289/tpyx6mde/websocket"); request.getSession().setAttribute(this.sessionAttr, "sessionValue"); - request.setAttribute(CsrfToken.class.getName(), this.token); return request; } @@ -423,7 +381,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -432,7 +389,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.setPathMatcher(new AntPathMatcher(".")); @@ -461,7 +417,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -471,7 +426,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.setPathMatcher(new AntPathMatcher(".")); @@ -499,7 +453,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -508,7 +461,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.enableSimpleBroker("/queue/", "/topic/"); @@ -535,7 +487,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .setHandshakeHandler(testHandshakeHandler()); } // @formatter:on - // @formatter:off @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { @@ -543,24 +494,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().access("denyRob()"); } // @formatter:on - @Bean static SecurityExpressionHandler> messageSecurityExpressionHandler() { return new DefaultMessageSecurityExpressionHandler() { - @Override protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message invocation) { return new MessageSecurityExpressionRoot(authentication, invocation) { - public boolean denyRob() { Authentication auth = getAuthentication(); return auth != null && !"rob".equals(auth.getName()); } - }; } - }; } @@ -646,7 +592,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS() .setInterceptors(new HttpSessionHandshakeInterceptor()); - registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler()).withSockJS() .setInterceptors(new HttpSessionHandshakeInterceptor()); } @@ -660,7 +605,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.enableSimpleBroker("/queue/", "/topic/"); @@ -703,7 +647,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor()); - registry.addEndpoint("/chat").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor()); } @@ -754,7 +697,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Bean public TestHandshakeHandler testHandshakeHandler() { return new TestHandshakeHandler(); @@ -787,7 +729,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { .anyMessage().denyAll(); } // @formatter:on - @Bean public TestHandshakeHandler testHandshakeHandler() { return new TestHandshakeHandler(); diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java index b688bba746..bdc4383017 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java @@ -69,13 +69,10 @@ public class AuthenticationConfigurationGh3935Tests { String username = "user"; String password = "password"; given(this.uds.loadUserByUsername(username)).willReturn(PasswordEncodedUser.user()); - AuthenticationManager authenticationManager = this.adapter.authenticationManager; assertThat(authenticationManager).isNotNull(); - Authentication auth = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(username, password)); - verify(this.uds).loadUserByUsername(username); assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java index 790bb61c2d..e47536021a 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java @@ -64,12 +64,10 @@ public class AuthenticationManagerBeanDefinitionParserTests { ConfigurableApplicationContext appContext = this.spring.context(CONTEXT).getContext(); AuthListener listener = new AuthListener(); appContext.addApplicationListener(listener); - ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0]; Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher"); assertThat(eventPublisher).isNotNull(); assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue(); - pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword")); assertThat(listener.events).hasSize(1); } @@ -99,7 +97,6 @@ public class AuthenticationManagerBeanDefinitionParserTests { + "" + " " + "" + "") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java index 42d9b70229..bfdf477d64 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java @@ -72,7 +72,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { setContext(" " + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -84,7 +83,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -95,7 +93,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -108,7 +105,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " + " "); - getProvider().authenticate(this.bob); } @@ -127,7 +123,6 @@ public class AuthenticationProviderBeanDefinitionParserTests { private AuthenticationProvider getProvider() { List providers = ((ProviderManager) this.appContext .getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders(); - return providers.get(0); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java index cf8c3eaabd..38a41e0730 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java @@ -45,9 +45,8 @@ public class JdbcUserServiceBeanDefinitionParserTests { private static String USER_CACHE_XML = ""; private static String DATA_SOURCE = " " - + " " + " " + - - " " + + " " + " " + + " " + " " + " "; private InMemoryXmlApplicationContext appContext; diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java index 226f633822..8820c19a7f 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java @@ -44,7 +44,6 @@ public class PasswordEncoderParserTests { this.spring.configLocations( "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } @@ -53,7 +52,6 @@ public class PasswordEncoderParserTests { this.spring.configLocations( "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml") .mockMvcAfterSpringSecurityOk().autowire(); - this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java index 2879c6343f..b86b6f9ed8 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java @@ -120,7 +120,6 @@ public class UserServiceBeanDefinitionParserTests { public void multipleTopLevelUseWithoutIdThrowsException() { setContext("" + ""); - } @Test(expected = FatalBeanException.class) diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java index 14298cf186..49025a33c3 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java @@ -70,7 +70,6 @@ public class GrantedAuthorityDefaultsJcTests { @Before public void setup() { setup("USER"); - this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); @@ -87,22 +86,17 @@ public class GrantedAuthorityDefaultsJcTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void doFilterDenied() throws Exception { setup("DENIED"); - SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -119,14 +113,12 @@ public class GrantedAuthorityDefaultsJcTests { @Test(expected = AccessDeniedException.class) public void messageDenied() { setup("DENIED"); - this.messageService.getMessage(); } @Test(expected = AccessDeniedException.class) public void jsrMessageDenied() { setup("DENIED"); - this.messageService.getJsrMessage(); } @@ -136,9 +128,7 @@ public class GrantedAuthorityDefaultsJcTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { @@ -147,11 +137,8 @@ public class GrantedAuthorityDefaultsJcTests { assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } - }; - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.chain.getRequest()).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java index 6de129cf68..d8dad3d308 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java @@ -63,7 +63,6 @@ public class GrantedAuthorityDefaultsXmlTests { @Before public void setup() { setup("USER"); - this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); @@ -80,22 +79,17 @@ public class GrantedAuthorityDefaultsXmlTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @Test public void doFilterDenied() throws Exception { setup("DENIED"); - SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -112,14 +106,12 @@ public class GrantedAuthorityDefaultsXmlTests { @Test(expected = AccessDeniedException.class) public void messageDenied() { setup("DENIED"); - this.messageService.getMessage(); } @Test(expected = AccessDeniedException.class) public void jsrMessageDenied() { setup("DENIED"); - this.messageService.getJsrMessage(); } @@ -129,9 +121,7 @@ public class GrantedAuthorityDefaultsXmlTests { SecurityContext context = SecurityContextHolder.getContext(); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); - this.chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { @@ -140,11 +130,8 @@ public class GrantedAuthorityDefaultsXmlTests { assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } - }; - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.chain.getRequest()).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java index 5e476818cb..223f082498 100644 --- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java +++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java @@ -52,7 +52,6 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() { this.factory.setResourceLoader(this.resourceLoader); - assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalArgumentException.class) .hasStackTraceContaining("resource cannot be null if resourceLocation is null"); } @@ -60,23 +59,19 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenPropertiesResourceLocationSingleUserThenThrowsGetsSingleUser() throws Exception { this.factory.setResourceLocation("classpath:users.properties"); - Collection users = this.factory.getObject(); - assertLoaded(); } @Test public void getObjectWhenPropertiesResourceSingleUserThenThrowsGetsSingleUser() throws Exception { this.factory.setResource(new InMemoryResource("user=password,ROLE_USER")); - assertLoaded(); } @Test public void getObjectWhenInvalidUserThenThrowsMeaningfulException() { this.factory.setResource(new InMemoryResource("user=invalidFormatHere")); - assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalStateException.class) .hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere"); } @@ -84,7 +79,6 @@ public class UserDetailsResourceFactoryBeanTests { @Test public void getObjectWhenStringSingleUserThenGetsSingleUser() throws Exception { this.factory = UserDetailsResourceFactoryBean.fromString("user=password,ROLE_USER"); - assertLoaded(); } diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java index 4f991d9d11..4d885e2116 100644 --- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java @@ -41,7 +41,6 @@ public class SecurityDebugBeanFactoryPostProcessorTests { this.spring.configLocations( "classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml") .autowire(); - assertThat(this.spring.getContext().getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) .isInstanceOf(DebugFilter.class); assertThat(this.spring.getContext().getBean(BeanIds.FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class); diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java index 6a6bd75181..365bcfb5b9 100644 --- a/config/src/test/java/org/springframework/security/config/doc/Element.java +++ b/config/src/test/java/org/springframework/security/config/doc/Element.java @@ -129,45 +129,33 @@ public class Element { public Collection getIds() { Collection ids = new ArrayList<>(); ids.add(getId()); - this.childElmts.values().forEach((elmt) -> ids.add(elmt.getId())); - this.attrs.forEach((attr) -> ids.add(attr.getId())); - if (!this.childElmts.isEmpty()) { ids.add(getId() + "-children"); } - if (!this.attrs.isEmpty()) { ids.add(getId() + "-attributes"); } - if (!this.parentElmts.isEmpty()) { ids.add(getId() + "-parents"); } - return ids; } public Map getAllChildElmts() { Map result = new HashMap<>(); - this.childElmts.values() .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); - result.putAll(this.childElmts); - return result; } public Map getAllParentElmts() { Map result = new HashMap<>(); - this.parentElmts.values() .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); - result.putAll(this.parentElmts); - return result; } diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java index 1181230cf0..d30bcd0025 100644 --- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java +++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java @@ -60,7 +60,6 @@ public class SpringSecurityXsdParser { */ private Map elements(XmlNode node) { Map elementNameToElement = new HashMap<>(); - node.children().forEach((child) -> { if ("element".equals(child.simpleName())) { Element e = elmt(child); @@ -70,7 +69,6 @@ public class SpringSecurityXsdParser { elementNameToElement.putAll(elements(child)); } }); - return elementNameToElement; } @@ -90,7 +88,6 @@ public class SpringSecurityXsdParser { attrs.addAll(attrs(c)); } }); - return attrs; } @@ -102,7 +99,6 @@ public class SpringSecurityXsdParser { */ private Collection attrgrps(XmlNode element) { Collection attrgrp = new ArrayList<>(); - element.children().forEach((c) -> { if (!"element".equals(c.simpleName())) { if ("attributeGroup".equals(c.simpleName())) { @@ -120,7 +116,6 @@ public class SpringSecurityXsdParser { } } }); - return attrgrp; } @@ -129,7 +124,6 @@ public class SpringSecurityXsdParser { while (!"schema".equals(root.simpleName())) { root = root.parent().get(); } - return expand(root).filter((node) -> name.equals(node.attribute("name"))).findFirst() .orElseThrow(IllegalArgumentException::new); } @@ -185,12 +179,10 @@ public class SpringSecurityXsdParser { name = name.split(":")[1]; n = findNode(n, name); } - if (this.elementNameToElement.containsKey(name)) { return this.elementNameToElement.get(name); } this.attrElmts.add(name); - Element e = new Element(); e.setName(n.attribute("name")); e.setDesc(desc(n)); @@ -199,15 +191,12 @@ public class SpringSecurityXsdParser { e.getAttrs().addAll(attrgrps(n)); e.getAttrs().forEach((attr) -> attr.setElmt(e)); e.getChildElmts().values().forEach((element) -> element.getParentElmts().put(e.getName(), e)); - String subGrpName = n.attribute("substitutionGroup"); if (!StringUtils.isEmpty(subGrpName)) { Element subGrp = elmt(findNode(n, subGrpName.split(":")[1])); subGrp.getSubGrps().add(e); } - this.elementNameToElement.put(name, e); - return e; } diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java index 173efac460..2897c63b1d 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java @@ -45,7 +45,6 @@ public class XmlNode { public Stream children() { NodeList children = this.node.getChildNodes(); - return IntStream.range(0, children.getLength()).mapToObj(children::item).map(XmlNode::new); } diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java index c7b07a8aae..218f6cc5e1 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java @@ -40,7 +40,6 @@ public class XmlParser implements AutoCloseable { try { DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); - return new XmlNode(dBuilder.parse(this.xml)); } catch (IOException | ParserConfigurationException | SAXException ex) { diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java index d83b0f3279..dc6337ec42 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java +++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java @@ -33,7 +33,6 @@ public class XmlSupport { public XmlNode parse(String location) throws IOException { ClassPathResource resource = new ClassPathResource(location); this.parser = new XmlParser(resource.getInputStream()); - return this.parser.parse(); } diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java index d07647fda1..e845eb1f89 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java +++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java @@ -68,34 +68,28 @@ public class XsdDocumentedTests { @Test public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException { XmlNode root = this.xml.parse(this.schemaDocumentLocation); - List nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty()) .filter((node) -> "simpleType".equals(node.simpleName()) && "named-security-filter".equals(node.attribute("name"))) .flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value")) .filter(StringUtils::isNotEmpty).collect(Collectors.toList()); - SecurityFiltersAssertions.assertEquals(nodes); } @Test public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException { - List expected = Arrays.asList("FIRST", "CHANNEL_FILTER", "SECURITY_CONTEXT_FILTER", "CONCURRENT_SESSION_FILTER", "LOGOUT_FILTER", "X509_FILTER", "PRE_AUTH_FILTER", "CAS_FILTER", "FORM_LOGIN_FILTER", "OPENID_FILTER", "LOGIN_PAGE_FILTER", "DIGEST_AUTH_FILTER", "BASIC_AUTH_FILTER", "REQUEST_CACHE_FILTER", "SERVLET_API_SUPPORT_FILTER", "JAAS_API_SUPPORT_FILTER", "REMEMBER_ME_FILTER", "ANONYMOUS_FILTER", "SESSION_MANAGEMENT_FILTER", "EXCEPTION_TRANSLATION_FILTER", "FILTER_SECURITY_INTERCEPTOR", "SWITCH_USER_FILTER", "LAST"); - XmlNode root = this.xml.parse(this.schema31xDocumentLocation); - List nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty()) .filter((node) -> "simpleType".equals(node.simpleName()) && "named-security-filter".equals(node.attribute("name"))) .flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value")) .filter(StringUtils::isNotEmpty).collect(Collectors.toList()); - assertThat(nodes).isEqualTo(expected); } @@ -108,11 +102,8 @@ public class XsdDocumentedTests { */ @Test public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws IOException { - ClassPathResource resource = new ClassPathResource(this.schemaDocumentLocation); - String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd")); - assertThat(schemas.length).isEqualTo(16) .withFailMessage("the count is equal to 16, if not then schemaDocument needs updating"); } @@ -125,19 +116,14 @@ public class XsdDocumentedTests { */ @Test public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded() throws IOException { - Map elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation); - List documentIds = Files.lines(Paths.get(this.referenceLocation)) .filter((line) -> line.matches("\\[\\[(nsa-.*)\\]\\]")) .map((line) -> line.substring(2, line.length() - 2)).collect(Collectors.toList()); - Set expectedIds = elementsByElementName.values().stream() .flatMap((element) -> element.getIds().stream()).collect(Collectors.toSet()); - documentIds.removeAll(this.ignoredIds); expectedIds.removeAll(this.ignoredIds); - assertThat(documentIds).containsAll(expectedIds); assertThat(expectedIds).containsAll(documentIds); } @@ -149,18 +135,14 @@ public class XsdDocumentedTests { */ @Test public void countLinksWhenReviewingDocumentationThenParentsAndChildrenAreCorrectlyLinked() throws IOException { - Map> docAttrNameToChildren = new HashMap<>(); Map> docAttrNameToParents = new HashMap<>(); - String docAttrName = null; Map> currentDocAttrNameToElmt = null; - List lines = Files.readAllLines(Paths.get(this.referenceLocation)); for (String line : lines) { if (line.matches("^\\[\\[.*\\]\\]$")) { String id = line.substring(2, line.length() - 2); - if (id.endsWith("-children")) { docAttrName = id.substring(0, id.length() - 9); currentDocAttrNameToElmt = docAttrNameToChildren; @@ -174,7 +156,6 @@ public class XsdDocumentedTests { docAttrName = null; } } - if (docAttrName != null && currentDocAttrNameToElmt != null) { String expression = "^\\* <<(nsa-.*),.*>>$"; if (line.matches(expression)) { @@ -183,25 +164,20 @@ public class XsdDocumentedTests { } } } - Map elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation); - Map> schemaAttrNameToChildren = new HashMap<>(); Map> schemaAttrNameToParents = new HashMap<>(); - elementNameToElement.entrySet().stream().forEach((entry) -> { String key = "nsa-" + entry.getKey(); if (this.ignoredIds.contains(key)) { return; } - List parentIds = entry.getValue().getAllParentElmts().values().stream() .filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId()) .sorted().collect(Collectors.toList()); if (!parentIds.isEmpty()) { schemaAttrNameToParents.put(key, parentIds); } - List childIds = entry.getValue().getAllChildElmts().values().stream() .filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId()) .sorted().collect(Collectors.toList()); @@ -209,7 +185,6 @@ public class XsdDocumentedTests { schemaAttrNameToChildren.put(key, childIds); } }); - assertThat(docAttrNameToChildren).isEqualTo(schemaAttrNameToChildren); assertThat(docAttrNameToParents).isEqualTo(schemaAttrNameToParents); } @@ -220,19 +195,15 @@ public class XsdDocumentedTests { */ @Test public void countWhenReviewingDocumentationThenAllElementsDocumented() throws IOException { - Map elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation); - String notDocElmtIds = elementNameToElement.values().stream() .filter((element) -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId())) .map((element) -> element.getId()).sorted().collect(Collectors.joining("\n")); - String notDocAttrIds = elementNameToElement.values().stream().flatMap((element) -> element.getAttrs().stream()) .filter((element) -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId())) .map((element) -> element.getId()).sorted().collect(Collectors.joining("\n")); - assertThat(notDocElmtIds).isEmpty(); assertThat(notDocAttrIds).isEmpty(); } diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java index f64d56ad3d..3535309aa8 100644 --- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java @@ -59,7 +59,6 @@ public class AccessDeniedConfigTests { @Test public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() { SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash")); - assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanCreationException.class) .hasMessageContaining("errorPage must begin with '/'"); } @@ -67,16 +66,13 @@ public class AccessDeniedConfigTests { @Test @WithMockUser public void configureWhenAccessDeniedHandlerRefThenAutowire() throws Exception { - this.spring.configLocations(this.xml("AccessDeniedHandler")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE_410)); } @Test public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() { SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef")); - assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanDefinitionParsingException.class) .hasMessageContaining("attribute error-page cannot be used together with the 'ref' attribute"); } @@ -90,7 +86,6 @@ public class AccessDeniedConfigTests { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) { - response.setStatus(HttpStatus.GONE_410); } diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java index 0f3bc46d77..f9924f0c3b 100644 --- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java @@ -90,35 +90,30 @@ public class CsrfConfigTests { @Test public void postWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void putWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void invalidWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden()) .andExpect(csrfCreated()); } @@ -126,76 +121,64 @@ public class CsrfConfigTests { @Test public void getWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(get("/csrf")).andExpect(csrfInBody()); } @Test public void headWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity()) .addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true)) .build(); - traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void optionsWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void postWhenCsrfDisabledThenRequestAllowed() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfDisabled")).autowire(); - this.mvc.perform(post("/ok")).andExpect(status().isOk()); - assertThat(getFilter(this.spring, CsrfFilter.class)).isNull(); } @Test public void postWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void putWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void patchWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated()); } @Test public void invalidWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden()) .andExpect(csrfCreated()); } @@ -203,63 +186,51 @@ public class CsrfConfigTests { @Test public void getWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(get("/csrf")).andExpect(csrfInBody()); } @Test public void headWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void traceWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity()) .addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true)) .build(); - traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void optionsWhenCsrfElementEnabledThenOk() throws Exception { this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader()); } @Test public void autowireWhenCsrfElementEnabledThenCreatesCsrfRequestDataValueProcessor() { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull(); } @Test public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception { - this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler")) .autowire(); - this.mvc.perform(post("/ok")).andExpect(status().isIAmATeapot()); } @Test public void postWhenHasCsrfTokenButSessionExpiresThenRequestIsCancelledAfterSuccessfulAuthentication() throws Exception { - this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - // simulates a request that has no authentication (e.g. session time-out) MvcResult result = this.mvc.perform(post("/authenticated").with(csrf())) .andExpect(redirectedUrl("http://localhost/login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - // if the request cache is consulted, then it will redirect back to /some-url, // which we don't want this.mvc.perform( @@ -270,15 +241,11 @@ public class CsrfConfigTests { @Test public void getWhenHasCsrfTokenButSessionExpiresThenRequestIsRememeberedAfterSuccessfulAuthentication() throws Exception { - this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); - // simulates a request that has no authentication (e.g. session time-out) MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("http://localhost/login")) .andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - // if the request cache is consulted, then it will redirect back to /some-url, // which we do want this.mvc.perform( @@ -292,85 +259,58 @@ public class CsrfConfigTests { @Test public void postWhenUsingCsrfAndCustomSessionManagementAndNoSessionThenStillRedirectsToInvalidSessionUrl() throws Exception { - this.spring.configLocations(this.xml("WithSessionManagement")).autowire(); - MvcResult result = this.mvc.perform(post("/ok").param("_csrf", "abc")) .andExpect(redirectedUrl("/error/sessionError")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/csrf").session(session)).andExpect(status().isForbidden()); } @Test public void requestWhenUsingCustomRequestMatcherConfiguredThenAppliesAccordingly() throws Exception { - SpringTestContext context = this.spring.configLocations(this.xml("shared-controllers"), this.xml("WithRequestMatcher"), this.xml("mock-request-matcher")); - context.autowire(); - RequestMatcher matcher = context.getContext().getBean(RequestMatcher.class); given(matcher.matches(any(HttpServletRequest.class))).willReturn(false); - this.mvc.perform(post("/ok")).andExpect(status().isOk()); - given(matcher.matches(any(HttpServletRequest.class))).willReturn(true); - this.mvc.perform(get("/ok")).andExpect(status().isForbidden()); } @Test public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/ok")).andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test @WithMockUser public void postWhenCsrfMismatchesThenForbidden() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/ok")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/ok").session(session).with(csrf().useInvalidToken())).andExpect(status().isForbidden()); } @Test public void loginWhenDefaultConfigurationThenCsrfCleared() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/csrf")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform( post("/login").param("username", "user").param("password", "password").session(session).with(csrf())) .andExpect(status().isFound()); - this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result)); } @Test public void logoutWhenDefaultConfigurationThenCsrfCleared() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire(); - MvcResult result = this.mvc.perform(get("/csrf")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); - this.mvc.perform(post("/logout").session(session).with(csrf())).andExpect(status().isFound()); - this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result)); } @@ -380,30 +320,24 @@ public class CsrfConfigTests { @Test @WithMockUser public void logoutWhenDefaultConfigurationThenDisabled() throws Exception { - this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire(); - this.mvc.perform(get("/logout")).andExpect(status().isOk()); // renders form to // log out but // does not // perform a // redirect - // still logged in this.mvc.perform(get("/authenticated")).andExpect(status().isOk()); } private T getFilter(SpringTestContext context, Class type) { FilterChainProxy chain = context.getContext().getBean(FilterChainProxy.class); - List filters = chain.getFilters("/any"); - for (Filter filter : filters) { if (type.isAssignableFrom(filter.getClass())) { return (T) filter; } } - return null; } @@ -469,7 +403,6 @@ public class CsrfConfigTests { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) { - response.setStatus(HttpStatus.IM_A_TEAPOT_418); } diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index 8376784dd6..61895a4994 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -78,7 +78,6 @@ public class DefaultFilterChainValidatorTests { this.fsi); this.fcp = new FilterChainProxy(securityChain); this.validator = new DefaultFilterChainValidator(); - ReflectionTestUtils.setField(this.validator, "logger", this.logger); } @@ -101,9 +100,7 @@ public class DefaultFilterChainValidatorTests { FilterInvocationSecurityMetadataSource customMetaDataSource = mock( FilterInvocationSecurityMetadataSource.class); this.fsi.setSecurityMetadataSource(customMetaDataSource); - this.validator.validate(this.fcp); - verify(customMetaDataSource).getAttributes(any()); } diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java index f6f1cadeb2..ae8f77e96c 100644 --- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java @@ -73,7 +73,6 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { setContext("" + " " + ""); - ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext .getBean("fids"); ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")) @@ -122,9 +121,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.setRequestURI(null); request.setMethod(method); - request.setServletPath(path); - return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain()); } diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java index fcfe8904df..dcde29317a 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java @@ -50,9 +50,7 @@ public class FormLoginBeanDefinitionParserTests { @Test public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -71,23 +69,18 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void getLogoutWhenAutoConfigThenShowsDefaultLogoutPage() throws Exception { - this.spring.configLocations(this.xml("AutoConfig")).autowire(); - this.mvc.perform(get("/logout")).andExpect(content().string(containsString("action=\"/logout\""))); } @Test public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithCustomAttributes")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -106,17 +99,13 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); - this.mvc.perform(get("/logout")).andExpect(status().is3xxRedirection()); } @Test public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithOpenId")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -142,15 +131,12 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects() throws Exception { - this.spring.configLocations(this.xml("WithOpenIdCustomAttributes")).autowire(); - String expectedContent = "\n" + "\n" + " \n" + " \n" + " \n" @@ -176,15 +162,12 @@ public class FormLoginBeanDefinitionParserTests { + "

\n" + " \n" + " \n" + "\n" + ""; - this.mvc.perform(get("/login")).andExpect(content().string(expectedContent)); } @Test public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationFailureForwardUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "bob").param("password", "invalidpassword")) .andExpect(status().isOk()).andExpect(forwardedUrl("/failure_forward_url")) .andExpect(request().attribute(WebAttributes.AUTHENTICATION_EXCEPTION, not(nullValue()))); @@ -192,9 +175,7 @@ public class FormLoginBeanDefinitionParserTests { @Test public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationSuccessForwardUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isOk()).andExpect(forwardedUrl("/success_forward_url")); } diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java index 7e55dde548..faa60c2bc5 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java @@ -66,66 +66,51 @@ public class FormLoginConfigTests { @Test public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage() throws Exception { - this.spring.configLocations(this.xml("WithAntRequestMatcher")).autowire(); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login")); } @Test public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithDefaultTargetUrl")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/default")); } @Test public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly() throws Exception { - this.spring.configLocations(this.xml("UsingSpel")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default")); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure")); - this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login")); } @Test public void autowireWhenLoginPageIsMisconfiguredThenDetects() { - assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire()) .isInstanceOf(BeanCreationException.class); } @Test public void autowireWhenDefaultTargetUrlIsMisconfiguredThenDetects() { - assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire()) .isInstanceOf(BeanCreationException.class); } @Test public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly() throws Exception { - this.spring.configLocations(this.xml("WithSuccessAndFailureHandlers")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isIAmATeapot()); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(status().isIAmATeapot()); } @Test public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds() throws Exception { - this.spring.configLocations(this.xml("WithUsernameAndPasswordParameters")).autowire(); - this.mvc.perform(post("/login").param("xname", "user").param("xpass", "password").with(csrf())) .andExpect(redirectedUrl("/")); } @@ -136,28 +121,21 @@ public class FormLoginConfigTests { @Test public void autowireWhenCustomLoginPageIsSlashLoginThenNoDefaultLoginPageGeneratingFilterIsWired() throws Exception { - this.spring.configLocations(this.xml("ForSec2919")).autowire(); - this.mvc.perform(get("/login")).andExpect(content().string("teapot")); - assertThat(getFilter(this.spring.getContext(), DefaultLoginPageGeneratingFilter.class)).isNull(); } @Test public void authenticateWhenCsrfIsEnabledThenRequiresToken() throws Exception { - this.spring.configLocations(this.xml("WithCsrfEnabled")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isForbidden()); } @Test public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken() throws Exception { - this.spring.configLocations(this.xml("WithCsrfDisabled")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(status().isFound()); } @@ -169,24 +147,19 @@ public class FormLoginConfigTests { @Test public void authenticateWhenLoginPageIsSlashLoginAndAuthenticationFailsThenRedirectContainsErrorParameter() throws Exception { - this.spring.configLocations(this.xml("ForSec3147")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf())) .andExpect(redirectedUrl("/login?error")); } private Filter getFilter(ApplicationContext context, Class filterClass) { FilterChainProxy filterChain = context.getBean(BeanIds.FILTER_CHAIN_PROXY, FilterChainProxy.class); - List filters = filterChain.getFilters("/any"); - for (Filter filter : filters) { if (filter.getClass() == filterClass) { return filter; } } - return null; } @@ -210,14 +183,12 @@ public class FormLoginConfigTests { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) { - response.setStatus(HttpStatus.I_AM_A_TEAPOT.value()); } @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { - response.setStatus(HttpStatus.I_AM_A_TEAPOT.value()); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java index e0eacfd369..d3de9aab8d 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java @@ -51,25 +51,18 @@ public class HttpConfigTests { @Test public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() throws Exception { - this.spring.configLocations(this.xml("Minimal")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); } @Test public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter() throws Exception { - this.spring.configLocations(this.xml("Minimal")).autowire(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java index 3809b4f5a1..6f3b20db83 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java @@ -66,36 +66,27 @@ public class HttpCorsConfigTests { @Test public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCors")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @Test public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCorsConfigurationSource")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @Test public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake() throws Exception { - this.spring.configLocations(this.xml("WithCorsFilter")).autowire(); - this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); - this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders()) .andExpect(status().isOk()); } @@ -115,12 +106,10 @@ public class HttpCorsConfigTests { private RequestPostProcessor cors(boolean preflight) { return (request) -> { request.addHeader(HttpHeaders.ORIGIN, "https://example.com"); - if (preflight) { request.setMethod(HttpMethod.OPTIONS.name()); request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()); } - return request; }; } @@ -149,7 +138,6 @@ public class HttpCorsConfigTests { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name())); - super.registerCorsConfiguration("/**", configuration); } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java index ef52dec747..da112ae731 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java @@ -51,7 +51,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class HttpHeadersConfigTests { private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpHeadersConfigTests"; - static final Map defaultHeaders = ImmutableMap.builder() .put("X-Content-Type-Options", "nosniff").put("X-Frame-Options", "DENY") .put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains") @@ -66,39 +65,28 @@ public class HttpHeadersConfigTests { @Test public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("HeadersDisabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.disabled", "true"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.disabled", "false"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception { - System.clearProperty("security.headers.disabled"); - this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @@ -111,28 +99,21 @@ public class HttpHeadersConfigTests { @Test public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("DefaultConfig")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("HeadersEnabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenFrameOptionsConfiguredThenIncludesHeader() throws Exception { - Map headers = new HashMap(defaultHeaders); headers.put("X-Frame-Options", "SAMEORIGIN"); - this.spring.configLocations(this.xml("WithFrameOptions")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers)); } @@ -141,86 +122,63 @@ public class HttpHeadersConfigTests { */ @Test public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithNoOverride")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders() throws Exception { - System.setProperty("security.headers.defaults.disabled", "true"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders() throws Exception { - System.setProperty("security.headers.defaults.disabled", "false"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders() throws Exception { - System.clearProperty("security.headers.defaults.disabled"); - this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenUsingContentTypeOptionsThenDefaultsToNoSniff() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Content-Type-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithContentTypeOptions")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Content-Type-Options", "nosniff")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsThenDefaultsToDeny() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptions")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsDenyThenRespondsWithDeny() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsDeny")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingFrameOptionsSameOriginThenRespondsWithSameOrigin() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsSameOrigin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "SAMEORIGIN")).andExpect(excludes(excludedHeaders)); } @@ -249,12 +207,9 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingFrameOptionsAllowFromThenRespondsWithAllowFrom() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFrom")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org")) .andExpect(excludes(excludedHeaders)); @@ -262,34 +217,26 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingFrameOptionsAllowFromWhitelistThenRespondsWithAllowFrom() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-Frame-Options"); - this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromWhitelist")).autowire(); - this.mvc.perform(get("/").param("from", "https://example.org")).andExpect(status().isOk()) .andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org")) .andExpect(excludes(excludedHeaders)); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY")) .andExpect(excludes(excludedHeaders)); } @Test public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeader")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("a", "b")) .andExpect(header().string("c", "d")).andExpect(excludesDefaults()); } @Test public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeaderWriter")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("abc", "def")) .andExpect(excludesDefaults()); } @@ -309,36 +256,27 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingXssProtectionThenDefaultsToModeBlock() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtection")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenEnablingXssProtectionThenDefaultsToModeBlock() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionEnabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders)); } @Test public void requestWhenDisablingXssProtectionThenDefaultsToZero() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("X-XSS-Protection"); - this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabled")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-XSS-Protection", "0")) .andExpect(excludes(excludedHeaders)); } @@ -353,24 +291,18 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders() throws Exception { - Map includedHeaders = ImmutableMap.builder() .put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0") .put("Pragma", "no-cache").build(); - this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenUsingHstsThenRespondsWithHstsHeader() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("Strict-Transport-Security"); - this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) .andExpect(excludes(excludedHeaders)); @@ -378,20 +310,15 @@ public class HttpHeadersConfigTests { @Test public void insecureRequestWhenUsingHstsThenExcludesHstsHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()); } @Test public void insecureRequestWhenUsingCustomHstsRequestMatcherThenIncludesHstsHeader() throws Exception { - Set excludedHeaders = new HashSet<>(defaultHeaders.keySet()); excludedHeaders.remove("Strict-Transport-Security"); - this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHstsRequestMatcher")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().string("Strict-Transport-Security", "max-age=1")) .andExpect(excludes(excludedHeaders)); @@ -414,7 +341,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpThenIncludesHpkpHeader() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkp")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -424,7 +350,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -434,7 +359,6 @@ public class HttpHeadersConfigTests { @Test public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()) .andExpect(header().doesNotExist("Public-Key-Pins-Report-Only")).andExpect(excludesDefaults()); } @@ -442,7 +366,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpMaxAge")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins-Report-Only", "max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -452,7 +375,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReport")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()) .andExpect(header().string("Public-Key-Pins", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"")) @@ -462,7 +384,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpIncludeSubdomains")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string( "Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains")) @@ -472,7 +393,6 @@ public class HttpHeadersConfigTests { @Test public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly() throws Exception { this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReportUri")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string( "Public-Key-Pins-Report-Only", "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"")) @@ -481,68 +401,51 @@ public class HttpHeadersConfigTests { @Test public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception { - Collection cacheControl = Arrays.asList("Cache-Control", "Expires", "Pragma"); Map allButCacheControl = remove(defaultHeaders, cacheControl); - this.spring.configLocations(this.xml("CacheControlDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButCacheControl)) .andExpect(excludes(cacheControl)); } @Test public void requestWhenContentTypeOptionsDisabledThenExcludesHeader() throws Exception { - Collection contentTypeOptions = Arrays.asList("X-Content-Type-Options"); Map allButContentTypeOptions = remove(defaultHeaders, contentTypeOptions); - this.spring.configLocations(this.xml("ContentTypeOptionsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButContentTypeOptions)) .andExpect(excludes(contentTypeOptions)); } @Test public void requestWhenHstsDisabledThenExcludesHeader() throws Exception { - Collection hsts = Arrays.asList("Strict-Transport-Security"); Map allButHsts = remove(defaultHeaders, hsts); - this.spring.configLocations(this.xml("HstsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButHsts)) .andExpect(excludes(hsts)); } @Test public void requestWhenHpkpDisabledThenExcludesHeader() throws Exception { - this.spring.configLocations(this.xml("HpkpDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults()); } @Test public void requestWhenFrameOptionsDisabledThenExcludesHeader() throws Exception { - Collection frameOptions = Arrays.asList("X-Frame-Options"); Map allButFrameOptions = remove(defaultHeaders, frameOptions); - this.spring.configLocations(this.xml("FrameOptionsDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButFrameOptions)) .andExpect(excludes(frameOptions)); } @Test public void requestWhenXssProtectionDisabledThenExcludesHeader() throws Exception { - Collection xssProtection = Arrays.asList("X-XSS-Protection"); Map allButXssProtection = remove(defaultHeaders, xssProtection); - this.spring.configLocations(this.xml("XssProtectionDisabled")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButXssProtection)) .andExpect(excludes(xssProtection)); } @@ -589,29 +492,22 @@ public class HttpHeadersConfigTests { @Test public void requestWhenContentSecurityPolicyDirectivesConfiguredThenIncludesDirectives() throws Exception { - Map includedHeaders = new HashMap<>(defaultHeaders); includedHeaders.put("Content-Security-Policy", "default-src 'self'"); - this.spring.configLocations(this.xml("ContentSecurityPolicyWithPolicyDirectives")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader() throws Exception { - this.spring.configLocations(this.xml("HeadersDisabledWithContentSecurityPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(excludes("Content-Security-Policy")); } @Test public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithContentSecurityPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Content-Security-Policy", "default-src 'self'")); } @@ -626,30 +522,23 @@ public class HttpHeadersConfigTests { @Test public void requestWhenContentSecurityPolicyConfiguredWithReportOnlyThenIncludesReportOnlyHeader() throws Exception { - Map includedHeaders = new HashMap<>(defaultHeaders); includedHeaders.put("Content-Security-Policy-Report-Only", "default-src https:; report-uri https://example.org/"); - this.spring.configLocations(this.xml("ContentSecurityPolicyWithReportOnly")).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders)); } @Test public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicy")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Referrer-Policy", "no-referrer")); } @Test public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin() throws Exception { - this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicySameOrigin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults()) .andExpect(header().string("Referrer-Policy", "same-origin")); } @@ -684,11 +573,9 @@ public class HttpHeadersConfigTests { private static Map remove(Map map, Collection keys) { Map copy = new HashMap<>(map); - for (K key : keys) { copy.remove(key); } - return copy; } diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java index 614c072d60..671a392dae 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java @@ -48,11 +48,8 @@ public class HttpInterceptUrlTests { @Test public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception { loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml"); - this.mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized()); - this.mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized()); - this.mockMvc.perform(get("/other")).andExpect(status().isOk()); } @@ -65,9 +62,7 @@ public class HttpInterceptUrlTests { context.setServletContext(new MockServletContext()); context.refresh(); this.context = context; - context.getAutowireCapableBeanFactory().autowireBean(this); - Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class); this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain) .build(); diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java index 07b4708f9e..1b7d40c339 100644 --- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java @@ -64,11 +64,8 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority() throws Exception { - this.spring.configLocations(this.xml("Sec2256")).autowire(); - this.mvc.perform(post("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); } @@ -77,24 +74,16 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("PatchMethod")).autowire(); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(patch("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(patch("/path").with(httpBasic("admin", "password"))).andExpect(status().isOk()); - } @Test public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("HasAnyRole")).autowire(); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path").with(httpBasic("admin", "password"))).andExpect(status().isForbidden()); } @@ -103,14 +92,10 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("PathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -119,14 +104,10 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("CamelCasePathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -135,55 +116,37 @@ public class InterceptUrlConfigTests { */ @Test public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("TypeConversionPathVariables")).autowire(); - this.mvc.perform(get("/path/1/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/2/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - } @Test public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchers")).autowire(); - this.mvc.perform(get("/path")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/path.html")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/path/")).andExpect(status().isUnauthorized()); } @Test public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchersPathVariables")).autowire(); - this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @Test public void requestWhenUsingMvcMatchersAndServletPathThenAuthorizesRequestsAccordingly() throws Exception { - this.spring.configLocations(this.xml("MvcMatchersServletPath")).autowire(); - MockServletContext servletContext = mockServletContext("/spring"); ConfigurableWebApplicationContext context = this.spring.getContext(); context.setServletContext(servletContext); - this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/spring/path.html").servletPath("/spring")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/spring/path/").servletPath("/spring")).andExpect(status().isUnauthorized()); - } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java index 56c9106964..1438a39056 100644 --- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java @@ -161,41 +161,29 @@ public class MiscHttpConfigTests { @Test public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk() throws Exception { - this.spring.configLocations(xml("NoSecurityForPattern")).autowire(); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); - this.mvc.perform(get("/nomatch")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("RegexSecurityPattern")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire(); - this.mvc.perform(get("/ProTectEd")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/UnProTectEd")).andExpect(status().isNotFound()); } @Test public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly() throws Exception { - this.spring.configLocations(xml("CustomRequestMatcher")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); } @@ -204,94 +192,64 @@ public class MiscHttpConfigTests { */ @Test public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints() throws Exception { - this.spring.configLocations(xml("AnonymousEndpoints")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound()); - assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull(); } @Test public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception { - this.spring.configLocations(xml("AnonymousDisabled")).autowire(); - this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized()); - this.mvc.perform(get("/unprotected")).andExpect(status().isUnauthorized()); - assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull(); } @Test public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes() throws Exception { - this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh")); - this.mvc.perform(get("/customKey")).andExpect(status().isOk()) .andExpect(content().string(String.valueOf("myCustomKey".hashCode()))); } @Test public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes() throws Exception { - this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh")); - this.mvc.perform(get("/customKey")).andExpect(status().isOk()) .andExpect(content().string(String.valueOf("myCustomKey".hashCode()))); } @Test public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethod")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(post("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(post("/protected").with(httpBasic("poster", "password"))).andExpect(status().isOk()); - this.mvc.perform(delete("/protected").with(httpBasic("poster", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(delete("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk()); } @Test public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire(); - this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password"))) .andExpect(status().isOk()); } @Test public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly() throws Exception { - this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire(); - this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); - this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password"))) .andExpect(status().isOk()); } @@ -299,20 +257,15 @@ public class MiscHttpConfigTests { @Test public void configureWhenOncePerRequestIsFalseThenFilterSecurityInterceptorExercisedForForwards() { this.spring.configLocations(xml("OncePerRequest")).autowire(); - FilterSecurityInterceptor filterSecurityInterceptor = getFilter(FilterSecurityInterceptor.class); assertThat(filterSecurityInterceptor.isObserveOncePerRequest()).isFalse(); } @Test public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence() throws Exception { - this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire(); - AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class); - this.mvc.perform(get("/protected")).andExpect(status().isOk()); - verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -326,7 +279,6 @@ public class MiscHttpConfigTests { @Test public void getWhenPortsMappedThenRedirectedAccordingly() throws Exception { this.spring.configLocations(xml("PortsMappedInterceptUrlMethodRequiresAny")).autowire(); - this.mvc.perform(get("http://localhost:9080/protected")) .andExpect(redirectedUrl("https://localhost:9443/protected")); } @@ -335,11 +287,8 @@ public class MiscHttpConfigTests { public void configureWhenCustomFiltersThenAddedToChainInCorrectOrder() { System.setProperty("customFilterRef", "userFilter"); this.spring.configLocations(xml("CustomFilters")).autowire(); - List filters = getFilters("/"); - Class userFilterClass = this.spring.getContext().getBean("userFilter").getClass(); - assertThat(filters).extracting((Extractor>) (filter) -> filter.getClass()).containsSubsequence( userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class, userFilterClass); @@ -354,7 +303,6 @@ public class MiscHttpConfigTests { @Test public void configureWhenUsingX509ThenAddsX509FilterCorrectly() { this.spring.configLocations(xml("X509")).autowire(); - assertThat(getFilters("/")).extracting((Extractor>) (filter) -> filter.getClass()) .containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class, ExceptionTranslationFilter.class); @@ -364,7 +312,6 @@ public class MiscHttpConfigTests { public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception { System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)"); this.spring.configLocations(xml("X509")).autowire(); - this.mvc.perform(get("/protected") .with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem"))) .andExpect(status().isOk()); @@ -379,9 +326,7 @@ public class MiscHttpConfigTests { @Test public void logoutWhenSpecifyingCookiesToDeleteThenSetCookieAdded() throws Exception { this.spring.configLocations(xml("DeleteCookies")).autowire(); - MvcResult result = this.mvc.perform(post("/logout").with(csrf())).andReturn(); - List values = result.getResponse().getHeaders("Set-Cookie"); assertThat(values.size()).isEqualTo(2); assertThat(values).extracting((value) -> value.split("=")[0]).contains("JSESSIONID", "mycookie"); @@ -390,29 +335,22 @@ public class MiscHttpConfigTests { @Test public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception { this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/logoutSuccessEndpoint")); } @Test public void getWhenUnauthenticatedThenUsesConfiguredRequestCache() throws Exception { this.spring.configLocations(xml("RequestCache")).autowire(); - RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); - this.mvc.perform(get("/")); - verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test public void getWhenUnauthenticatedThenUsesConfiguredAuthenticationEntryPoint() throws Exception { this.spring.configLocations(xml("EntryPoint")).autowire(); - AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class); - this.mvc.perform(get("/")); - verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -426,38 +364,29 @@ public class MiscHttpConfigTests { @Test public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() { this.spring.configLocations(xml("Sec750")).autowire(); - BeanNameCollectingPostProcessor postProcessor = this.spring.getContext() .getBean(BeanNameCollectingPostProcessor.class); - assertThat(postProcessor.getBeforeInitPostProcessedBeans()).contains("authenticationProvider", "userService"); assertThat(postProcessor.getAfterInitPostProcessedBeans()).contains("authenticationProvider", "userService"); - } /* SEC-934 */ @Test public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception { this.spring.configLocations(xml("Sec934")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isForbidden()); } @Test public void getWhenAuthenticatingThenConsultsCustomSecurityContextRepository() throws Exception { this.spring.configLocations(xml("SecurityContextRepository")).autowire(); - SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class); SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password")); given(repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(context); - MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password"))) .andExpect(status().isOk()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - verify(repository, atLeastOnce()).saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -465,25 +394,18 @@ public class MiscHttpConfigTests { @Test public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("InterceptUrlExpressions")).autowire(); - this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isOk()); - } @Test public void getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("ExpressionHandler")).autowire(); - PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class); given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class))) .willReturn(false); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); - verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class)); } @@ -491,26 +413,19 @@ public class MiscHttpConfigTests { public void configureWhenProtectingLoginPageThenWarningLogged() { ByteArrayOutputStream baos = new ByteArrayOutputStream(); redirectLogsTo(baos, DefaultFilterChainValidator.class); - this.spring.configLocations(xml("ProtectedLoginPage")).autowire(); - assertThat(baos.toString()).contains("[WARN]"); } @Test public void configureWhenUsingDisableUrlRewritingThenRedirectIsNotEncodedByResponse() throws IOException, ServletException { - this.spring.configLocations(xml("DisableUrlRewriting")).autowire(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login"); } @@ -520,11 +435,9 @@ public class MiscHttpConfigTests { assertThatCode( () -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire()) .isInstanceOf(BeansException.class); - try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) { parent.setConfigLocations(MiscHttpConfigTests.xml("AutoConfig")); parent.refresh(); - try (XmlWebApplicationContext child = new XmlWebApplicationContext()) { child.setParent(parent); child.setConfigLocation(MiscHttpConfigTests.xml("MissingUserDetailsService")); @@ -536,9 +449,7 @@ public class MiscHttpConfigTests { @Test public void loginWhenConfiguredWithNoInternalAuthenticationProvidersThenSuccessfullyAuthenticates() throws Exception { - this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/")); } @@ -546,16 +457,13 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception { this.spring.configLocations(xml("HttpBasic")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("")); } @Test public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("")); } @@ -565,28 +473,22 @@ public class MiscHttpConfigTests { @Test public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password")); } @Test public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly() throws Exception { - this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire(); - this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password")); } @Test public void loginWhenJeeFilterThenExtractsRoles() throws Exception { this.spring.configLocations(xml("JeeFilter")).autowire(); - Principal user = mock(Principal.class); given(user.getName()).willReturn("joe"); - this.mvc.perform(get("/roles").principal(user).with((request) -> { request.addUserRole("admin"); request.addUserRole("user"); @@ -598,26 +500,19 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingCustomAuthenticationDetailsSourceRefThenAuthenticationSourcesDetailsAccordingly() throws Exception { - this.spring.configLocations(xml("CustomAuthenticationDetailsSourceRef")).autowire(); - Object details = mock(Object.class); AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class); given(source.buildDetails(any(Object.class))).willReturn(details); - this.mvc.perform(get("/details").with(httpBasic("user", "password"))) .andExpect(content().string(details.getClass().getName())); - this.mvc.perform(get("/details") .with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem"))) .andExpect(content().string(details.getClass().getName())); - MockHttpSession session = (MockHttpSession) this.mvc .perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andReturn().getRequest().getSession(false); - this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName())); - assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class), "authenticationDetailsSource")).isEqualTo(source); } @@ -625,29 +520,24 @@ public class MiscHttpConfigTests { @Test public void loginWhenUsingJaasApiProvisionThenJaasSubjectContainsUsername() throws Exception { this.spring.configLocations(xml("Jaas")).autowire(); - AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class); given(granter.grant(any(Principal.class))).willReturn(new HashSet<>(Arrays.asList("USER"))); - this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user")); } @Test public void getWhenUsingCustomHttpFirewallThenFirewallIsInvoked() throws Exception { this.spring.configLocations(xml("HttpFirewall")).autowire(); - FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) { @Override public void reset() { } }; HttpServletResponse response = new MockHttpServletResponse(); - HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class); given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willReturn(request); given(firewall.getFirewalledResponse(any(HttpServletResponse.class))).willReturn(response); this.mvc.perform(get("/unprotected")); - verify(firewall).getFirewalledRequest(any(HttpServletRequest.class)); verify(firewall).getFirewalledResponse(any(HttpServletResponse.class)); } @@ -655,22 +545,18 @@ public class MiscHttpConfigTests { @Test public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception { this.spring.configLocations(xml("RequestRejectedHandler")).autowire(); - HttpServletResponse response = new MockHttpServletResponse(); - RequestRejectedException rejected = new RequestRejectedException("failed"); HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class); RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class); given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected); this.mvc.perform(get("/unprotected")); - verify(requestRejectedHandler).handle(any(), any(), any()); } @Test public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception { this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire(); - this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isForbidden()); } @@ -680,16 +566,13 @@ public class MiscHttpConfigTests { @Test public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception { this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire(); - MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected")) .andExpect(redirectedUrl("https://localhost:9443/login")).andReturn().getRequest().getSession(false); - session = (MockHttpSession) this.mvc .perform(post("/login").param("username", "user").param("password", "password").session(session) .with(csrf())) .andExpect(redirectedUrl("https://localhost:9443/protected")).andReturn().getRequest() .getSession(false); - this.mvc.perform(get("http://localhost:9080/protected").session(session)) .andExpect(redirectedUrl("https://localhost:9443/protected")); } @@ -715,7 +598,6 @@ public class MiscHttpConfigTests { private void assertThatFiltersMatchExpectedAutoConfigList(String url) { Iterator filters = getFilters(url).iterator(); - assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class); assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class); assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class); @@ -768,11 +650,9 @@ public class MiscHttpConfigTests { @GetMapping("/customKey") String customKey() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication != null && authentication instanceof AnonymousAuthenticationToken) { return String.valueOf(((AnonymousAuthenticationToken) authentication).getKeyHash()); } - return null; } diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java index dd3fb990e3..4c19f1d5d2 100644 --- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java @@ -52,12 +52,9 @@ public class MultiHttpBlockConfigTests { @Test public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly() throws Exception { - this.spring.configLocations(this.xml("DistinctHttpElements")).autowire(); - this.mvc.perform(MockMvcRequestBuilders.get("/first").with(httpBasic("user", "password"))) .andExpect(status().isOk()); - this.mvc.perform(post("/second/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isFound()).andExpect(redirectedUrl("/")); } @@ -80,11 +77,8 @@ public class MultiHttpBlockConfigTests { @Test public void requestWhenTargettingAuthenticationManagersToCorrespondingHttpElementsThenAuthenticationProceeds() throws Exception { - this.spring.configLocations(this.xml("Sec1937")).autowire(); - this.mvc.perform(get("/first").with(httpBasic("first", "password")).with(csrf())).andExpect(status().isOk()); - this.mvc.perform(post("/second/login").param("username", "second").param("password", "password").with(csrf())) .andExpect(redirectedUrl("/")); } diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java index 028ccf8f6a..166757825d 100644 --- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java +++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java @@ -88,12 +88,9 @@ public class NamespaceHttpBasicTests { " "); // @formatter:on - this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8"))); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -108,9 +105,7 @@ public class NamespaceHttpBasicTests { "\n" + " "); // @formatter:on - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\""); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java index 0b0842641d..a6ade1e729 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java @@ -100,7 +100,6 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenAuthorizeThenRedirect() throws Exception { this.spring.configLocations(xml("Minimal")).autowire(); - MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andReturn(); assertThat(result.getResponse().getRedirectedUrl()).matches( @@ -111,58 +110,46 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception { this.spring.configLocations(xml("CustomClientRegistrationRepository")).autowire(); - ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google") .clientId("google-client-id").clientSecret("google-client-secret") .redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andReturn(); assertThat(result.getResponse().getRedirectedUrl()).matches( "https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&" + "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google"); - verify(this.clientRegistrationRepository).findByRegistrationId(any()); } @Test public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception { this.spring.configLocations(xml("CustomConfiguration")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestResolver.resolve(any())).willReturn(authorizationRequest); - this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?" + "response_type=code&client_id=google-client-id&" + "scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google")); - verify(this.authorizationRequestResolver).resolve(any()); } @Test public void requestWhenAuthorizationResponseMatchThenProcess() throws Exception { this.spring.configLocations(xml("CustomConfiguration")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri())); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(), @@ -176,23 +163,18 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception { this.spring.configLocations(xml("CustomAuthorizedClientService")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params)) .andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri())); - verify(this.authorizedClientService).saveAuthorizedClient(any(), any()); } @@ -200,13 +182,10 @@ public class OAuth2ClientBeanDefinitionParserTests { @Test public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception { this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient); - this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved")); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java index 190fd7e704..50e77f770c 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java @@ -144,9 +144,7 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration")).autowire(); - MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn(); - assertThat(result.getResponse().getContentAsString()) .contains("Google"); assertThat(result.getResponse().getContentAsString()) @@ -157,10 +155,8 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login")); - verify(this.requestCache).saveRequest(any(), any()); } @@ -169,7 +165,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -179,7 +174,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration")).autowire(); - this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -188,12 +182,10 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenAuthorizationRequestNotFoundThenThrowAuthenticationException() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationFailureHandler")) .autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", "state123"); this.mvc.perform(get("/login/oauth2/code/google").params(params)); - ArgumentCaptor exceptionCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture()); @@ -206,25 +198,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizationResponseValidThenAuthenticate() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -235,25 +222,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizationResponseValidThenAuthenticationSuccessEventPublished() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)); - verify(this.authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class)); } @@ -261,27 +243,22 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenOidcAuthenticationResponseValidThenJwtDecoderFactoryCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler")) .autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse() .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("/")); - verify(this.jwtDecoderFactory).createDecoder(any()); verify(this.requestCache).getRequest(any(), any()); } @@ -290,28 +267,22 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomGrantedAuthoritiesMapperThenCalled() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomGrantedAuthorities")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - given(this.userAuthoritiesMapper.mapAuthorities(any())) .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER")); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -319,25 +290,19 @@ public class OAuth2LoginBeanDefinitionParserTests { assertThat(authentication.getAuthorities()).hasSize(1); assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class) .hasToString("ROLE_OAUTH2_USER"); - // re-setup for OIDC test attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); - given(this.userAuthoritiesMapper.mapAuthorities(any())) .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER")); - this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful()); - authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); @@ -352,25 +317,20 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomLoginProcessingUrlThenProcessAuthentication() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomLoginProcessingUrl")).autowire(); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful()); - ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture()); Authentication authentication = authenticationCaptor.getValue(); @@ -382,9 +342,7 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver")) .autowire(); - this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection()); - verify(this.authorizationRequestResolver).resolve(any()); } @@ -392,7 +350,6 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("MultiClientRegistration")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -400,7 +357,6 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/custom-login")); } @@ -410,7 +366,6 @@ public class OAuth2LoginBeanDefinitionParserTests { public void requestWhenSingleClientRegistrationAndFormLoginConfiguredThenRedirectDefaultLoginPage() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login")); } @@ -418,84 +373,66 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomClientRegistrationRepository")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId()); } @Test public void requestWhenCustomAuthorizedClientRepositoryThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomAuthorizedClientRepository")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any()); } @Test public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception { this.spring.configLocations(this.xml("WithCustomAuthorizedClientService")).autowire(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration); - Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) .willReturn(authorizationRequest); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params)); - verify(this.authorizedClientService).saveAuthorizedClient(any(), any()); } @@ -503,13 +440,10 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception { this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire(); - ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient); - this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved")); } diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java index aa233653b1..9ba660ea3a 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java @@ -138,7 +138,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @@ -147,59 +146,48 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void getWhenExpiredBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenBadJwkEndpointThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations("malformed"); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenUnavailableJwkEndpointThenInvalidToken() throws Exception { - this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire(); this.web.shutdown(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Bearer")); } @Test public void getWhenMalformedBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/").header("Authorization", "Bearer an\"invalid\"token")) .andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Bearer token is malformed")); } @Test public void getWhenMalformedPayloadThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("MalformedPayload"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect( invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload")); @@ -207,30 +195,24 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenUnsignedBearerTokenThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); String token = this.token("Unsigned"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Unsupported algorithm of none")); } @Test public void getWhenBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); this.mockRestOperations(jwks("Default")); String token = this.token("TooEarly"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenBearerTokenInTwoPlacesThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/").header("Authorization", "Bearer token").param("access_token", "token")) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); @@ -238,22 +220,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenBearerTokenInTwoParametersThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - MultiValueMap params = new LinkedMultiValueMap<>(); params.add("access_token", "token1"); params.add("access_token", "token2"); - this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); } @Test public void postWhenBearerTokenAsFormParameterThenIgnoresToken() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(post("/") // engage csrf .param("access_token", "token")).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different @@ -263,95 +240,77 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenNoBearerTokenThenUnauthorized() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); } @Test public void getWhenSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void getWhenInsufficientScopeThenInsufficientScopeError() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isForbidden()).andExpect(insufficientScopeHeader()); } @Test public void getWhenInsufficientScpThenInsufficientScopeError() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token)) .andExpect(status().isForbidden()).andExpect(insufficientScopeHeader()); } @Test public void getWhenAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Empty")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); } @Test public void getWhenAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void getWhenKeyMatchesByKidThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("TwoKeys")); String token = this.token("Kid"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); } @Test public void postWhenNoBearerTokenThenCsrfDenies() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different // from @@ -360,11 +319,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void postWhenExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); - this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); @@ -372,49 +329,37 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenJwtThenSessionIsNotCreated() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenIntrospectionThenSessionIsNotCreated() throws Exception { - this.spring.configLocations(xml("WebServer"), xml("IntrospectionUri")).autowire(); mockWebServer(json("Active")); - MvcResult result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void requestWhenNoBearerTokenThenSessionIsCreated() throws Exception { - this.spring.configLocations(xml("JwkSetUri")).autowire(); - MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @Test public void requestWhenSessionManagementConfiguredThenUses() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("AlwaysSessionCreation")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); } @@ -422,15 +367,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenCustomBearerTokenResolverThenUses() throws Exception { this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver")) .autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode("token")).willReturn(TestJwts.jwt().build()); - BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class); given(bearerTokenResolver.resolve(any(HttpServletRequest.class))).willReturn("token"); - this.mvc.perform(get("/")).andExpect(status().isNotFound()); - verify(decoder).decode("token"); verify(bearerTokenResolver).resolve(any(HttpServletRequest.class)); } @@ -438,41 +379,30 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - this.mvc.perform(post("/authenticated").param("access_token", "token")).andExpect(status().isNotFound()); } @Test public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - this.mvc.perform(get("/authenticated").param("access_token", "token")).andExpect(status().isNotFound()); - verify(decoder, times(2)).decode("token"); } @Test public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire(); - this.mvc.perform(post("/authenticated").param("access_token", "token").header("Authorization", "Bearer token") .with(csrf())).andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -481,9 +411,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire(); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token").param("access_token", "token")) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); @@ -493,22 +421,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() { OAuth2ResourceServerBeanDefinitionParser oauth2 = new OAuth2ResourceServerBeanDefinitionParser( mock(BeanReference.class), mock(List.class), mock(Map.class), mock(Map.class), mock(List.class)); - assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class); } @Test public void requestWhenCustomJwtDecoderThenUsed() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("Jwt")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); - given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); - verify(decoder).decode("token"); } @@ -520,12 +442,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AuthenticationEntryPoint")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); Mockito.when(decoder.decode(anyString())).thenThrow(JwtException.class); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token")) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -533,12 +452,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped")) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); @@ -546,86 +462,66 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception { - this.spring.configLocations(xml("MockJwtValidator"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - OAuth2TokenValidator jwtValidator = this.spring.getContext().getBean(OAuth2TokenValidator.class); - OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri"); - given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error)); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description"))); } @Test public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception { - this.spring.configLocations(xml("UnexpiredJwtClockSkew"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { - this.spring.configLocations(xml("ExpiredJwtClockSkew"), xml("Jwt")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Jwt expired at")); } @Test public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), xml("JwtAuthenticationConverter")).autowire(); - Converter jwtAuthenticationConverter = (Converter) this.spring .getContext().getBean("jwtAuthenticationConverter"); given(jwtAuthenticationConverter.convert(any(Jwt.class))) .willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); - JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build()); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound()); - verify(jwtAuthenticationConverter).convert(any(Jwt.class)); } @Test public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound()); } @Test public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("WrongSignature"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(invalidTokenHeader("signature")); } @Test public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception { - this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire(); String token = this.token("WrongAlgorithm"); - this.mvc.perform(get("/").header("Authorization", "Bearer " + token)) .andExpect(invalidTokenHeader("algorithm")); } @@ -634,7 +530,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectingThenOk() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("Active")); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isNotFound()); } @@ -643,7 +538,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectionFailsThenUnauthorized() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("Inactive")); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isUnauthorized()) .andExpect( header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active"))); @@ -653,7 +547,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire(); mockRestOperations(json("ActiveNoScopes")); - this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token")) .andExpect(status().isForbidden()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope"))); @@ -674,21 +567,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenAuthenticationManagerResolverThenUses() throws Exception { this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire(); - AuthenticationManagerResolver authenticationManagerResolver = this.spring.getContext() .getBean(AuthenticationManagerResolver.class); given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn( (authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); - this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound()); - verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class)); } @Test public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception { this.spring.configLocations(xml("WebServer"), xml("MultipleIssuers")).autowire(); - MockWebServer server = this.spring.getContext().getBean(MockWebServer.class); String metadata = "{\n" + " \"issuer\": \"%s\", \n" + " \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}"; @@ -699,22 +588,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { String jwtOne = jwtFromIssuer(issuerOne); String jwtTwo = jwtFromIssuer(issuerTwo); String jwtThree = jwtFromIssuer(issuerThree); - mockWebServer(String.format(metadata, issuerOne, issuerOne)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtOne)) .andExpect(status().isNotFound()); - mockWebServer(String.format(metadata, issuerTwo, issuerTwo)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtTwo)) .andExpect(status().isNotFound()); - mockWebServer(String.format(metadata, issuerThree, issuerThree)); mockWebServer(jwkSet); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtThree)) .andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer")); } @@ -722,18 +605,13 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception { // different from DSL - this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic"))); - this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token")) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer"))); @@ -742,32 +620,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { // different from DSL - this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire(); - JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willThrow(JwtException.class); - MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNotNull(); - result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) .andExpect(status().isUnauthorized()).andReturn(); - assertThat(result.getRequest().getSession(false)).isNull(); } @Test public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception { - this.spring.configLocations(xml("JwtRestOperations"), xml("BasicAndResourceServer")).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token)) .andExpect(status().isNotFound()); - this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound()); } @@ -800,11 +669,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { .willReturn(true); Element child = mock(Element.class); ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class)); - parser.validateConfiguration(element, child, null, pc); verify(pc.getReaderContext()).error(anyString(), eq(element)); reset(pc.getReaderContext()); - parser.validateConfiguration(element, null, child, pc); verify(pc.getReaderContext()).error(anyString(), eq(element)); } diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java index fad993004f..7017e60822 100644 --- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java @@ -72,63 +72,47 @@ public class OpenIDConfigTests { @Test public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage() throws Exception { - this.spring.configLocations(this.xml("WithFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); - assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull(); } @Test public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins() throws Exception { - this.spring.configLocations(this.xml("WithFormLoginPage")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/form-page")); } @Test public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins() throws Exception { - this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire(); - this.mvc.perform(get("/")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/openid-page")); } @Test public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException() { - assertThatCode(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire()) .isInstanceOf(BeanDefinitionParsingException.class); } @Test public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp() throws Exception { - this.spring.configLocations(this.xml("WithRememberMe")).autowire(); - OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); - String openIdEndpointUrl = "https://testopenid.com?openid.return_to="; Set returnToUrlParameters = new HashSet<>(); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); openIDFilter.setReturnToUrlParameters(returnToUrlParameters); - OpenIDConsumer consumer = mock(OpenIDConsumer.class); given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString())) .will((invocation) -> openIdEndpointUrl + invocation.getArgument(2)); openIDFilter.setConsumer(consumer); - String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?") .append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString(); - this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(get("/login")).andExpect(status().isOk()) .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); - this.mvc.perform(get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com") .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")).andExpect(status().isFound()) @@ -137,21 +121,16 @@ public class OpenIDConfigTests { @Test public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp() throws Exception { - this.spring.configLocations(this.xml("WithOpenIDAttributes")).autowire(); - OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); OpenID4JavaConsumer consumer = getFieldValue(openIDFilter, "consumer"); ConsumerManager manager = getFieldValue(consumer, "consumerManager"); manager.setMaxAssocAttempts(0); - try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); - server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() .setBody(String.format("%s", endpoint))); - this.mvc.perform( get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) .andExpect(status().isFound()) @@ -169,11 +148,8 @@ public class OpenIDConfigTests { @Test public void requestWhenLoginPageConfiguredWithPhraseLoginThenRedirectsOnlyToUserGeneratedLoginPage() throws Exception { - this.spring.configLocations(this.xml("Sec2919")).autowire(); - assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull(); - this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page")); } diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java index e413874758..13478ad795 100644 --- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java @@ -52,11 +52,8 @@ public class PlaceHolderAndELConfigTests { @Test public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() throws Exception { - System.setProperty("pattern.nofilters", "/unsecured"); - this.spring.configLocations(this.xml("UnsecuredPattern")).autowire(); - this.mvc.perform(get("/unsecured")).andExpect(status().isOk()); } @@ -65,27 +62,19 @@ public class PlaceHolderAndELConfigTests { */ @Test public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks() throws Exception { - System.setProperty("secure.Url", "/secured"); System.setProperty("secure.role", "ROLE_NUNYA"); System.setProperty("login.page", "/loginPage"); System.setProperty("default.target", "/defaultTarget"); System.setProperty("auth.failure", "/authFailure"); - this.spring.configLocations(this.xml("InterceptUrlAndFormLogin")).autowire(); - // login-page setting - this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage")); - // login-processing-url setting // default-target-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/defaultTarget")); - // authentication-failure-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong")) .andExpect(redirectedUrl("/authFailure")); } @@ -95,44 +84,31 @@ public class PlaceHolderAndELConfigTests { */ @Test public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks() throws Exception { - System.setProperty("secure.url", "/secured"); System.setProperty("secure.role", "ROLE_NUNYA"); System.setProperty("login.page", "/loginPage"); System.setProperty("default.target", "/defaultTarget"); System.setProperty("auth.failure", "/authFailure"); - this.spring.configLocations(this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire(); - // login-page setting - this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage")); - // login-processing-url setting // default-target-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password")) .andExpect(redirectedUrl("/defaultTarget")); - // authentication-failure-url setting - this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong")) .andExpect(redirectedUrl("/authFailure")); - } @Test @WithMockUser public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks() throws Exception { - System.setProperty("http", "9080"); System.setProperty("https", "9443"); - this.spring.configLocations(this.xml("PortMapping")).autowire(); - this.mvc.perform(get("http://localhost:9080/secured")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost:9443/secured")); - this.mvc.perform(get("https://localhost:9443/unsecured")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost:9080/unsecured")); } @@ -140,12 +116,9 @@ public class PlaceHolderAndELConfigTests { @Test @WithMockUser public void requestWhenUsingPlaceholderThenRequiresChannelWorks() throws Exception { - System.setProperty("secure.url", "/secured"); System.setProperty("required.channel", "https"); - this.spring.configLocations(this.xml("RequiresChannel")).autowire(); - this.mvc.perform(get("http://localhost/secured")).andExpect(status().isFound()) .andExpect(redirectedUrl("https://localhost/secured")); } @@ -153,20 +126,15 @@ public class PlaceHolderAndELConfigTests { @Test @WithMockUser public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() throws Exception { - System.setProperty("accessDenied", "/go-away"); - this.spring.configLocations(this.xml("AccessDeniedPage")).autowire(); - this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away")); } @Test @WithMockUser public void requestWhenUsingSpELThenAccessDeniedPageWorks() throws Exception { - this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire(); - this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away")); } diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java index e16b8ec2b1..46fc53c570 100644 --- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java @@ -69,17 +69,12 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithTokenRepository")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - JdbcTemplate template = this.spring.getContext().getBean(JdbcTemplate.class); int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); @@ -87,42 +82,30 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithDataSource")).autowire(); - TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class); JdbcTemplate template = new JdbcTemplate(dataSource); template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); } @Test public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler() throws Exception { - this.spring.configLocations(this.xml("WithAuthenticationSuccessHandler")).autowire(); - TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class); JdbcTemplate template = new JdbcTemplate(dataSource); template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(redirectedUrl("/target")); - int count = template.queryForObject("select count(*) from persistent_logins", int.class); assertThat(count).isEqualTo(1); } @@ -131,16 +114,12 @@ public class RememberMeConfigTests { public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates() throws Exception { // SEC-1281 - using key with external services this.spring.configLocations(this.xml("WithServicesRef")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - // SEC-909 this.mvc.perform(post("/logout").cookie(cookie).with(csrf())) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)) @@ -149,13 +128,9 @@ public class RememberMeConfigTests { @Test public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception { - this.spring.configLocations(this.xml("DefaultConfig")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password").andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(post("/logout").cookie(cookie).with(csrf())) .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)); } @@ -163,23 +138,17 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenTokenValidityIsConfiguredThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("TokenValidity")).autowire(); - MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000)) .andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @Test public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1)); } @@ -193,18 +162,14 @@ public class RememberMeConfigTests { @Test public void requestWithRememberMeWhenTokenValidityIsResolvedByPropertyPlaceholderThenCookieReflectsCorrectExpiration() throws Exception { - this.spring.configLocations(this.xml("Sec2165")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30)); } @Test public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception { - this.spring.configLocations(this.xml("SecureCookie")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true)); } @@ -214,9 +179,7 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception { - this.spring.configLocations(this.xml("Sec1827")).autowire(); - this.rememberAuthentication("user", "password") .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)); } @@ -232,17 +195,12 @@ public class RememberMeConfigTests { public void requestWithRememberMeWhenUsingCustomUserDetailsServiceThenInvokesThisUserDetailsService() throws Exception { this.spring.configLocations(this.xml("WithUserDetailsService")).autowire(); - UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class); given(userDetailsService.loadUserByUsername("user")) .willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList())); - MvcResult result = this.rememberAuthentication("user", "password").andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); - verify(userDetailsService, atLeastOnce()).loadUserByUsername("user"); } @@ -251,14 +209,10 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates() throws Exception { - this.spring.configLocations(this.xml("Sec742")).autowire(); - MvcResult result = this.mvc.perform(login("user", "password").param("remember-me", "true").with(csrf())) .andExpect(redirectedUrl("/messageList.html")).andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @@ -267,15 +221,11 @@ public class RememberMeConfigTests { */ @Test public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates() throws Exception { - this.spring.configLocations(this.xml("WithRememberMeParameter")).autowire(); - MvcResult result = this.mvc .perform(login("user", "password").param("custom-remember-me-parameter", "true").with(csrf())) .andExpect(redirectedUrl("/")).andReturn(); - Cookie cookie = rememberMeCookie(result); - this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk()); } @@ -290,9 +240,7 @@ public class RememberMeConfigTests { */ @Test public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception { - this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire(); - this.rememberAuthentication("user", "password").andExpect(cookie().exists("custom-remember-me-cookie")); } @@ -309,7 +257,6 @@ public class RememberMeConfigTests { } private ResultActions rememberAuthentication(String username, String password) throws Exception { - return this.mvc.perform( login(username, password).param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true").with(csrf())) .andExpect(redirectedUrl("/")); diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java index ddb27b5cf5..d0ecc45474 100644 --- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java @@ -66,132 +66,89 @@ public class SecurityContextHolderAwareRequestConfigTests { @Test public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user")); } @Test public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @Test public void servletLogoutWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNull(); } @Test public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("HttpBasic")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("discworld"))); } @Test public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("FormLogin")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); } @Test public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user")); - this.mvc.perform(get("/v2/good-login")).andExpect(status().isOk()).andExpect(content().string("user2")); } @Test public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(get("/v2/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login2")); - } @Test public void servletLogoutWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("MultiHttp")).autowire(); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/v2/good-login")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/v2/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNull(); } @Test public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception { - this.spring.configLocations(this.xml("Logout")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/signin")); - MvcResult result = this.mvc.perform(get("/good-login")).andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); - result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk()) .andExpect(content().string("")).andExpect(cookie().maxAge("JSESSIONID", 0)).andReturn(); - session = (MockHttpSession) result.getRequest().getSession(false); - assertThat(session).isNotNull(); } @@ -201,9 +158,7 @@ public class SecurityContextHolderAwareRequestConfigTests { @Test @WithMockUser public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet() throws Exception { - this.spring.configLocations(this.xml("Simple")).autowire(); - this.mvc.perform(get("/role")).andExpect(content().string("true")); } @@ -216,33 +171,26 @@ public class SecurityContextHolderAwareRequestConfigTests { @GetMapping("/v2/good-login") public String v2Login(HttpServletRequest request) throws ServletException { - request.login("user2", "password2"); - return this.principal(); } @GetMapping("/good-login") public String login(HttpServletRequest request) throws ServletException { - request.login("user", "password"); - return this.principal(); } @GetMapping("/v2/authenticate") public String v2Authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - return this.authenticate(request, response); } @GetMapping("/authenticate") public String authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - request.authenticate(response); - return this.principal(); } @@ -254,7 +202,6 @@ public class SecurityContextHolderAwareRequestConfigTests { @GetMapping("/do-logout") public String logout(HttpServletRequest request) throws ServletException { request.logout(); - return this.principal(); } diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java index 6575395228..7995b13de2 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java @@ -90,40 +90,29 @@ public class SessionManagementConfigServlet31Tests { request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); - request.getSession().setAttribute("attribute1", "value1"); - String id = request.getSession().getId(); - loadContext("\n" + " \n" + " \n" + " \n" + " " + XML_AUTHENTICATION_MANAGER); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1"); } @Test public void changeSessionId() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.getSession(); request.setServletPath("/login"); request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); - String id = request.getSession().getId(); - loadContext("\n" + " \n" + " \n" + " \n" + " " + XML_AUTHENTICATION_MANAGER); - this.springSecurityFilterChain.doFilter(request, this.response, this.chain); - assertThat(request.getSession().getId()).isNotEqualTo(id); - } private void loadContext(String context) { @@ -135,7 +124,6 @@ public class SessionManagementConfigServlet31Tests { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response); repo.loadContext(requestResponseHolder); - SecurityContextImpl securityContextImpl = new SecurityContextImpl(); securityContextImpl.setAuthentication(auth); repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse()); diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java index f7bd58f0b0..cdd74a6916 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java @@ -92,52 +92,41 @@ public class SessionManagementConfigTests { @Test public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession() throws Exception { this.spring.configLocations(this.xml("CreateSessionAlways")).autowire(); - MockHttpServletRequest request = get("/").buildRequest(this.servletContext()); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK); assertThat(request.getSession(false)).isNotNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = get("/auth").buildRequest(this.servletContext()); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception { - this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); - MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession(false) @@ -146,72 +135,56 @@ public class SessionManagementConfigTests { @Test public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - this.mvc.perform(get("/auth")).andExpect(status().isFound()).andExpect(session().exists(false)); } @Test public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())) .andExpect(status().isFound()).andExpect(session().exists(false)); } @Test public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession() throws Exception { - this.spring.configLocations(this.xml("CreateSessionStateless")).autowire(); - MvcResult result = this.mvc .perform(post("/login").param("username", "user").param("password", "password") .session(new MockHttpSession()).with(csrf())) .andExpect(status().isFound()).andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false) .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = get("/").buildRequest(servletContext); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK); assertThat(request.getSession(false)).isNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = get("/auth").buildRequest(servletContext); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); } @Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception { - this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); - ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password") .buildRequest(servletContext); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); - assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); } @@ -221,12 +194,9 @@ public class SessionManagementConfigTests { */ @Test public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession() throws Exception { - this.spring.configLocations(this.xml("Sec1208")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()) .andExpect(session()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isUnauthorized()) .andExpect(session().exists(false)); } @@ -237,9 +207,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenSessionFixationProtectionDisabledAndConcurrencyControlEnabledThenSessionNotInvalidated() throws Exception { - this.spring.configLocations(this.xml("Sec2137")).autowire(); - MockHttpSession session = new MockHttpSession(); this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))).andExpect(status().isOk()) .andExpect(session().id(session.getId())); @@ -248,15 +216,12 @@ public class SessionManagementConfigTests { @Test public void autowireWhenExportingSessionRegistryBeanThenAvailableForWiring() { this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire(); - this.sessionRegistryIsValid(); } @Test public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlExpiredUrl")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(redirectedUrl("/expired")).andExpect(session().exists(false)); } @@ -264,9 +229,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenConcurrencyControlAndCustomLogoutHandlersAreSetThenAllAreInvokedWhenSessionExpires() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andExpect(cookie().maxAge("testCookie", 0)) .andExpect(cookie().exists("rememberMeCookie")).andExpect(session().valid(true)); @@ -274,9 +237,7 @@ public class SessionManagementConfigTests { @Test public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(status().isOk()).andExpect(cookie().exists("rememberMeCookie")) .andExpect(session().exists(false)); @@ -287,25 +248,18 @@ public class SessionManagementConfigTests { */ @Test public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire(); - MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session()) .andReturn(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); sessionRegistry.getSessionInformation(session.getId()).expireNow(); - this.mvc.perform(get("/auth").session(session)).andExpect(header().string("X-Username", "user")); } @Test public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire(); - this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password"))) .andExpect(content().string("This session has been expired (possibly due to multiple concurrent " + "logins being attempted as the same user).")); @@ -313,71 +267,53 @@ public class SessionManagementConfigTests { @Test public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication() throws Exception { - this.spring.configLocations(this.xml("SessionAuthenticationStrategyRef")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isIAmATeapot()); } @Test public void autowireWhenSessionRegistryRefIsSetThenAvailableForWiring() { this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryRef")).autowire(); - this.sessionRegistryIsValid(); } @Test public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded() throws Exception { - this.spring.configLocations(this.xml("ConcurrencyControlMaxSessions")).autowire(); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); - this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(redirectedUrl("/max-exceeded")); } @Test public void autowireWhenSessionFixationProtectionIsNoneAndCsrfDisabledThenSessionManagementFilterIsNotWired() { - this.spring.configLocations(this.xml("NoSessionManagementFilter")).autowire(); - assertThat(this.getFilter(SessionManagementFilter.class)).isNull(); } @Test public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session().id(sessionId)); } @Test public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire(); - MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); - MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))) .andExpect(session()).andReturn(); - assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); } @Test public void requestWhenSessionFixationProtectionIsNoneAndInvalidSessionUrlIsSetThenStillRedirectsOnInvalidSession() throws Exception { - this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire(); - this.mvc.perform(get("/auth").with((request) -> { request.setRequestedSessionId("1"); request.setRequestedSessionIdValid(false); @@ -387,9 +323,7 @@ public class SessionManagementConfigTests { private void sessionRegistryIsValid() { SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class); - assertThat(sessionRegistry).isNotNull(); - assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry, this::extractSessionRegistry); assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry, @@ -433,37 +367,26 @@ public class SessionManagementConfigTests { */ @Test public void checkConcurrencyAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() { - this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire(); - ConcurrentSessionFilter concurrentSessionFilter = getFilter(ConcurrentSessionFilter.class); LogoutFilter logoutFilter = getFilter(LogoutFilter.class); - LogoutHandler csfLogoutHandler = getFieldValue(concurrentSessionFilter, "handlers"); LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler"); - assertThat(csfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class); - List csfLogoutHandlers = getFieldValue(csfLogoutHandler, "logoutHandlers"); List lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers"); - assertThat(csfLogoutHandlers).hasSameSizeAs(lfLogoutHandlers); - assertThat(csfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class); } private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context) throws IOException, ServletException { - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChainProxy proxy = context.getBean(FilterChainProxy.class); - proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> { }); - return response; } @@ -481,7 +404,6 @@ public class SessionManagementConfigTests { private List getFilters() { FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); - return proxy.getFilters("/"); } @@ -499,7 +421,6 @@ public class SessionManagementConfigTests { @Override public void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response) throws SessionAuthenticationException { - response.setStatus(org.springframework.http.HttpStatus.I_AM_A_TEAPOT.value()); } @@ -514,13 +435,11 @@ public class SessionManagementConfigTests { @Override public void loginFail(HttpServletRequest request, HttpServletResponse response) { - } @Override public void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { - } @Override @@ -574,11 +493,8 @@ public class SessionManagementConfigTests { assertThat(result.getRequest().getSession(false)).isNull(); return; } - assertThat(result.getRequest().getSession(false)).isNotNull(); - MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); - if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); @@ -587,7 +503,6 @@ public class SessionManagementConfigTests { assertThat(session.isInvalid()).isTrue(); } } - if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java index aa9ab7a33f..8e2df3e6e9 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java @@ -47,7 +47,6 @@ public class SessionManagementConfigTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception { - this.spring.configLocations(this.xml("WithTransientAuthentication")).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNull(); @@ -55,7 +54,6 @@ public class SessionManagementConfigTransientAuthenticationTests { @Test public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception { - this.spring.configLocations(this.xml("CreateSessionAlwaysWithTransientAuthentication")).autowire(); MvcResult result = this.mvc.perform(post("/login")).andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java index 9f715ddce9..9b770c28ae 100644 --- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java @@ -75,11 +75,8 @@ public class CustomHttpSecurityConfigurerTests { @Test public void customConfiguerPermitAll() throws Exception { loadContext(Config.class); - this.request.setPathInfo("/public/something"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -87,9 +84,7 @@ public class CustomHttpSecurityConfigurerTests { public void customConfiguerFormLogin() throws Exception { loadContext(Config.class); this.request.setPathInfo("/requires-authentication"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).endsWith("/custom"); } @@ -98,9 +93,7 @@ public class CustomHttpSecurityConfigurerTests { loadContext(ConfigCustomize.class); this.request.setPathInfo("/public/something"); this.request.setMethod("POST"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -108,9 +101,7 @@ public class CustomHttpSecurityConfigurerTests { public void customConfiguerCustomizeFormLogin() throws Exception { loadContext(ConfigCustomize.class); this.request.setPathInfo("/requires-authentication"); - this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); - assertThat(this.response.getRedirectedUrl()).endsWith("/other"); } @@ -136,7 +127,6 @@ public class CustomHttpSecurityConfigurerTests { // Typically externalize this as a properties file Properties properties = new Properties(); properties.setProperty("permitAllPattern", "/public/**"); - PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer(); propertyPlaceholderConfigurer.setProperties(properties); return propertyPlaceholderConfigurer; @@ -164,7 +154,6 @@ public class CustomHttpSecurityConfigurerTests { // Typically externalize this as a properties file Properties properties = new Properties(); properties.setProperty("permitAllPattern", "/public/**"); - PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer(); propertyPlaceholderConfigurer.setProperties(properties); return propertyPlaceholderConfigurer; diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java index 3e0088b38a..f4f2fe7f62 100644 --- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java @@ -96,7 +96,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { @Test(expected = AuthenticationCredentialsNotFoundException.class) public void targetShouldPreventProtectedMethodInvocationWithNoContext() { loadContext(); - this.target.someUserMethod1(); } @@ -105,9 +104,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { loadContext(); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); - // SEC-1213. Check the order Advisor[] advisors = ((Advised) this.target).getAdvisors(); assertThat(advisors).hasSize(1); @@ -119,9 +116,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { loadContext(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE"); token.setAuthenticated(true); - SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -132,10 +127,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + "" + "" + " " + "" + ""); - PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext .getBean("myUserService"); - assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!"); } @@ -147,12 +140,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + "" + "" + "" + " " + ""); - UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService"); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - service.loadUserByUsername("notused"); } @@ -169,7 +160,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { // someOther(int) should not be matched by someOther(String), but should require // ROLE_USER this.target.someOther(0); - try { // String version should required admin role this.target.someOther("somestring"); @@ -190,7 +180,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { this.target = (BusinessService) this.appContext.getBean("target"); // String method should not be protected this.target.someOther("somestring"); - // All others should require ROLE_USER try { this.target.someOther(0); @@ -198,7 +187,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { } catch (AuthenticationCredentialsNotFoundException expected) { } - SecurityContextHolder.getContext() .setAuthentication(new UsernamePasswordAuthenticationToken("user", "password")); this.target.someOther(0); @@ -217,7 +205,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + " " + " " + "" + ConfigTestUtils.AUTH_PROVIDER_XML); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); @@ -226,7 +213,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { } // Expression configuration tests - @SuppressWarnings("unchecked") @Test public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception { @@ -341,7 +327,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { props.addPropertyValue("key", "blah"); parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props); parent.refresh(); - setContext("" + ConfigTestUtils.AUTH_PROVIDER_XML, parent); RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr"); diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index 4771006d75..0316daf0fe 100644 --- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -74,7 +74,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application assertThat(this.appContext.getBeansOfType(ApplicationListener.class)).hasSize(1); assertThat(this.appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1); this.appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", ""))); - assertThat(this.target).isInstanceOf(ApplicationListener.class); } @@ -93,7 +92,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.doSomething(); } @@ -102,7 +100,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.doSomething(); } diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java index 20b5183888..46ca86f261 100644 --- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java @@ -64,7 +64,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someOther(0); } @@ -73,7 +72,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); } @@ -82,7 +80,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -91,7 +88,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.rolesAllowedUser(); } diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java index 083b3c2b7f..7814a7f7d6 100644 --- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java +++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java @@ -38,7 +38,6 @@ public class Sec2196Tests { public void genericMethodsProtected() { loadContext("" + ""); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER")); Service service = this.context.getBean(Service.class); @@ -49,7 +48,6 @@ public class Sec2196Tests { public void genericMethodsAllowed() { loadContext("" + ""); - SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers")); Service service = this.context.getBean(Service.class); diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java index 3d46358d09..c7f1cc54a2 100644 --- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java @@ -73,7 +73,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someUserMethod1(); } @@ -82,7 +81,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER")); SecurityContextHolder.getContext().setAuthentication(token); - this.target.someAdminMethod(); } @@ -101,7 +99,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { catch (AuthenticationCredentialsNotFoundException expected) { } SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A")); - BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target); chompedTarget.someAdminMethod(); } @@ -113,11 +110,9 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { oos.flush(); baos.flush(); byte[] bytes = baos.toByteArray(); - ByteArrayInputStream is = new ByteArrayInputStream(bytes); ObjectInputStream ois = new ObjectInputStream(is); Object o2 = ois.readObject(); - return o2; } diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java index a78f32bf76..4951e56206 100644 --- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java +++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java @@ -32,7 +32,6 @@ public class Sec2136Tests { @Test public void configurationLoads() { - } } diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java index 2c593e80dc..c20e3c7b59 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java @@ -100,15 +100,11 @@ public class ClientRegistrationsBeanDefinitionParserTests { this.server = new MockWebServer(); this.server.start(); String serverUrl = this.server.url("/").toString(); - String discoveryResponse = OIDC_DISCOVERY_RESPONSE.replace("${issuer-uri}", serverUrl); this.server.enqueue(jsonResponse(discoveryResponse)); - String contextConfig = ISSUER_URI_XML_CONFIG.replace("${issuer-uri}", serverUrl); this.spring.context(contextConfig).autowire(); - assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class); - ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); assertThat(googleRegistration).isNotNull(); assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login"); @@ -120,7 +116,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl); - ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails(); assertThat(googleProviderDetails).isNotNull(); assertThat(googleProviderDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth"); @@ -138,9 +133,7 @@ public class ClientRegistrationsBeanDefinitionParserTests { public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() { this.spring.configLocations(ClientRegistrationsBeanDefinitionParserTests.xml("MultiClientRegistration")) .autowire(); - assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class); - ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); assertThat(googleRegistration).isNotNull(); assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login"); @@ -152,7 +145,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(googleRegistration.getClientName()).isEqualTo("Google"); - ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails(); assertThat(googleProviderDetails).isNotNull(); assertThat(googleProviderDetails.getAuthorizationUri()) @@ -165,7 +157,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub"); assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(googleProviderDetails.getIssuerUri()).isEqualTo("https://accounts.google.com"); - ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId("github-login"); assertThat(githubRegistration).isNotNull(); assertThat(githubRegistration.getRegistrationId()).isEqualTo("github-login"); @@ -177,7 +168,6 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getScopes()) .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(githubRegistration.getClientName()).isEqualTo("Github"); - ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails(); assertThat(githubProviderDetails).isNotNull(); assertThat(githubProviderDetails.getAuthorizationUri()).isEqualTo("https://github.com/login/oauth/authorize"); diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java index 9da52a47c7..dba5ac9173 100644 --- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java +++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java @@ -128,13 +128,11 @@ public class SpringTestContext implements Closeable { this.context.setServletContext(new MockServletContext()); this.context.setServletConfig(new MockServletConfig()); this.context.refresh(); - if (this.context.containsBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .apply(new AddFilter()).build(); this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc); } - AutowiredAnnotationBeanPostProcessor bpp = new AutowiredAnnotationBeanPostProcessor(); bpp.setBeanFactory(this.context.getBeanFactory()); bpp.processInjection(this.test); diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java index 5ba707036e..865462456d 100644 --- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java +++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java @@ -42,7 +42,6 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext + "http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-2.5.xsd\n" + "http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-"; static final String BEANS_CLOSE = "\n"; - static final String SPRING_SECURITY_VERSION = "5.4"; Resource inMemoryXml; diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java index 1fec30b4fc..22e87bbe62 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java @@ -35,30 +35,20 @@ public class AuthorizeExchangeSpecTests { public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() { this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange() .permitAll(); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isOk(); - client.get().uri("/b").exchange().expectStatus().isOk(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } @Test public void antMatchersWhenPatternsThenAnyMethod() { this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll(); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isUnauthorized(); - client.get().uri("/b").exchange().expectStatus().isUnauthorized(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } @@ -66,15 +56,10 @@ public class AuthorizeExchangeSpecTests { public void antMatchersWhenPatternsInLambdaThenAnyMethod() { this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange( (exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll()); - WebTestClient client = buildClient(); - client.get().uri("/a").exchange().expectStatus().isUnauthorized(); - client.get().uri("/b").exchange().expectStatus().isUnauthorized(); - client.post().uri("/a").exchange().expectStatus().isUnauthorized(); - client.post().uri("/b").exchange().expectStatus().isUnauthorized(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java index 33e1d2e9c0..7499e9c240 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java @@ -105,9 +105,7 @@ public class CorsSpecTests { WebTestClient client = buildClient(); FluxExchangeResult response = client.get().uri("https://example.com/") .headers((h) -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class); - Map> responseHeaders = response.getResponseHeaders(); - if (!this.expectedHeaders.isEmpty()) { assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java index 470536e558..4b3ffae2ce 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java @@ -42,9 +42,7 @@ public class ExceptionHandlingSpecTests { public void defaultAuthenticationEntryPoint() { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange() .authenticated().and().exceptionHandling().and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches("WWW-Authenticate", "Basic.*"); } @@ -54,9 +52,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) .exceptionHandling(withDefaults()).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches("WWW-Authenticate", "Basic.*"); } @@ -66,9 +62,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange() .authenticated().and().exceptionHandling() .authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*"); } @@ -79,9 +73,7 @@ public class ExceptionHandlingSpecTests { .exceptionHandling((exceptionHandling) -> exceptionHandling .authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))) .build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*"); } @@ -89,9 +81,7 @@ public class ExceptionHandlingSpecTests { public void defaultAccessDeniedHandler() { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange() .anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isForbidden(); } @@ -101,9 +91,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults()) .authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN")) .exceptionHandling(withDefaults()).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isForbidden(); } @@ -113,9 +101,7 @@ public class ExceptionHandlingSpecTests { SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange() .anyExchange().hasRole("ADMIN").and().exceptionHandling() .accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isBadRequest(); } @@ -127,9 +113,7 @@ public class ExceptionHandlingSpecTests { .exceptionHandling((exceptionHandling) -> exceptionHandling .accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))) .build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange() .expectStatus().isBadRequest(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java index 791d064c70..cf96b628a1 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java @@ -70,22 +70,14 @@ public class FormLoginTests { public void defaultLoginPage() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class) .assertError(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - loginPage = DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -94,22 +86,14 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults()) .build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class) .assertError(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - loginPage = DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -117,17 +101,12 @@ public class FormLoginTests { public void customLoginPage() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll() .anyExchange().authenticated().and().formLogin().loginPage("/login").and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); } @@ -137,17 +116,12 @@ public class FormLoginTests { .authorizeExchange( (exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated()) .formLogin((formLogin) -> formLogin.loginPage("/login")).build(); - WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); } @@ -156,15 +130,10 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure") .permitAll().anyExchange().authenticated().and().formLogin() .authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); - loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class); - assertThat(driver.getCurrentUrl()).endsWith("/failure"); } @@ -173,13 +142,9 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/sign-in") .permitAll().anyExchange().authenticated().and().formLogin() .requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/sign-in"); - assertThat(driver.getCurrentUrl()).endsWith("/login?error"); } @@ -188,15 +153,10 @@ public class FormLoginTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")) .and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - assertThat(driver.getCurrentUrl()).endsWith("/custom"); } @@ -204,25 +164,17 @@ public class FormLoginTests { public void customAuthenticationManager() { ReactiveAuthenticationManager defaultAuthenticationManager = mock(ReactiveAuthenticationManager.class); ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); - given(defaultAuthenticationManager.authenticate(any())) .willThrow(new RuntimeException("should not interact with default auth manager")); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityWebFilter = this.http.authenticationManager(defaultAuthenticationManager) .formLogin().authenticationManager(customAuthenticationManager).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - verifyZeroInteractions(defaultAuthenticationManager); } @@ -230,28 +182,19 @@ public class FormLoginTests { public void formLoginSecurityContextRepository() { ServerSecurityContextRepository defaultSecContextRepository = mock(ServerSecurityContextRepository.class); ServerSecurityContextRepository formLoginSecContextRepository = mock(ServerSecurityContextRepository.class); - TestingAuthenticationToken token = new TestingAuthenticationToken("rob", "rob", "ROLE_USER"); - given(defaultSecContextRepository.save(any(), any())).willReturn(Mono.empty()); given(defaultSecContextRepository.load(any())).willReturn(authentication(token)); given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty()); given(formLoginSecContextRepository.load(any())).willReturn(authentication(token)); - SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .securityContextRepository(defaultSecContextRepository).formLogin() .securityContextRepository(formLoginSecContextRepository).and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt(); - HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - homePage.assertAt(); - verify(defaultSecContextRepository, atLeastOnce()).load(any()); verify(formLoginSecContextRepository).save(any(), any()); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java index a168b477f7..5efabbd93e 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java @@ -77,39 +77,32 @@ public class HeaderSpecTests { @Test public void headersWhenDisableThenNoSecurityHeaders() { new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent); - this.http.headers().disable(); - assertHeaders(); } @Test public void headersWhenDisableInLambdaThenNoSecurityHeaders() { new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent); - this.http.headers((headers) -> headers.disable()); - assertHeaders(); } @Test public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() { this.http.headers().disable().headers(); - assertHeaders(); } @Test public void headersWhenDefaultsThenAllDefaultsWritten() { this.http.headers(); - assertHeaders(); } @Test public void headersWhenDefaultsInLambdaThenAllDefaultsWritten() { this.http.headers(withDefaults()); - assertHeaders(); } @@ -117,7 +110,6 @@ public class HeaderSpecTests { public void headersWhenCacheDisableThenCacheNotWritten() { expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES); this.http.headers().cache().disable(); - assertHeaders(); } @@ -125,7 +117,6 @@ public class HeaderSpecTests { public void headersWhenCacheDisableInLambdaThenCacheNotWritten() { expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES); this.http.headers((headers) -> headers.cache((cache) -> cache.disable())); - assertHeaders(); } @@ -133,7 +124,6 @@ public class HeaderSpecTests { public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() { expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS); this.http.headers().contentTypeOptions().disable(); - assertHeaders(); } @@ -142,7 +132,6 @@ public class HeaderSpecTests { expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS); this.http .headers((headers) -> headers.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())); - assertHeaders(); } @@ -150,7 +139,6 @@ public class HeaderSpecTests { public void headersWhenHstsDisableThenHstsNotWritten() { expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY); this.http.headers().hsts().disable(); - assertHeaders(); } @@ -158,7 +146,6 @@ public class HeaderSpecTests { public void headersWhenHstsDisableInLambdaThenHstsNotWritten() { expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY); this.http.headers((headers) -> headers.hsts((hsts) -> hsts.disable())); - assertHeaders(); } @@ -168,7 +155,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60"); this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).includeSubdomains(false); - assertHeaders(); } @@ -179,7 +165,6 @@ public class HeaderSpecTests { "max-age=60"); this.http.headers( (headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false))); - assertHeaders(); } @@ -189,7 +174,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload"); this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).preload(true); - assertHeaders(); } @@ -199,7 +183,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload"); this.http.headers((headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).preload(true))); - assertHeaders(); } @@ -207,7 +190,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() { expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS); this.http.headers().frameOptions().disable(); - assertHeaders(); } @@ -215,7 +197,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() { expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS); this.http.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable())); - assertHeaders(); } @@ -223,7 +204,6 @@ public class HeaderSpecTests { public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() { this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN"); this.http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN); - assertHeaders(); } @@ -232,7 +212,6 @@ public class HeaderSpecTests { this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN"); this.http.headers((headers) -> headers.frameOptions( (frameOptions) -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN))); - assertHeaders(); } @@ -240,7 +219,6 @@ public class HeaderSpecTests { public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() { expectHeaderNamesNotPresent("X-Xss-Protection"); this.http.headers().xssProtection().disable(); - assertHeaders(); } @@ -248,7 +226,6 @@ public class HeaderSpecTests { public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() { expectHeaderNamesNotPresent("X-Xss-Protection"); this.http.headers((headers) -> headers.xssProtection((xssProtection) -> xssProtection.disable())); - assertHeaders(); } @@ -256,9 +233,7 @@ public class HeaderSpecTests { public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() { String policyDirectives = "Feature-Policy"; this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, policyDirectives); - this.http.headers().featurePolicy(policyDirectives); - assertHeaders(); } @@ -267,9 +242,7 @@ public class HeaderSpecTests { String policyDirectives = "default-src 'self'"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, policyDirectives); - this.http.headers().contentSecurityPolicy(policyDirectives); - assertHeaders(); } @@ -278,9 +251,7 @@ public class HeaderSpecTests { String expectedPolicyDirectives = "default-src 'self'"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, expectedPolicyDirectives); - this.http.headers((headers) -> headers.contentSecurityPolicy(withDefaults())); - assertHeaders(); } @@ -289,10 +260,8 @@ public class HeaderSpecTests { String policyDirectives = "default-src 'self' *.trusted.com"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, policyDirectives); - this.http.headers((headers) -> headers.contentSecurityPolicy( (contentSecurityPolicy) -> contentSecurityPolicy.policyDirectives(policyDirectives))); - assertHeaders(); } @@ -301,7 +270,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER.getPolicy()); this.http.headers().referrerPolicy(); - assertHeaders(); } @@ -310,7 +278,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER.getPolicy()); this.http.headers((headers) -> headers.referrerPolicy(withDefaults())); - assertHeaders(); } @@ -319,7 +286,6 @@ public class HeaderSpecTests { this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy()); this.http.headers().referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE); - assertHeaders(); } @@ -329,7 +295,6 @@ public class HeaderSpecTests { ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy()); this.http.headers((headers) -> headers .referrerPolicy((referrerPolicy) -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE))); - assertHeaders(); } @@ -337,10 +302,7 @@ public class HeaderSpecTests { public void headersWhenCustomHeadersWriter() { this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE); this.http.headers((headers) -> headers.writer((exchange) -> Mono.just(exchange) - .doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then() - - )); - + .doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then())); assertHeaders(); } @@ -355,9 +317,7 @@ public class HeaderSpecTests { WebTestClient client = buildClient(); FluxExchangeResult response = client.get().uri("https://example.com/").exchange() .returnResult(String.class); - Map> responseHeaders = response.getResponseHeaders(); - if (!this.expectedHeaders.isEmpty()) { assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java index f31818b22b..9df6cc1c16 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java @@ -55,14 +55,12 @@ public class HttpsRedirectSpecTests { @Test public void getWhenSecureThenDoesNotRedirect() { this.spring.register(RedirectToHttpConfig.class).autowire(); - this.client.get().uri("https://localhost").exchange().expectStatus().isNotFound(); } @Test public void getWhenInsecureThenRespondsWithRedirectToSecure() { this.spring.register(RedirectToHttpConfig.class).autowire(); - this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost"); } @@ -70,7 +68,6 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndRedirectConfiguredInLambdaThenRespondsWithRedirectToSecure() { this.spring.register(RedirectToHttpsInLambdaConfig.class).autowire(); - this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost"); } @@ -78,9 +75,7 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndPathRequiresTransportSecurityThenRedirects() { this.spring.register(SometimesRedirectToHttpsConfig.class).autowire(); - this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound(); - this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure"); } @@ -88,9 +83,7 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndPathRequiresTransportSecurityInLambdaThenRedirects() { this.spring.register(SometimesRedirectToHttpsInLambdaConfig.class).autowire(); - this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound(); - this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure"); } @@ -98,10 +91,8 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndUsingCustomPortMapperThenRespondsWithRedirectToSecurePort() { this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire(); - PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class); given(portMapper.lookupHttpsPort(4080)).willReturn(4443); - this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:4443"); } @@ -109,10 +100,8 @@ public class HttpsRedirectSpecTests { @Test public void getWhenInsecureAndUsingCustomPortMapperInLambdaThenRespondsWithRedirectToSecurePort() { this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire(); - PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class); given(portMapper.lookupHttpsPort(4080)).willReturn(4443); - this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader() .valueEquals(HttpHeaders.LOCATION, "https://localhost:4443"); } @@ -127,7 +116,6 @@ public class HttpsRedirectSpecTests { http .redirectToHttps(); // @formatter:on - return http.build(); } @@ -143,7 +131,6 @@ public class HttpsRedirectSpecTests { http .redirectToHttps(withDefaults()); // @formatter:on - return http.build(); } @@ -160,7 +147,6 @@ public class HttpsRedirectSpecTests { .redirectToHttps() .httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure")); // @formatter:on - return http.build(); } @@ -179,7 +165,6 @@ public class HttpsRedirectSpecTests { .httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure")) ); // @formatter:on - return http.build(); } @@ -196,7 +181,6 @@ public class HttpsRedirectSpecTests { .redirectToHttps() .portMapper(portMapper()); // @formatter:on - return http.build(); } @@ -220,7 +204,6 @@ public class HttpsRedirectSpecTests { .portMapper(portMapper()) ); // @formatter:on - return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java index 7f4b247184..bd8822247d 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java @@ -41,24 +41,16 @@ public class LogoutSpecTests { public void defaultLogout() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - loginPage = FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - loginPage.assertAt().assertLogout(); } @@ -67,24 +59,16 @@ public class LogoutSpecTests { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")) .and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - driver.get("http://localhost/custom-logout"); - FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout(); } @@ -95,24 +79,16 @@ public class LogoutSpecTests { .formLogin(withDefaults()) .logout((logout) -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))) .build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - loginPage = loginPage.loginForm().username("user").password("invalid") .submit(FormLoginTests.DefaultLoginPage.class).assertError(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - driver.get("http://localhost/custom-logout"); - FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout(); } @@ -120,21 +96,14 @@ public class LogoutSpecTests { public void logoutWhenDisabledThenPostToLogoutDoesNothing() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().logout().disable().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - homePage.assertAt(); } @@ -144,21 +113,14 @@ public class LogoutSpecTests { repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR"); SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange() .anyExchange().authenticated().and().formLogin().and().logout().and().build(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); - FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password") .submit(FormLoginTests.HomePage.class); - homePage.assertAt(); - FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout(); - FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java index 6000f4da54..b4f5599fad 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java @@ -96,7 +96,6 @@ public class OAuth2ClientSpecTests { given(repository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); } @@ -110,7 +109,6 @@ public class OAuth2ClientSpecTests { given(repository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); } @@ -118,14 +116,11 @@ public class OAuth2ClientSpecTests { public void oauth2ClientWhenCustomObjectsThenUsed() { this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire(); - OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri("/authorize/oauth2/code/registration-id").build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() @@ -133,22 +128,18 @@ public class OAuth2ClientSpecTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); - given(authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); - this.client.get() .uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id") .queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state") .build()) .exchange().expectStatus().is3xxRedirection(); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(requestCache).getRedirectUri(any()); @@ -158,15 +149,12 @@ public class OAuth2ClientSpecTests { public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() { this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire(); - OAuth2ClientInLambdaCustomConfig config = this.spring.getContext() .getBean(OAuth2ClientInLambdaCustomConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri("/authorize/oauth2/code/registration-id").build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() @@ -174,22 +162,18 @@ public class OAuth2ClientSpecTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); - given(authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); - this.client.get() .uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id") .queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state") .build()) .exchange().expectStatus().is3xxRedirection(); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(requestCache).getRedirectUri(any()); diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java index c6809ca45b..94256acd27 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java @@ -141,11 +141,8 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithMultipleClientRegistrationsThenLinks() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login() .assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and(); @@ -154,14 +151,10 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithSingleClientRegistrationThenRedirect() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(new GitHubWebFilter(), this.springSecurity) .build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/"); - assertThat(driver.getCurrentUrl()).startsWith("https://github.com/login/oauth/authorize"); } @@ -169,7 +162,6 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithSingleClientRegistrationAndXhrRequestThenDoesNotRedirectForAuthorization() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, WebFluxConfig.class).autowire(); - this.client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus() .is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login"); } @@ -178,21 +170,16 @@ public class OAuth2LoginTests { public void oauth2AuthorizeWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class, AuthorizedClientController.class).autowire(); - OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext() .getBean(OAuth2AuthorizeWithMockObjectsConfig.class); - ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; - given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty()); given(requestCache.saveRequest(any())).willReturn(Mono.empty()); - this.client.get().uri("/").exchange().expectStatus().is3xxRedirection(); - verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any()); verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any()); verify(requestCache).saveRequest(any()); @@ -202,11 +189,8 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -214,14 +198,11 @@ public class OAuth2LoginTests { ServerWebExchangeMatcher matcher = config.matcher; ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; - OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); OAuth2User user = TestOAuth2Users.create(); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken); - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); @@ -229,14 +210,11 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", redirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -248,12 +226,9 @@ public class OAuth2LoginTests { public void oauth2LoginFailsWhenCustomObjectsThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; String failureRedirectLocation = "/failure-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -262,7 +237,6 @@ public class OAuth2LoginTests { ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; ServerAuthenticationFailureHandler failureHandler = config.failureHandler; - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message"))); @@ -271,21 +245,17 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); AuthenticationException authenticationException = invocation.getArgument(1); - return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation) .onAuthenticationFailure(webFilterExchange, authenticationException); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", failureRedirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -297,11 +267,8 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() { this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire(); - String redirectLocation = "/custom-redirect-location"; - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext() .getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; @@ -309,14 +276,11 @@ public class OAuth2LoginTests { ServerWebExchangeMatcher matcher = config.matcher; ServerOAuth2AuthorizationRequestResolver resolver = config.resolver; ServerAuthenticationSuccessHandler successHandler = config.successHandler; - OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); OAuth2User user = TestOAuth2Users.create(); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken); - given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); @@ -324,14 +288,11 @@ public class OAuth2LoginTests { given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); - return new RedirectServerAuthenticationSuccessHandler(redirectLocation) .onAuthenticationSuccess(webFilterExchange, authentication); }); - webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", redirectLocation); - verify(converter).convert(any()); verify(manager).authenticate(any()); verify(matcher).matches(any()); @@ -343,26 +304,20 @@ public class OAuth2LoginTests { public void oauth2LoginWhenCustomBeansThenUsed() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(token)); - ServerSecurityContextRepository securityContextRepository = config.securityContextRepository; given(securityContextRepository.save(any(), any())).willReturn(Mono.empty()); given(securityContextRepository.load(any())).willReturn(authentication(token)); - Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) @@ -370,13 +325,10 @@ public class OAuth2LoginTests { .additionalParameters(additionalParameters).build(); ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OidcUser user = TestOidcUsers.create(); ReactiveOAuth2UserService userService = config.userService; given(userService.loadUser(any())).willReturn(Mono.just(user)); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection(); - verify(config.jwtDecoderFactory).createDecoder(any()); verify(tokenResponseClient).getTokenResponse(any()); verify(securityContextRepository).save(any(), any()); @@ -387,26 +339,20 @@ public class OAuth2LoginTests { public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken( google, exchange, accessToken); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(authenticationToken)); - ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null); given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error)); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } @@ -416,22 +362,17 @@ public class OAuth2LoginTests { public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) .autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() .getBean(OAuth2LoginWithCustomBeansConfig.class); - OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid"); OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken( google, exchange, accessToken); - ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(authenticationToken)); - Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) @@ -439,12 +380,10 @@ public class OAuth2LoginTests { .additionalParameters(additionalParameters).build(); ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - ReactiveJwtDecoderFactory jwtDecoderFactory = config.jwtDecoderFactory; OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null); given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono .error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error)))); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } @@ -452,13 +391,10 @@ public class OAuth2LoginTests { @Test public void logoutWhenUsingOidcLogoutHandlerThenRedirects() { this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire(); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId()); - ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class); given(repository.load(any())).willReturn(authentication(token)); - this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token"); } @@ -467,9 +403,7 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire(); - WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); - webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader() .valueEquals("Location", "/login?error"); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java index 019ced220c..301644ccd1 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java @@ -134,7 +134,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidThenReturnsOk() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -142,7 +141,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenExpiredThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -151,7 +149,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUnsignedThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -160,7 +157,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenEmptyBearerTokenThenReturnsInvalidToken() { this.spring.register(PublicKeyConfig.class).autowire(); - this.client.get().headers((headers) -> headers.add("Authorization", "Bearer ")).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -169,7 +165,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() { this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -177,7 +172,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() { this.spring.register(PublicKeyInLambdaConfig.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\"")); @@ -186,7 +180,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenValidUsingPlaceholderThenReturnsOk() { this.spring.register(PlaceholderConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -194,22 +187,17 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenCustomDecoderThenAuthenticatesAccordingly() { this.spring.register(CustomDecoderConfig.class, RootController.class).autowire(); - ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt)); - this.client.get().headers((headers) -> headers.setBearerAuth("token")).exchange().expectStatus().isOk(); - verify(jwtDecoder).decode(anyString()); } @Test public void getWhenUsingJwkSetUriThenConsultsAccordingly() { this.spring.register(JwkSetUriConfig.class, RootController.class).autowire(); - MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class); mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange() .expectStatus().isOk(); } @@ -217,10 +205,8 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingJwkSetUriInLambdaThenConsultsAccordingly() { this.spring.register(JwkSetUriInLambdaConfig.class, RootController.class).autowire(); - MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class); mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange() .expectStatus().isOk(); } @@ -228,12 +214,10 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerConfig.class).autowire(); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -242,12 +226,10 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerInLambdaConfig.class).autowire(); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -256,18 +238,14 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire(); - ReactiveAuthenticationManagerResolver authenticationManagerResolver = this.spring .getContext().getBean(ReactiveAuthenticationManagerResolver.class); - ReactiveAuthenticationManager authenticationManager = this.spring.getContext() .getBean(ReactiveAuthenticationManager.class); - given(authenticationManagerResolver.resolve(any(ServerWebExchange.class))) .willReturn(Mono.just(authenticationManager)); given(authenticationManager.authenticate(any(Authentication.class))) .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isUnauthorized().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\"")); @@ -276,7 +254,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void postWhenSignedThenReturnsOk() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.post().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -284,7 +261,6 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() { this.spring.register(DenyAllConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isForbidden().expectHeader() .value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\"")); @@ -293,21 +269,18 @@ public class OAuth2ResourceServerSpecTests { @Test public void postWhenMissingTokenThenReturnsForbidden() { this.spring.register(PublicKeyConfig.class, RootController.class).autowire(); - this.client.post().exchange().expectStatus().isForbidden(); } @Test public void getWhenCustomBearerTokenServerAuthenticationConverterThenResponds() { this.spring.register(CustomBearerTokenServerAuthenticationConverter.class, RootController.class).autowire(); - this.client.get().cookie("TOKEN", this.messageReadToken).exchange().expectStatus().isOk(); } @Test public void getWhenSignedAndCustomConverterThenConverts() { this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire(); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -315,14 +288,12 @@ public class OAuth2ResourceServerSpecTests { @Test public void getWhenCustomBearerTokenEntryPointThenResponds() { this.spring.register(CustomErrorHandlingConfig.class).autowire(); - this.client.get().uri("/authenticated").exchange().expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT); } @Test public void getWhenCustomBearerTokenDeniedHandlerThenResponds() { this.spring.register(CustomErrorHandlingConfig.class).autowire(); - this.client.get().uri("/unobtainable").headers((headers) -> headers.setBearerAuth(this.messageReadToken)) .exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED); } @@ -332,14 +303,11 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean(ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); - assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); } @@ -348,15 +316,12 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); - assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); } @@ -365,13 +330,10 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); - assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class); } @@ -380,9 +342,7 @@ public class OAuth2ResourceServerSpecTests { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); - ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); - assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoSuchBeanDefinitionException.class); } @@ -391,7 +351,6 @@ public class OAuth2ResourceServerSpecTests { this.spring.register(IntrospectionConfig.class, RootController.class).autowire(); this.spring.getContext().getBean(MockWebServer.class) .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -401,7 +360,6 @@ public class OAuth2ResourceServerSpecTests { this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire(); this.spring.getContext().getBean(MockWebServer.class) .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); - this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus() .isOk(); } @@ -440,7 +398,6 @@ public class OAuth2ResourceServerSpecTests { private static RSAPublicKey publicKey() { String modulus = "26323220897278656456354815752829448539647589990395639665273015355787577386000316054335559633864476469390247312823732994485311378484154955583861993455004584140858982659817218753831620205191028763754231454775026027780771426040997832758235764611119743390612035457533732596799927628476322029280486807310749948064176545712270582940917249337311592011920620009965129181413510845780806191965771671528886508636605814099711121026468495328702234901200169245493126030184941412539949521815665744267183140084667383643755535107759061065656273783542590997725982989978433493861515415520051342321336460543070448417126615154138673620797"; String exponent = "65537"; - RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent)); RSAPublicKey rsaPublicKey = null; try { @@ -537,14 +494,12 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString(); - // @formatter:off http .oauth2ResourceServer() .jwt() .jwkSetUri(jwkSetUri); // @formatter:on - return http.build(); } @@ -569,7 +524,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString(); - // @formatter:off http .oauth2ResourceServer((oauth2ResourceServer) -> @@ -580,7 +534,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -609,7 +562,6 @@ public class OAuth2ResourceServerSpecTests { .oauth2ResourceServer() .jwt(); // @formatter:on - return http.build(); } @@ -635,7 +587,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -653,7 +604,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .authenticationManager(authenticationManager()); // @formatter:on - return http.build(); } @@ -680,7 +630,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -705,7 +654,6 @@ public class OAuth2ResourceServerSpecTests { .oauth2ResourceServer() .authenticationManagerResolver(authenticationManagerResolver()); // @formatter:on - return http.build(); } @@ -737,7 +685,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -765,19 +712,16 @@ public class OAuth2ResourceServerSpecTests { .jwtAuthenticationConverter(jwtAuthenticationConverter()) .publicKey(publicKey()); // @formatter:on - return http.build(); } @Bean Converter> jwtAuthenticationConverter() { - JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); converter.setJwtGrantedAuthoritiesConverter((jwt) -> { String[] claims = ((String) jwt.getClaims().get("scope")).split(" "); return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList()); }); - return new ReactiveJwtAuthenticationConverterAdapter(converter); } @@ -801,7 +745,6 @@ public class OAuth2ResourceServerSpecTests { .jwt() .publicKey(publicKey()); // @formatter:on - return http.build(); } @@ -816,7 +759,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String introspectionUri = mockWebServer().url("/introspect").toString(); - // @formatter:off http .oauth2ResourceServer() @@ -824,7 +766,6 @@ public class OAuth2ResourceServerSpecTests { .introspectionUri(introspectionUri) .introspectionClientCredentials("client", "secret"); // @formatter:on - return http.build(); } @@ -849,7 +790,6 @@ public class OAuth2ResourceServerSpecTests { @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String introspectionUri = mockWebServer().url("/introspect").toString(); - // @formatter:off http .oauth2ResourceServer((oauth2ResourceServer) -> @@ -861,7 +801,6 @@ public class OAuth2ResourceServerSpecTests { ) ); // @formatter:on - return http.build(); } @@ -892,7 +831,6 @@ public class OAuth2ResourceServerSpecTests { .authenticationManagerResolver(mock(ReactiveAuthenticationManagerResolver.class)) .opaqueToken(); // @formatter:on - return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java index cccf0f0df9..a9331c95e2 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java @@ -49,17 +49,12 @@ public class RequestCacheTests { public void defaultFormLoginRequestCache() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class); - securedPage.assertAt(); } @@ -67,17 +62,12 @@ public class RequestCacheTests { public void requestCacheNoOp() { SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and() .formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - securedPage.assertAt(); } @@ -88,17 +78,12 @@ public class RequestCacheTests { .formLogin(withDefaults()) .requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance())) .build(); - WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)).build(); - WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt(); - HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class); - securedPage.assertAt(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java index a23964ceec..521b17c3ee 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java @@ -109,12 +109,9 @@ public class ServerHttpSecurityTests { TestPublisher securityContext = TestPublisher.create(); given(this.contextRepository.load(any())).willReturn(securityContext.mono()); this.http.securityContextRepository(this.contextRepository); - WebTestClient client = buildClient(); - FluxExchangeResult result = client.get().uri("/").exchange().expectHeader() .valueMatches(HttpHeaders.CACHE_CONTROL, ".+").returnResult(String.class); - assertThat(result.getResponseCookies()).isEmpty(); // there is no need to try and load the SecurityContext by default securityContext.assertWasNotSubscribed(); @@ -124,19 +121,15 @@ public class ServerHttpSecurityTests { public void basic() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -144,27 +137,22 @@ public class ServerHttpSecurityTests { public void basicWithGlobalWebSessionServerSecurityContextRepository() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.securityContextRepository(new WebSessionServerSecurityContextRepository()); this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull(); } @Test public void basicWhenNoCredentialsThenUnauthorized() { this.http.authorizeExchange().anyExchange().authenticated(); - WebTestClient client = buildClient(); client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader() .valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty(); @@ -173,23 +161,18 @@ public class ServerHttpSecurityTests { @Test public void buildWhenServerWebExchangeFromContextThenFound() { SecurityWebFilterChain filter = this.http.build(); - WebTestClient client = WebTestClient.bindToController(new SubscriberContextController()) .webFilter(new WebFilterChainProxy(filter)).build(); - client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar"); } @Test public void csrfServerLogoutHandlerNotAppliedIfCsrfIsntEnabled() { SecurityWebFilterChain securityWebFilterChain = this.http.csrf().disable().build(); - assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent(); - Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler")); - assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class); } @@ -197,15 +180,12 @@ public class ServerHttpSecurityTests { public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() { SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository) .and().build(); - assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get() .extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository")) .isEqualTo(this.csrfTokenRepository); - Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler")); - assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) .extracting((delegatingLogoutHandler) -> ((List) ReflectionTestUtils .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() @@ -220,10 +200,8 @@ public class ServerHttpSecurityTests { .addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) .build(); List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block(); - assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class); - } @Test @@ -233,10 +211,8 @@ public class ServerHttpSecurityTests { .addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) .build(); List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block(); - assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class); - } @Test @@ -244,9 +220,7 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build(); WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters( AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); - } @Test @@ -254,7 +228,6 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build(); WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters( AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); } @@ -262,19 +235,15 @@ public class ServerHttpSecurityTests { public void basicWithAnonymous() { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - this.http.httpBasic().and().anonymous(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().hasAuthority("ROLE_ADMIN"); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -287,13 +256,10 @@ public class ServerHttpSecurityTests { this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isUnauthorized() .expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")) .expectBody(String.class).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -306,13 +272,10 @@ public class ServerHttpSecurityTests { this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().authenticated(); - WebTestClient client = buildClient(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isUnauthorized() .expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")) .expectBody(String.class).returnResult(); - assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } @@ -321,15 +284,12 @@ public class ServerHttpSecurityTests { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityFilterChain = this.http.httpBasic() .authenticationManager(customAuthenticationManager).and().build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")); - verifyZeroInteractions(this.authenticationManager); } @@ -338,15 +298,12 @@ public class ServerHttpSecurityTests { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); - SecurityWebFilterChain securityFilterChain = this.http .httpBasic((httpBasic) -> httpBasic.authenticationManager(customAuthenticationManager)).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")); - verifyZeroInteractions(this.authenticationManager); verify(customAuthenticationManager).authenticate(any(Authentication.class)); } @@ -356,12 +313,9 @@ public class ServerHttpSecurityTests { public void addsX509FilterWhenX509AuthenticationIsConfigured() { X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class); ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class); - this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and(); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @@ -369,33 +323,26 @@ public class ServerHttpSecurityTests { public void x509WhenCustomizedThenAddsX509Filter() { X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class); ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class); - this.http.x509( (x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager)); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @Test public void addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults() { this.http.x509(); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @Test public void x509WhenDefaultsThenAddsX509Filter() { this.http.x509(withDefaults()); - SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); - assertThat(x509WebFilter).isNotNull(); } @@ -404,7 +351,6 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.disable()).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.post().uri("/").exchange().expectStatus().isOk(); } @@ -416,9 +362,7 @@ public class ServerHttpSecurityTests { .csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); - client.post().uri("/").exchange().expectStatus().isForbidden(); - verify(customServerCsrfTokenRepository).loadToken(any()); } @@ -427,17 +371,14 @@ public class ServerHttpSecurityTests { ServerRequestCache requestCache = spy(new WebSessionServerRequestCache()); ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); - SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() .clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange() .authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/test").exchange(); ArgumentCaptor captor = ArgumentCaptor.forClass(ServerWebExchange.class); verify(requestCache).saveRequest(captor.capture()); assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test"); - OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get(); Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler"); @@ -450,19 +391,14 @@ public class ServerHttpSecurityTests { ServerAuthorizationRequestRepository.class); ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build(); - given(authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(authorizationRequest)); - SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() .clientRegistrationRepository(clientRegistrationRepository) .authorizationRequestRepository(authorizationRequestRepository).and().build(); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/login/oauth2/code/registration-id").exchange(); - verify(authorizationRequestRepository).removeAuthorizationRequest(any()); } diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java index 4bd2d1e9f3..8d760858d5 100644 --- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java @@ -102,9 +102,7 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenNoIdSpecifiedThenIntegratesWithClientInboundChannel() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - this.clientInboundChannel.send(message("/permitAll")); - assertThatThrownBy(() -> this.clientInboundChannel.send(message("/denyAll"))) .hasCauseInstanceOf(AccessDeniedException.class); } @@ -112,214 +110,165 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenAnonymousMessageWithConnectMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken()); - assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers))).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithConnectAckMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.CONNECT_ACK); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithDisconnectMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.DISCONNECT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithDisconnectAckMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.DISCONNECT_ACK); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithHeartbeatMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.HEARTBEAT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithMessageMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.MESSAGE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithOtherMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.OTHER); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithSubscribeMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.SUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenAnonymousMessageWithUnsubscribeMessageTypeThenPermitted() { this.spring.configLocations(xml("NoIdConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenConnectWithoutCsrfTokenThenDenied() { this.spring.configLocations(xml("SyncConfig")).autowire(); - Message message = message("/message", SimpMessageType.CONNECT); - assertThatThrownBy(send(message)).hasCauseInstanceOf(InvalidCsrfTokenException.class); } @Test public void sendWhenConnectWithSameOriginDisabledThenCsrfTokenNotRequired() { this.spring.configLocations(xml("SyncSameOriginDisabledConfig")).autowire(); - Message message = message("/message", SimpMessageType.CONNECT); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenInterceptWiredForMessageTypeThenDeniesOnTypeMismatch() { this.spring.configLocations(xml("MessageInterceptTypeConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.MESSAGE); - assertThatCode(send(message)).doesNotThrowAnyException(); - message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/anyOther", SimpMessageType.MESSAGE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void sendWhenInterceptWiredForSubscribeTypeThenDeniesOnTypeMismatch() { this.spring.configLocations(xml("SubscribeInterceptTypeConfig")).autowire(); - Message message = message("/permitAll", SimpMessageType.SUBSCRIBE); - assertThatCode(send(message)).doesNotThrowAnyException(); - message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/anyOther", SimpMessageType.SUBSCRIBE); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void configureWhenUsingConnectMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingOtherMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() { ThrowingCallable bad = () -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire(); - assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class); } @Test public void sendWhenNoIdMessageThenAuthenticationPrincipalResolved() { this.spring.configLocations(xml("SyncConfig")).autowire(); - this.clientInboundChannel.send(message("/message")); - assertThat(this.messageController.username).isEqualTo("anonymous"); } @Test public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception { this.spring.configLocations(xml("SyncConfig")).autowire(); - WebApplicationContext context = this.spring.getContext(); MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); - String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token) .sessionAttr(customAttributeName, "attributeValue")).andReturn(); - CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); - assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); - assertThat(handshakeValue).isEqualTo(sessionValue) .withFailMessage("Explicitly listed session variables are not overridden"); } @@ -327,22 +276,16 @@ public class WebSocketMessageBrokerConfigTests { @Test public void requestWhenConnectMessageAndUsingSockJsThenUsesCsrfTokenHandshakeInterceptor() throws Exception { this.spring.configLocations(xml("SyncSockJsConfig")).autowire(); - WebApplicationContext context = this.spring.getContext(); MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); - String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket").requestAttr(csrfAttributeName, this.token) .sessionAttr(customAttributeName, "attributeValue")).andReturn(); - CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); - assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); - assertThat(handshakeValue).isEqualTo(sessionValue) .withFailMessage("Explicitly listed session variables are not overridden"); } @@ -350,31 +293,23 @@ public class WebSocketMessageBrokerConfigTests { @Test public void sendWhenNoIdSpecifiedThenCustomArgumentResolversAreNotOverridden() { this.spring.configLocations(xml("SyncCustomArgumentResolverConfig")).autowire(); - this.clientInboundChannel.send(message("/message-with-argument")); - assertThat(this.messageWithArgumentController.messageArgument).isNotNull(); } @Test public void sendWhenUsingCustomPathMatcherThenSecurityAppliesIt() { this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire(); - Message message = message("/denyAll.a"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); - message = message("/denyAll.a.b"); - assertThatCode(send(message)).doesNotThrowAnyException(); } @Test public void sendWhenIdSpecifiedThenSecurityDoesNotIntegrateWithClientInboundChannel() { this.spring.configLocations(xml("IdConfig")).autowire(); - Message message = message("/denyAll"); - assertThatCode(send(message)).doesNotThrowAnyException(); } @@ -382,18 +317,14 @@ public class WebSocketMessageBrokerConfigTests { @WithMockUser public void sendWhenIdSpecifiedAndExplicitlyIntegratedWhenBrokerUsesClientInboundChannel() { this.spring.configLocations(xml("IdIntegratedConfig")).autowire(); - Message message = message("/denyAll"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @Test public void sendWhenNoIdSpecifiedThenSecurityDoesntOverrideCustomInterceptors() { this.spring.configLocations(xml("CustomInterceptorConfig")).autowire(); - Message message = message("/throwAll"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(UnsupportedOperationException.class); } @@ -401,9 +332,7 @@ public class WebSocketMessageBrokerConfigTests { @WithMockUser(username = "nile") public void sendWhenCustomExpressionHandlerThenAuthorizesAccordingly() { this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire(); - Message message = message("/denyNile"); - assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class); } @@ -428,13 +357,10 @@ public class WebSocketMessageBrokerConfigTests { headers.setSessionId("123"); headers.setSessionAttributes(new HashMap<>()); headers.setDestination(destination); - if (SecurityContextHolder.getContext().getAuthentication() != null) { headers.setUser(SecurityContextHolder.getContext().getAuthentication()); } - headers.getSessionAttributes().put(CsrfToken.class.getName(), this.token); - return new GenericMessage<>("hi", headers.getMessageHeaders()); } @@ -491,9 +417,7 @@ public class WebSocketMessageBrokerConfigTests { public boolean doHandshake(ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler, Map attributes) throws HandshakeFailureException { - this.attributes = attributes; - return true; } @@ -510,7 +434,6 @@ public class WebSocketMessageBrokerConfigTests { @Override public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { - } } @@ -529,14 +452,11 @@ public class WebSocketMessageBrokerConfigTests { @Override protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message invocation) { - return new MessageSecurityExpressionRoot(authentication, invocation) { - public boolean denyNile() { Authentication auth = getAuthentication(); return auth != null && !"nile".equals(auth.getName()); } - }; } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java index 4f673aa2ef..9ac5684868 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java @@ -63,7 +63,6 @@ final class HtmlUnitWebTestClient { contentType(request, webRequest); cookies(request, webRequest); headers(request, webRequest); - return content(request, webRequest).exchange().returnResult(String.class); } @@ -109,7 +108,6 @@ final class HtmlUnitWebTestClient { request.cookie(cookieName, cookieValue); } } - Set managedCookies = this.webClient.getCookies(webRequest.getUrl()); for (com.gargoylesoftware.htmlunit.util.Cookie cookie : managedCookies) { request.cookie(cookie.getName(), cookie.getValue()); @@ -156,10 +154,8 @@ final class HtmlUnitWebTestClient { .headers((headers) -> headers.addAll(request.headers())) .cookies((cookies) -> cookies.addAll(request.cookies())) .attributes((attributes) -> attributes.putAll(request.attributes())).build(); - return next.exchange(redirect).flatMap((r) -> redirectIfNecessary(request, next, r)); } - return Mono.just(response); } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java index 7f509d7f1a..1c734077a8 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java @@ -46,9 +46,7 @@ public class WebTestClientHtmlUnitDriverBuilderTests { public void helloWorld() { WebTestClient webTestClient = WebTestClient.bindToController(new HelloWorldController()).build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/"); - assertThat(driver.getPageSource()).contains("Hello World"); } @@ -56,13 +54,9 @@ public class WebTestClientHtmlUnitDriverBuilderTests { public void cookies() { WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); - driver.get("http://localhost/cookie"); - assertThat(driver.getPageSource()).contains("theCookie"); - driver.get("http://localhost/cookie/delete"); - assertThat(driver.getPageSource()).contains("null"); } diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java index f7dd640175..a2fed90d58 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java @@ -50,7 +50,6 @@ public class WebTestClientWebConnection implements WebConnection { Assert.notNull(webTestClient, "MockMvc must not be null"); Assert.notNull(webClient, "WebClient must not be null"); validateContextPath(contextPath); - this.webClient = webClient; this.webTestClient = webTestClient; this.contextPath = contextPath; @@ -82,7 +81,6 @@ public class WebTestClientWebConnection implements WebConnection { @Override public WebResponse getResponse(WebRequest webRequest) throws IOException { long startTime = System.currentTimeMillis(); - FluxExchangeResult exchangeResult = this.requestBuilder.getResponse(webRequest); webRequest.setUrl(exchangeResult.getUrl().toURL()); return new MockWebResponseBuilder(startTime, webRequest, exchangeResult).build(); diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java index dd8575d432..2710091266 100644 --- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java +++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java @@ -41,12 +41,10 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + " " + " " + ""; - static final String ACCESS_MANAGER_XML = "" + " " + " " + " " + ""; - static final String TARGET_BEAN_AND_INTERCEPTOR = "" + "" + " " + " " @@ -77,9 +75,7 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + "" + TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML); - ITargetObject target = (ITargetObject) this.appContext.getBean("target"); - // Check both against interface and class try { target.makeLowerCase("TEST"); @@ -87,7 +83,6 @@ public class MethodSecurityInterceptorWithAopConfigTests { } catch (AuthenticationCredentialsNotFoundException expected) { } - target.makeUpperCase("test"); } @@ -101,18 +96,14 @@ public class MethodSecurityInterceptorWithAopConfigTests { + " " + " " + " " + "" + TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML); - ITargetObject target = (ITargetObject) this.appContext.getBean("target"); - try { target.makeLowerCase("TEST"); fail("AuthenticationCredentialsNotFoundException expected"); } catch (AuthenticationCredentialsNotFoundException expected) { } - target.makeUpperCase("test"); - } private void setContext(String context) { diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java index f450a2bb76..2ff999577a 100644 --- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java +++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java @@ -37,14 +37,12 @@ public final class PopulatedDatabase { if (dataSource == null) { setupDataSource(); } - return dataSource; } private static void setupDataSource() { dataSource = new TestDataSource("springsecuritytest"); JdbcTemplate template = new JdbcTemplate(dataSource); - template.execute( "CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL)"); template.execute( @@ -77,18 +75,15 @@ public final class PopulatedDatabase { "INSERT INTO acl_object_identity VALUES (5, 'org.springframework.security.acl.DomainObject:5', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');"); template.execute( "INSERT INTO acl_object_identity VALUES (6, 'org.springframework.security.acl.DomainObject:6', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');"); - // ----- BEGIN deviation from normal sample data load script ----- template.execute( "INSERT INTO acl_object_identity VALUES (7, 'org.springframework.security.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');"); - // ----- FINISH deviation from normal sample data load script ----- template.execute("INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);"); template.execute("INSERT INTO acl_permission VALUES (null, 2, 'ROLE_SUPERVISOR', 0);"); template.execute("INSERT INTO acl_permission VALUES (null, 2, 'rod', 2);"); template.execute("INSERT INTO acl_permission VALUES (null, 3, 'scott', 14);"); template.execute("INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);"); - createGroupTables(template); insertGroupData(template); } @@ -106,13 +101,11 @@ public final class PopulatedDatabase { public static void insertGroupData(JdbcTemplate template) { template.execute("INSERT INTO USERS VALUES('jerry','password',TRUE)"); template.execute("INSERT INTO USERS VALUES('tom','password',TRUE)"); - template.execute("INSERT INTO GROUPS VALUES (0, 'GROUP_0')"); template.execute("INSERT INTO GROUPS VALUES (1, 'GROUP_1')"); template.execute("INSERT INTO GROUPS VALUES (2, 'GROUP_2')"); // Group 3 isn't used template.execute("INSERT INTO GROUPS VALUES (3, 'GROUP_3')"); - template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (0, 'ROLE_A')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_B')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_C')"); @@ -121,7 +114,6 @@ public final class PopulatedDatabase { template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (2, 'ROLE_C')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_D')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_E')"); - template.execute("INSERT INTO GROUP_MEMBERS VALUES (0, 'jerry', 0)"); template.execute("INSERT INTO GROUP_MEMBERS VALUES (1, 'jerry', 1)"); // tom has groups with overlapping roles diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java index 5f98437350..b936d69043 100644 --- a/core/src/test/java/org/springframework/security/TargetObject.java +++ b/core/src/test/java/org/springframework/security/TargetObject.java @@ -47,7 +47,6 @@ public class TargetObject implements ITargetObject { @Override public String makeLowerCase(String input) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth == null) { return input.toLowerCase() + " Authentication empty"; } @@ -67,7 +66,6 @@ public class TargetObject implements ITargetObject { @Override public String makeUpperCase(String input) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated(); } diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java index 94de0f1f15..9b6fee171e 100644 --- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java +++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java @@ -37,7 +37,6 @@ public class AuthorizedEventTests { @Test(expected = IllegalArgumentException.class) public void testRejectsNulls2() { - new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar")); } diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java index 40c2165865..7cc22aff20 100644 --- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java +++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java @@ -53,23 +53,17 @@ public class SecurityConfigTests { SecurityConfig security1 = new SecurityConfig("TEST"); SecurityConfig security2 = new SecurityConfig("TEST"); assertThat(security2).isEqualTo(security1); - // SEC-311: Must observe symmetry requirement of Object.equals(Object) contract String securityString1 = "TEST"; assertThat(securityString1).isNotSameAs(security1); - String securityString2 = "NOT_EQUAL"; assertThat(!security1.equals(securityString2)).isTrue(); - SecurityConfig security3 = new SecurityConfig("NOT_EQUAL"); assertThat(!security1.equals(security3)).isTrue(); - MockConfigAttribute mock1 = new MockConfigAttribute("TEST"); assertThat(security1).isEqualTo(mock1); - MockConfigAttribute mock2 = new MockConfigAttribute("NOT_EQUAL"); assertThat(security1).isNotEqualTo(mock2); - Integer int1 = 987; assertThat(security1).isNotEqualTo(int1); } diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java index 705632467e..0e732bf480 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java @@ -75,7 +75,6 @@ public class BusinessServiceImpl implements BusinessService { @Override public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java index eec3144daa..9d1b066d01 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java @@ -71,12 +71,10 @@ public class ExpressionProtectedBusinessServiceImpl implements BusinessService { @PreAuthorize("#x == 'x' and @number.intValue() == 1294 ") public void methodWithBeanNamePropertyAccessExpression(String x) { - } @Override public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java index 3472f49f1c..09aa5ae48c 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java @@ -76,7 +76,6 @@ public class Jsr250BusinessServiceImpl implements BusinessService { @Override @RolesAllowed({ "USER" }) public void rolesAllowedUser() { - } } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java index e072ee4b4c..642674a887 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java @@ -91,7 +91,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void customDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix("CUSTOMPREFIX_"); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("CUSTOMPREFIX_ADMIN"); @@ -100,7 +99,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void emptyDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix(""); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN"); @@ -109,7 +107,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void nullDefaultRolePrefix() throws Exception { this.mds.setDefaultRolePrefix(null); - ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN"); @@ -123,7 +120,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { } // JSR-250 Spec Tests - /** * Class-level annotations only affect the class they annotate and their members, that * is, its methods and fields. They never affect a member declared by a superclass, @@ -134,7 +130,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isNull(); } @@ -143,7 +138,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -153,7 +147,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsImpactMemberLevel() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "defaults"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -163,7 +156,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "explicitMethod"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_EXPLICIT"); @@ -178,7 +170,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void interfacesNeverContributeAnnotationsMethodLevel() throws Exception { Parent target = new Parent(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "interfaceMethod"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isEmpty(); } @@ -187,7 +178,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void interfacesNeverContributeAnnotationsClassLevel() throws Exception { Parent target = new Parent(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).isEmpty(); } @@ -196,7 +186,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { public void annotationsOnOverriddenMemberIgnored() throws Exception { Child target = new Child(); MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overridenIgnored"); - Collection accessAttributes = this.mds.getAttributes(mi); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED"); @@ -234,7 +223,6 @@ public class Jsr250MethodSecurityMetadataSourceTests { } // JSR-250 Spec - @RolesAllowed("IPARENT") interface IParent { diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java index 8e7f5536fc..412d2fe93f 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java @@ -38,21 +38,17 @@ public class Jsr250VoterTests { public void supportsMultipleRolesCorrectly() { List attrs = new ArrayList<>(); Jsr250Voter voter = new Jsr250Voter(); - attrs.add(new Jsr250SecurityConfig("A")); attrs.add(new Jsr250SecurityConfig("B")); attrs.add(new Jsr250SecurityConfig("C")); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs)) .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); - assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); } diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java index 842aa93485..a607b56874 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java @@ -54,39 +54,29 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Test public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() { Method method = null; - try { method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class }); } catch (NoSuchMethodException unexpected) { fail("Should be a superMethod called 'someUserMethod3' on class!"); } - Collection attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class); - assertThat(attrs).isNotNull(); - // expect 1 attribute assertThat(attrs.size() == 1).as("Did not find 1 attribute").isTrue(); - // should have 1 SecurityConfig for (ConfigAttribute sc : attrs) { assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN"); } - Method superMethod = null; - try { superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class }); } catch (NoSuchMethodException unexpected) { fail("Should be a superMethod called 'someUserMethod3' on class!"); } - Collection superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class); - assertThat(superAttrs).isNotNull(); - // This part of the test relates to SEC-274 // expect 1 attribute assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1); @@ -99,41 +89,31 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Test public void classLevelAttributesAreFound() { Collection attrs = this.mds.findAttributes(BusinessService.class); - assertThat(attrs).isNotNull(); - // expect 1 annotation assertThat(attrs).hasSize(1); - // should have 1 SecurityConfig SecurityConfig sc = (SecurityConfig) attrs.toArray()[0]; - assertThat(sc.getAttribute()).isEqualTo("ROLE_USER"); } @Test public void methodLevelAttributesAreFound() { Method method = null; - try { method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {}); } catch (NoSuchMethodException unexpected) { fail("Should be a method called 'someUserAndAdminMethod' on class!"); } - Collection attrs = this.mds.findAttributes(method, BusinessService.class); - // expect 2 attributes assertThat(attrs).hasSize(2); - boolean user = false; boolean admin = false; - // should have 2 SecurityConfigs for (ConfigAttribute sc : attrs) { assertThat(sc).isInstanceOf(SecurityConfig.class); - if (sc.getAttribute().equals("ROLE_USER")) { user = true; } @@ -141,7 +121,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { admin = true; } } - // expect to have ROLE_USER and ROLE_ADMIN assertThat(user).isEqualTo(admin).isTrue(); } @@ -159,9 +138,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests { public void annotatedAnnotationAtClassLevelIsDetected() throws Exception { MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(new AnnotatedAnnotationAtClassLevel(), ReturnVoid.class, "doSomething", List.class); - ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -170,9 +147,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests { public void annotatedAnnotationAtInterfaceLevelIsDetected() throws Exception { MockMethodInvocation annotatedAtInterfaceLevel = new MockMethodInvocation( new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething", List.class); - ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -182,7 +157,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(new AnnotatedAnnotationAtMethodLevel(), ReturnVoid.class, "doSomething", List.class); ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs).extracting("attribute").containsOnly("CUSTOM"); } @@ -223,7 +197,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { } // SEC-1491 Related classes. PoC for custom annotation with enum value. - @CustomSecurityAnnotation(SecurityEnum.ADMIN) interface CustomAnnotatedService { @@ -262,7 +235,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests { @Override public Collection extractAttributes(CustomSecurityAnnotation securityAnnotation) { SecurityEnum[] values = securityAnnotation.value(); - return EnumSet.copyOf(Arrays.asList(values)); } diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java index c9522feca6..f8c6b653a2 100644 --- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java @@ -51,7 +51,6 @@ public class AbstractSecurityExpressionHandlerTests { @Test public void beanNamesAreCorrectlyResolved() { this.handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class)); - Expression expression = this.handler.getExpressionParser() .parseExpression("@number10.compareTo(@number20) < 0"); assertThat(expression.getValue(this.handler.createEvaluationContext(mock(Authentication.class), new Object()))) diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java index c1e953f363..9cb6564f61 100644 --- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java @@ -64,7 +64,6 @@ public class SecurityExpressionRootTests { @Test public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() { this.root.setRoleHierarchy((authorities) -> AuthorityUtils.createAuthorityList("ROLE_C")); - assertThat(this.root.hasRole("C")).isTrue(); assertThat(this.root.hasAuthority("ROLE_C")).isTrue(); assertThat(this.root.hasRole("A")).isFalse(); @@ -98,7 +97,6 @@ public class SecurityExpressionRootTests { public void hasRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles() { SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) { }; - assertThat(root.hasRole("ROLE_A")).isTrue(); assertThat(root.hasRole("ROLE_NO")).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java index f2f1047f61..0cc3343ca5 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java @@ -77,11 +77,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { @Test public void createEvaluationContextCustomTrustResolver() { this.handler.setTrustResolver(this.trustResolver); - Expression expression = this.handler.getExpressionParser().parseExpression("anonymous"); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); expression.getValue(context, Boolean.class); - verify(this.trustResolver).isAnonymous(this.authentication); } @@ -92,13 +90,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 1); @@ -113,13 +107,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 1); @@ -134,14 +124,10 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key1", "value1"); map.put("key2", "value2"); map.put("key3", "value3"); - Expression expression = this.handler.getExpressionParser() .parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(map, expression, context); - assertThat(filtered == map); Map result = ((Map) filtered); assertThat(result.size() == 2); @@ -153,13 +139,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { @SuppressWarnings("unchecked") public void filterWhenUsingStreamThenFiltersStream() { final Stream stream = Stream.of("1", "2", "3"); - Expression expression = this.handler.getExpressionParser().parseExpression("filterObject ne '2'"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - Object filtered = this.handler.filter(stream, expression, context); - assertThat(filtered).isInstanceOf(Stream.class); List list = ((Stream) filtered).collect(Collectors.toList()); assertThat(list).containsExactly("1", "3"); @@ -169,11 +151,8 @@ public class DefaultMethodSecurityExpressionHandlerTests { public void filterStreamWhenClosedThenUpstreamGetsClosed() { final Stream upstream = mock(Stream.class); doReturn(Stream.empty()).when(upstream).filter(any()); - Expression expression = this.handler.getExpressionParser().parseExpression("true"); - EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); - ((Stream) this.handler.filter(upstream, expression, context)).close(); verify(upstream).close(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java index d60ef97c45..d409c4054d 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java @@ -113,9 +113,8 @@ public class MethodExpressionVoterTests { @Test public void ruleDefinedInAClassMethodIsApplied() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe"); - assertThat( - - this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, + assertThat(this.am.vote(this.joe, mi, + createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)")))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java index 43ee1027ad..e6c8910fd8 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java @@ -64,7 +64,6 @@ public class MethodSecurityExpressionRootTests { public void canCallMethodsOnVariables() { this.ctx.setVariable("var", "somestring"); Expression e = this.parser.parseExpression("#var.length() == 10"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } @@ -87,9 +86,7 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse(); - } @Test @@ -99,7 +96,6 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue(); } @@ -110,7 +106,6 @@ public class MethodSecurityExpressionRootTests { final PermissionEvaluator pe = mock(PermissionEvaluator.class); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false); - Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)"); // evaluator returns true assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); @@ -135,12 +130,10 @@ public class MethodSecurityExpressionRootTests { this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false); given(pe.hasPermission(this.user, "x", i)).willReturn(true); - Expression e = this.parser.parseExpression("hasPermission(this, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); e = this.parser.parseExpression("hasPermission(this, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); - e = this.parser.parseExpression("hasPermission(this.x, 2)"); assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java index bf024683f3..c7e19fbf89 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java @@ -88,7 +88,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -100,7 +99,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void mixedClassAndMethodPreAnnotationsAreBothIncluded() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl2).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -112,7 +110,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void methodWithPreFilterOnlyIsAllowed() { ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl3).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -124,7 +121,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void methodWithPostFilterOnlyIsAllowed() { ConfigAttribute[] attrs = this.mds.getAttributes(this.listImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(2); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); assertThat(attrs[1] instanceof PostInvocationExpressionAttribute).isTrue(); @@ -138,7 +134,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void interfaceAttributesAreIncluded() { ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl1).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -151,7 +146,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void classAttributesTakesPrecedeceOverInterfaceAttributes() { ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl2).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue(); PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0]; @@ -164,7 +158,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void customAnnotationAtClassLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtClassLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } @@ -172,14 +165,12 @@ public class PrePostAnnotationSecurityMetadataSourceTests { public void customAnnotationAtInterfaceLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtInterfaceLevel) .toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } @Test public void customAnnotationAtMethodLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtMethodLevel).toArray(new ConfigAttribute[0]); - assertThat(attrs).hasSize(1); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java index 8d2a9fdff3..b8df1e837e 100755 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java @@ -36,7 +36,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities1 == null && authorities2 == null) { return true; } - if (authorities1 == null || authorities2 == null) { return false; } @@ -48,7 +47,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities1 == null && authorities2 == null) { return true; } - if (authorities1 == null || authorities2 == null) { return false; } @@ -60,7 +58,6 @@ public abstract class HierarchicalRolesTestHelper { if (authorities == null) { return null; } - List result = new ArrayList<>(authorities.size()); for (GrantedAuthority authority : authorities) { result.add(authority.getAuthority()); @@ -70,12 +67,10 @@ public abstract class HierarchicalRolesTestHelper { public static List createAuthorityList(final String... roles) { List authorities = new ArrayList<>(roles.length); - for (final String role : roles) { // Use non SimpleGrantedAuthority (SEC-863) authorities.add((GrantedAuthority) () -> role); } - return authorities; } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java index 0d373bf9d9..58beb183f3 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java @@ -35,16 +35,11 @@ public class RoleHierarchyAuthoritiesMapperTests { RoleHierarchyImpl rh = new RoleHierarchyImpl(); rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh); - Collection authorities = mapper .mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); - assertThat(authorities).hasSize(4); - mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy()); - authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); - assertThat(authorities).hasSize(2); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java index 7f337dac51..0bd68d1955 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java @@ -38,27 +38,21 @@ public class RoleHierarchyImplTests { public void testRoleHierarchyWithNullOrEmptyAuthorities() { List authorities0 = null; List authorities1 = new ArrayList<>(); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isNotNull(); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty(); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isNotNull(); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty(); } @Test public void testSimpleRoleHierarchy() { - List authorities0 = AuthorityUtils.createAuthorityList("ROLE_0"); List authorities1 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( @@ -73,13 +67,10 @@ public class RoleHierarchyImplTests { List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C"); List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C", "ROLE_D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); - roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); @@ -96,10 +87,8 @@ public class RoleHierarchyImplTests { List authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C", "ROLE_D"); List authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D"); List authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( @@ -113,28 +102,24 @@ public class RoleHierarchyImplTests { @Test public void testCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B"); @@ -142,7 +127,6 @@ public class RoleHierarchyImplTests { } catch (CycleInRoleHierarchyException ex) { } - try { roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B"); fail("Cycle in role hierarchy was not detected!"); @@ -154,7 +138,6 @@ public class RoleHierarchyImplTests { @Test public void testNoCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); } @@ -166,14 +149,11 @@ public class RoleHierarchyImplTests { // SEC-863 @Test public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() { - List authorities0 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_0"); List authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A"); List authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( @@ -188,13 +168,10 @@ public class RoleHierarchyImplTests { List authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C"); List authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C", "ROLE D"); - RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); - roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); - roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); @@ -209,7 +186,6 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } @@ -223,7 +199,6 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl .setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } @@ -236,7 +211,6 @@ public class RoleHierarchyImplTests { "ROLE_LOW", "ROLE_LOWER"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER"); - assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) .containsExactlyInAnyOrderElementsOf(allAuthorities); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java index 6684a2e9d7..ae08fd1249 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java @@ -44,14 +44,11 @@ public class RoleHierarchyUtilsTests { "ROLE_B > ROLE_D" + EOL + "ROLE_C > ROLE_D" + EOL; // @formatter:on - Map> roleHierarchyMap = new TreeMap<>(); roleHierarchyMap.put("ROLE_A", Arrays.asList("ROLE_B", "ROLE_C")); roleHierarchyMap.put("ROLE_B", Arrays.asList("ROLE_D")); roleHierarchyMap.put("ROLE_C", Arrays.asList("ROLE_D")); - String roleHierarchy = RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); - assertThat(roleHierarchy).isEqualTo(expectedRoleHierarchy); } @@ -69,7 +66,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenRoleNullThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C")); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -77,7 +73,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenRoleEmptyThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C")); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -85,7 +80,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenImpliedRolesNullThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", null); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } @@ -93,7 +87,6 @@ public class RoleHierarchyUtilsTests { public void roleHierarchyFromMapWhenImpliedRolesEmptyThenThrowsIllegalArgumentException() { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", Collections.emptyList()); - RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java index 54570c4759..111b94b8f5 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java @@ -42,12 +42,10 @@ public class TestHelperTests { List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); List authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue(); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse(); @@ -65,42 +63,32 @@ public class TestHelperTests { Collection authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); Collection authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); Collection authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - List authoritiesStrings1 = new ArrayList<>(); authoritiesStrings1.add("ROLE_A"); authoritiesStrings1.add("ROLE_B"); - List authoritiesStrings2 = new ArrayList<>(); authoritiesStrings2.add("ROLE_B"); authoritiesStrings2.add("ROLE_A"); - List authoritiesStrings3 = new ArrayList<>(); authoritiesStrings3.add("ROLE_A"); authoritiesStrings3.add("ROLE_C"); - List authoritiesStrings4 = new ArrayList<>(); authoritiesStrings4.add("ROLE_A"); - List authoritiesStrings5 = new ArrayList<>(); authoritiesStrings5.add("ROLE_A"); authoritiesStrings5.add("ROLE_A"); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1), authoritiesStrings1)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2), authoritiesStrings2)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3), authoritiesStrings3)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4), authoritiesStrings4)) .isTrue(); - assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5), authoritiesStrings5)) .isTrue(); @@ -114,12 +102,10 @@ public class TestHelperTests { List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C"); List authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); List authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A"); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue(); - assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse(); @@ -144,7 +130,6 @@ public class TestHelperTests { List authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A"); assertThat(authorities1).hasSize(1); assertThat(authorities1.get(0).getAuthority()).isEqualTo("ROLE_A"); - List authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_C"); assertThat(authorities2).hasSize(2); assertThat(authorities2.get(0).getAuthority()).isEqualTo("ROLE_A"); diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java index 67f6e1aa86..6a4047cbae 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java @@ -36,7 +36,6 @@ public class AbstractSecurityInterceptorTests { @Test(expected = IllegalArgumentException.class) public void detectsIfInvocationPassedIncompatibleSecureObject() { MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings(); - si.setRunAsManager(mock(RunAsManager.class)); si.setAuthenticationManager(mock(AuthenticationManager.class)); si.setAfterInvocationManager(mock(AfterInvocationManager.class)); diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java index 6244ad3a4f..f6fc8ec922 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java @@ -51,25 +51,19 @@ public class AfterInvocationProviderManagerTests { manager.setProviders(list); assertThat(manager.getProviders()).isEqualTo(list); manager.afterPropertiesSet(); - List attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" }); List attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" }); List attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" }); List attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" }); List attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" }); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")) .isEqualTo("swap1"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")) .isEqualTo("swap2"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")) .isEqualTo("swap3"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")) .isEqualTo("content-before-swapping"); - assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")) .isEqualTo("swap3"); } @@ -78,7 +72,6 @@ public class AfterInvocationProviderManagerTests { public void testRejectsEmptyProvidersList() { AfterInvocationProviderManager manager = new AfterInvocationProviderManager(); List list = new Vector(); - try { manager.setProviders(list); fail("Should have thrown IllegalArgumentException"); @@ -95,7 +88,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1"))); list.add(45); list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); - try { manager.setProviders(list); fail("Should have thrown IllegalArgumentException"); @@ -108,7 +100,6 @@ public class AfterInvocationProviderManagerTests { @Test public void testRejectsNullProvidersList() throws Exception { AfterInvocationProviderManager manager = new AfterInvocationProviderManager(); - try { manager.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -127,7 +118,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); manager.setProviders(list); manager.afterPropertiesSet(); - assertThat(manager.supports(new SecurityConfig("UNKNOWN_ATTRIB"))).isFalse(); assertThat(manager.supports(new SecurityConfig("GIVE_ME_SWAP2"))).isTrue(); } @@ -141,7 +131,6 @@ public class AfterInvocationProviderManagerTests { list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3"))); manager.setProviders(list); manager.afterPropertiesSet(); - // assertFalse(manager.supports(FilterInvocation.class)); assertThat(manager.supports(MethodInvocation.class)).isTrue(); } @@ -171,7 +160,6 @@ public class AfterInvocationProviderManagerTests { if (config.contains(this.configAttribute)) { return this.forceReturnObject; } - return returnedObject; } diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java index f745614c0f..eb6947816a 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java @@ -42,7 +42,6 @@ public class InterceptorStatusTokenTests { MethodInvocation mi = new SimpleMethodInvocation(); SecurityContext ctx = SecurityContextHolder.createEmptyContext(); InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi); - assertThat(token.isContextHolderRefreshRequired()).isTrue(); assertThat(token.getAttributes()).isEqualTo(attr); assertThat(token.getSecureObject()).isEqualTo(mi); diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java index b19767152a..620806f5ff 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java @@ -38,7 +38,6 @@ public class RunAsImplAuthenticationProviderTests { AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("hello_world"); - provider.authenticate(token); } @@ -48,11 +47,8 @@ public class RunAsImplAuthenticationProviderTests { AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("my_password"); - Authentication result = provider.authenticate(token); - Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -60,7 +56,6 @@ public class RunAsImplAuthenticationProviderTests { @Test(expected = IllegalArgumentException.class) public void testStartupFailsIfNoKey() throws Exception { RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); - provider.afterPropertiesSet(); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java index c58c4a193f..31503300c3 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java @@ -45,10 +45,8 @@ public class RunAsManagerImplTests { public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); - Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE")); assertThat(resultingToken).isNull(); @@ -58,23 +56,18 @@ public class RunAsManagerImplTests { public void testRespectsRolePrefix() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ONE", "TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); runAs.setRolePrefix("FOOBAR_"); - Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); - assertThat(result instanceof RunAsUserToken).withFailMessage("Should have returned a RunAsUserToken").isTrue(); assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); Set authorities = AuthorityUtils.authorityListToSet(result.getAuthorities()); - assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ONE")).isTrue(); assertThat(authorities.contains("TWO")).isTrue(); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -83,25 +76,19 @@ public class RunAsManagerImplTests { public void testReturnsAdditionalGrantedAuthorities() { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); - Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); - if (!(result instanceof RunAsUserToken)) { fail("Should have returned a RunAsUserToken"); } - assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); - Set authorities = AuthorityUtils.authorityListToSet(result.getAuthorities()); assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ROLE_ONE")).isTrue(); assertThat(authorities.contains("ROLE_TWO")).isTrue(); - RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); } @@ -109,13 +96,11 @@ public class RunAsManagerImplTests { @Test public void testStartupDetectsMissingKey() throws Exception { RunAsManagerImpl runAs = new RunAsManagerImpl(); - try { runAs.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java index 50d5fd3d70..b8b151b27a 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java @@ -53,7 +53,6 @@ public class RunAsUserTokenTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = RunAsUserToken.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java index b510aeb697..aa8ff61359 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java @@ -198,7 +198,6 @@ public class MethodSecurityInterceptorTests { given(this.adm.supports(MethodInvocation.class)).willReturn(true); given(this.mds.supports(MethodInvocation.class)).willReturn(true); given(this.mds.getAllConfigAttributes()).willReturn(null); - this.interceptor.setValidateConfigAttributes(true); this.interceptor.afterPropertiesSet(); verify(this.adm, never()).supports(any(ConfigAttribute.class)); @@ -224,10 +223,8 @@ public class MethodSecurityInterceptorTests { public void callIsntMadeWhenAuthenticationManagerRejectsAuthentication() { final TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password"); SecurityContextHolder.getContext().setAuthentication(token); - mdsReturnsUserRole(); given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected")); - this.advisedTarget.makeLowerCase("HELLO"); } @@ -237,9 +234,7 @@ public class MethodSecurityInterceptorTests { this.interceptor.setPublishAuthorizationSuccess(true); SecurityContextHolder.getContext().setAuthentication(this.token); mdsReturnsUserRole(); - String result = this.advisedTarget.makeLowerCase("HELLO"); - // Note we check the isAuthenticated remained true in following line assertThat(result) .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true"); @@ -256,7 +251,6 @@ public class MethodSecurityInterceptorTests { given(this.authman.authenticate(this.token)).willReturn(this.token); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(any(Authentication.class), any(MethodInvocation.class), any(List.class)); - try { this.advisedTarget.makeUpperCase("HELLO"); fail("Expected Exception"); @@ -282,7 +276,6 @@ public class MethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); - String result = this.advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back @@ -304,14 +297,12 @@ public class MethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); - try { this.advisedTarget.makeUpperCase("hello"); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); @@ -329,19 +320,15 @@ public class MethodSecurityInterceptorTests { this.token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(this.token); mdsReturnsUserRole(); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - given(mi.proceed()).willThrow(new Throwable()); - try { this.interceptor.invoke(mi); fail("Expected exception"); } catch (Throwable expected) { } - verifyZeroInteractions(aim); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java index d9ea3b8857..297705c6e5 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java @@ -39,7 +39,6 @@ public class MethodSecurityMetadataSourceAdvisorTests { public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception { Class clazz = TargetObject.class; Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class }); - MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); given(mds.getAttributes(method, clazz)).willReturn(null); MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, ""); @@ -50,7 +49,6 @@ public class MethodSecurityMetadataSourceAdvisorTests { public void testAdvisorReturnsTrueWhenMethodInvocationIsDefined() throws Exception { Class clazz = TargetObject.class; Method method = clazz.getMethod("countLength", new Class[] { String.class }); - MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); given(mds.getAttributes(method, clazz)).willReturn(SecurityConfig.createList("ROLE_A")); MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, ""); diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java index f156277895..6ea44ac332 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java @@ -114,7 +114,6 @@ public class AspectJMethodSecurityInterceptorTests { SecurityContextHolder.getContext().setAuthentication(this.token); this.interceptor.invoke(this.joinPoint, this.aspectJCallback); verify(this.aspectJCallback).proceedWithObject(); - // Just try the other method too this.interceptor.invoke(this.joinPoint); } @@ -123,7 +122,6 @@ public class AspectJMethodSecurityInterceptorTests { @Test public void callbackIsNotInvokedWhenPermissionDenied() { willThrow(new AccessDeniedException("denied")).given(this.adm).decide(any(), any(), any()); - SecurityContextHolder.getContext().setAuthentication(this.token); try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); @@ -138,7 +136,6 @@ public class AspectJMethodSecurityInterceptorTests { public void adapterHoldsCorrectData() { TargetObject to = new TargetObject(); Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class }); - given(this.joinPoint.getTarget()).willReturn(to); given(this.joinPoint.getArgs()).willReturn(new Object[] { "Hi" }); MethodInvocationAdapter mia = new MethodInvocationAdapter(this.joinPoint); @@ -152,19 +149,15 @@ public class AspectJMethodSecurityInterceptorTests { public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() { this.token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(this.token); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); fail("Expected exception"); } catch (RuntimeException expected) { } - verifyZeroInteractions(aim); } @@ -181,14 +174,12 @@ public class AspectJMethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint, this.aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); @@ -207,14 +198,12 @@ public class AspectJMethodSecurityInterceptorTests { this.interceptor.setRunAsManager(runAs); given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); given(this.joinPoint.proceed()).willThrow(new RuntimeException()); - try { this.interceptor.invoke(this.joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java index 9236bb38d8..ae3c44b91e 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java @@ -64,7 +64,6 @@ public class MapBasedMethodSecurityMetadataSourceTests { public void methodsWithDifferentArgumentsAreMatchedCorrectly() { this.mds.addSecureMethod(MockService.class, this.someMethodInteger, this.ROLE_A); this.mds.addSecureMethod(MockService.class, this.someMethodString, this.ROLE_B); - assertThat(this.mds.getAttributes(this.someMethodInteger, MockService.class)).isEqualTo(this.ROLE_A); assertThat(this.mds.getAttributes(this.someMethodString, MockService.class)).isEqualTo(this.ROLE_B); } diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java index bd0a55037d..a9e89fa1e5 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java @@ -78,13 +78,10 @@ public class MethodInvocationPrivilegeEvaluatorTests { public void allowsAccessUsingCreate() throws Exception { Object object = new TargetObject(); final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar"); - MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); given(this.mds.getAttributes(mi)).willReturn(this.role); - mipe.setSecurityInterceptor(this.interceptor); mipe.afterPropertiesSet(); - assertThat(mipe.isAllowed(mi, this.token)).isTrue(); } @@ -95,7 +92,6 @@ public class MethodInvocationPrivilegeEvaluatorTests { MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); - assertThat(mipe.isAllowed(mi, this.token)).isTrue(); } @@ -107,7 +103,6 @@ public class MethodInvocationPrivilegeEvaluatorTests { mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role); - assertThat(mipe.isAllowed(mi, this.token)).isFalse(); } @@ -115,12 +110,10 @@ public class MethodInvocationPrivilegeEvaluatorTests { public void declinesAccessUsingCreateFromClass() { final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" }); - MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(this.interceptor); given(this.mds.getAttributes(mi)).willReturn(this.role); willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role); - assertThat(mipe.isAllowed(mi, this.token)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java index 46e5985dab..b0cfe45d60 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java @@ -54,9 +54,7 @@ public class AbstractAccessDecisionManagerTests { List list = new Vector(); list.add(new DenyVoter()); list.add(new MockStringOnlyVoter()); - MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list); - assertThat(mock.supports(String.class)).isTrue(); assertThat(!mock.supports(Integer.class)).isTrue(); } @@ -68,12 +66,9 @@ public class AbstractAccessDecisionManagerTests { DenyAgainVoter denyVoter = new DenyAgainVoter(); list.add(voter); list.add(denyVoter); - MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list); - ConfigAttribute attr = new SecurityConfig("DENY_AGAIN_FOR_SURE"); assertThat(mock.supports(attr)).isTrue(); - ConfigAttribute badAttr = new SecurityConfig("WE_DONT_SUPPORT_THIS"); assertThat(!mock.supports(badAttr)).isTrue(); } @@ -92,13 +87,11 @@ public class AbstractAccessDecisionManagerTests { @Test public void testRejectsEmptyList() { List list = new Vector(); - try { new MockDecisionManagerImpl(list); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -109,7 +102,6 @@ public class AbstractAccessDecisionManagerTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -126,7 +118,6 @@ public class AbstractAccessDecisionManagerTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java index e03cbc3cb9..d11135de93 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java @@ -56,11 +56,9 @@ public class AffirmativeBasedTests { @Before @SuppressWarnings("unchecked") public void setup() { - this.grant = mock(AccessDecisionVoter.class); this.abstain = mock(AccessDecisionVoter.class); this.deny = mock(AccessDecisionVoter.class); - given(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class))) .willReturn(AccessDecisionVoter.ACCESS_GRANTED); given(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class))) @@ -71,7 +69,6 @@ public class AffirmativeBasedTests { @Test public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception { - this.mgr = new AffirmativeBased( Arrays.>asList(this.grant, this.deny, this.abstain)); this.mgr.afterPropertiesSet(); @@ -104,7 +101,6 @@ public class AffirmativeBasedTests { this.mgr = new AffirmativeBased( Arrays.>asList(this.abstain, this.abstain, this.abstain)); assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - this.mgr.decide(this.user, new Object(), this.attrs); } @@ -114,7 +110,6 @@ public class AffirmativeBasedTests { Arrays.>asList(this.abstain, this.abstain, this.abstain)); this.mgr.setAllowIfAllAbstainDecisions(true); assertThat(this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - this.mgr.decide(this.user, new Object(), this.attrs); } diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java index 4cc37d0c70..595bd55fc9 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java @@ -82,13 +82,11 @@ public class AuthenticatedVoterTests { @Test public void testSetterRejectsNull() { AuthenticatedVoter voter = new AuthenticatedVoter(); - try { voter.setAuthenticationTrustResolver(null); fail("Expected IAE"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java index 0392e921c1..647387d2aa 100644 --- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java @@ -43,9 +43,7 @@ public class ConsensusBasedTests { ConsensusBased mgr = makeDecisionManager(); mgr.setAllowIfEqualGrantedDeniedDecisions(false); assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check changed - List config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE"); - mgr.decide(auth, new Object(), config); } @@ -53,29 +51,22 @@ public class ConsensusBasedTests { public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - assertThat(mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check default - List config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE"); - mgr.decide(auth, new Object(), config); - } @Test public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2")); - } @Test(expected = AccessDeniedException.class) public void testOneDenyVoteTwoAbstainVotesDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE")); fail("Should have thrown AccessDeniedException"); } @@ -84,9 +75,7 @@ public class ConsensusBasedTests { public void testThreeAbstainVotesDeniesAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL")); } @@ -96,7 +85,6 @@ public class ConsensusBasedTests { ConsensusBased mgr = makeDecisionManager(); mgr.setAllowIfAllAbstainDecisions(true); assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL")); } @@ -104,7 +92,6 @@ public class ConsensusBasedTests { public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); - mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2")); } @@ -116,7 +103,6 @@ public class ConsensusBasedTests { voters.add(roleVoter); voters.add(denyForSureVoter); voters.add(denyAgainForSureVoter); - return new ConsensusBased(voters); } diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java index f6e2977982..4d59a0173b 100644 --- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java +++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java @@ -48,15 +48,12 @@ public class DenyAgainVoter implements AccessDecisionVoter { @Override public int vote(Authentication authentication, Object object, Collection attributes) { Iterator iter = attributes.iterator(); - while (iter.hasNext()) { ConfigAttribute attribute = iter.next(); - if (this.supports(attribute)) { return ACCESS_DENIED; } } - return ACCESS_ABSTAIN; } diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java index ae548752f1..b20964b020 100644 --- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java +++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java @@ -50,15 +50,12 @@ public class DenyVoter implements AccessDecisionVoter { @Override public int vote(Authentication authentication, Object object, Collection attributes) { Iterator iter = attributes.iterator(); - while (iter.hasNext()) { ConfigAttribute attribute = iter.next(); - if (this.supports(attribute)) { return ACCESS_DENIED; } } - return ACCESS_ABSTAIN; } diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java index 9dd3cc940d..806ec7416b 100644 --- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java @@ -31,11 +31,9 @@ public class RoleHierarchyVoterTests { public void hierarchicalRoleIsIncludedInDecision() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); - // User has role A, role B is required TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A"); RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl); - assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java index 2c204ea270..943d31da0a 100644 --- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java @@ -51,7 +51,6 @@ public class UnanimousBasedTests { private UnanimousBased makeDecisionManagerWithFooBarPrefix() { RoleVoter roleVoter = new RoleVoter(); roleVoter.setRolePrefix("FOOBAR_"); - DenyVoter denyForSureVoter = new DenyVoter(); DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter(); List> voters = new Vector<>(); @@ -73,9 +72,7 @@ public class UnanimousBasedTests { public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList(new String[] { "ROLE_1", "DENY_FOR_SURE" }); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -88,9 +85,7 @@ public class UnanimousBasedTests { public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList("ROLE_2"); - mgr.decide(auth, new Object(), config); } @@ -98,9 +93,7 @@ public class UnanimousBasedTests { public void testOneDenyVoteTwoAbstainVotesDeniesAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -113,9 +106,7 @@ public class UnanimousBasedTests { public void testRoleVoterPrefixObserved() { TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix(); UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix(); - List config = SecurityConfig.createList(new String[] { "FOOBAR_1", "FOOBAR_2" }); - mgr.decide(auth, new Object(), config); } @@ -123,11 +114,8 @@ public class UnanimousBasedTests { public void testThreeAbstainVotesDeniesAccessWithDefault() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default - List config = SecurityConfig.createList("IGNORED_BY_ALL"); - try { mgr.decide(auth, new Object(), config); fail("Should have thrown AccessDeniedException"); @@ -142,9 +130,7 @@ public class UnanimousBasedTests { UnanimousBased mgr = makeDecisionManager(); mgr.setAllowIfAllAbstainDecisions(true); assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed - List config = SecurityConfig.createList("IGNORED_BY_ALL"); - mgr.decide(auth, new Object(), config); } @@ -152,9 +138,7 @@ public class UnanimousBasedTests { public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() { TestingAuthenticationToken auth = makeTestToken(); UnanimousBased mgr = makeDecisionManager(); - List config = SecurityConfig.createList(new String[] { "ROLE_1", "ROLE_2" }); - mgr.decide(auth, new Object(), config); } diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java index fa7219294a..90c0f82f4a 100644 --- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java @@ -51,7 +51,6 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities); List gotAuthorities = (List) token.getAuthorities(); assertThat(gotAuthorities).isNotSameAs(this.authorities); - gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER")); } @@ -70,9 +69,7 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES); assertThat(token2.hashCode()).isEqualTo(token1.hashCode()); assertThat(token1.hashCode() != token3.hashCode()).isTrue(); - token2.setAuthenticated(true); - assertThat(token1.hashCode() != token2.hashCode()).isTrue(); } @@ -81,25 +78,19 @@ public class AbstractAuthenticationTokenTests { MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", this.authorities); MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", this.authorities); assertThat(token2).isEqualTo(token1); - MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", this.authorities); assertThat(!token1.equals(token3)).isTrue(); - MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", this.authorities); assertThat(!token1.equals(token4)).isTrue(); - MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO_CHANGED")); assertThat(!token1.equals(token5)).isTrue(); - MockAuthenticationImpl token6 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE")); assertThat(!token1.equals(token6)).isTrue(); - MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password", null); assertThat(!token1.equals(token7)).isTrue(); assertThat(!token7.equals(token1)).isTrue(); - assertThat(!token1.equals(100)).isTrue(); } @@ -126,10 +117,8 @@ public class AbstractAuthenticationTokenTests { @Test public void testGetNameWhenPrincipalIsAuthenticatedPrincipal() { String principalName = "test"; - AuthenticatedPrincipal principal = mock(AuthenticatedPrincipal.class); given(principal.getName()).willReturn(principalName); - MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", this.authorities); assertThat(token.getName()).isEqualTo(principalName); verify(principal, times(1)).getName(); diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java index 63010817d8..fa476f0738 100644 --- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java @@ -55,11 +55,9 @@ public class AuthenticationTrustResolverImplTests { @Test public void testGettersSetters() { AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl(); - assertThat(AnonymousAuthenticationToken.class).isEqualTo(trustResolver.getAnonymousClass()); trustResolver.setAnonymousClass(TestingAuthenticationToken.class); assertThat(trustResolver.getAnonymousClass()).isEqualTo(TestingAuthenticationToken.class); - assertThat(RememberMeAuthenticationToken.class).isEqualTo(trustResolver.getRememberMeClass()); trustResolver.setRememberMeClass(TestingAuthenticationToken.class); assertThat(trustResolver.getRememberMeClass()).isEqualTo(TestingAuthenticationToken.class); diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java index 111e33cb3b..6a7ac10f3e 100644 --- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java @@ -57,7 +57,6 @@ public class DefaultAuthenticationEventPublisherTests { ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); this.publisher.setApplicationEventPublisher(appPublisher); Authentication a = mock(Authentication.class); - Exception cause = new Exception(); Object extraInfo = new Object(); this.publisher.publishAuthenticationFailure(new BadCredentialsException(""), a); @@ -94,7 +93,6 @@ public class DefaultAuthenticationEventPublisherTests { this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationSuccess(mock(Authentication.class)); verify(appPublisher).publishEvent(isA(AuthenticationSuccessEvent.class)); - this.publisher.setApplicationEventPublisher(null); // Should be ignored with null app publisher this.publisher.publishAuthenticationSuccess(mock(Authentication.class)); @@ -107,7 +105,6 @@ public class DefaultAuthenticationEventPublisherTests { p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName()); this.publisher.setAdditionalExceptionMappings(p); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class)); @@ -129,7 +126,6 @@ public class DefaultAuthenticationEventPublisherTests { p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName()); this.publisher.setAdditionalExceptionMappings(p); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new AuthenticationException("") { }, mock(Authentication.class)); @@ -166,7 +162,6 @@ public class DefaultAuthenticationEventPublisherTests { mappings.put(MockAuthenticationException.class, AuthenticationFailureDisabledEvent.class); this.publisher.setAdditionalExceptionMappings(mappings); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class)); @@ -184,7 +179,6 @@ public class DefaultAuthenticationEventPublisherTests { this.publisher = new DefaultAuthenticationEventPublisher(); this.publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureBadCredentialsEvent.class); ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class); - this.publisher.setApplicationEventPublisher(appPublisher); this.publisher.publishAuthenticationFailure(new AuthenticationException("") { }, mock(Authentication.class)); diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java index 23394aef94..71e73e044c 100644 --- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java @@ -51,10 +51,8 @@ public class DelegatingReactiveAuthenticationManagerTests { public void authenticateWhenEmptyAndNotThenReturnsNotEmpty() { given(this.delegate1.authenticate(any())).willReturn(Mono.empty()); given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication)); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication); } @@ -64,20 +62,16 @@ public class DelegatingReactiveAuthenticationManagerTests { // flatMap) given(this.delegate1.authenticate(any())) .willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100))); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete(); } @Test public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() { given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test"))); - DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - StepVerifier.create(manager.authenticate(this.authentication)).expectError(BadCredentialsException.class) .verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java index 711ffccfac..b75f9dcf8c 100644 --- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java @@ -69,7 +69,6 @@ public class ProviderManagerTests { ProviderManager mgr = makeProviderManager(); Authentication result = mgr.authenticate(token); assertThat(result.getCredentials()).isNull(); - mgr.setEraseCredentialsAfterAuthentication(false); token = new UsernamePasswordAuthenticationToken("Test", "Password"); result = mgr.authenticate(token); @@ -82,7 +81,6 @@ public class ProviderManagerTests { ProviderManager mgr = new ProviderManager(createProviderWhichReturns(a)); AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); mgr.setAuthenticationEventPublisher(publisher); - Authentication result = mgr.authenticate(a); assertThat(result).isEqualTo(a); verify(publisher).publishAuthenticationSuccess(result); @@ -95,7 +93,6 @@ public class ProviderManagerTests { Arrays.asList(createProviderWhichReturns(null), createProviderWhichReturns(a))); AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); mgr.setAuthenticationEventPublisher(publisher); - Authentication result = mgr.authenticate(a); assertThat(result).isSameAs(a); verify(publisher).publishAuthenticationSuccess(result); @@ -130,7 +127,6 @@ public class ProviderManagerTests { public void detailsAreNotSetOnAuthenticationTokenIfAlreadySetByProvider() { Object requestDetails = "(Request Details)"; final Object resultDetails = "(Result Details)"; - // A provider which sets the details object AuthenticationProvider provider = new AuthenticationProvider() { @Override @@ -144,12 +140,9 @@ public class ProviderManagerTests { return true; } }; - ProviderManager authMgr = new ProviderManager(provider); - TestingAuthenticationToken request = createAuthenticationToken(); request.setDetails(requestDetails); - Authentication result = authMgr.authenticate(request); assertThat(result.getDetails()).isEqualTo(resultDetails); } @@ -158,10 +151,8 @@ public class ProviderManagerTests { public void detailsAreSetOnAuthenticationTokenIfNotAlreadySetByProvider() { Object details = new Object(); ProviderManager authMgr = makeProviderManager(); - TestingAuthenticationToken request = createAuthenticationToken(); request.setDetails(details); - Authentication result = authMgr.authenticate(request); assertThat(result.getCredentials()).isNotNull(); assertThat(result.getDetails()).isSameAs(details); @@ -178,7 +169,6 @@ public class ProviderManagerTests { @Test public void authenticationExceptionIsRethrownIfNoLaterProviderAuthenticates() { - ProviderManager mgr = new ProviderManager(Arrays .asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null))); try { @@ -195,9 +185,7 @@ public class ProviderManagerTests { AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException("") { }); AuthenticationProvider otherProvider = mock(AuthenticationProvider.class); - ProviderManager authMgr = new ProviderManager(Arrays.asList(iThrowAccountStatusException, otherProvider)); - try { authMgr.authenticate(mock(Authentication.class)); fail("Expected AccountStatusException"); @@ -239,13 +227,11 @@ public class ProviderManagerTests { AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); AuthenticationManager parent = mock(AuthenticationManager.class); given(parent.authenticate(authReq)).willThrow(new ProviderNotFoundException("")); - // Set a provider that throws an exception - this is the exception we expect to be // propagated ProviderManager mgr = new ProviderManager( Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent); mgr.setAuthenticationEventPublisher(publisher); - try { mgr.authenticate(authReq); fail("Expected exception"); @@ -302,7 +288,6 @@ public class ProviderManagerTests { ProviderManager mgr = new ProviderManager(Arrays.asList(createProviderWhichThrows(expected), createProviderWhichThrows(new BadCredentialsException("Oops"))), null); final Authentication authReq = mock(Authentication.class); - try { mgr.authenticate(authReq); fail("Expected Exception"); @@ -318,13 +303,10 @@ public class ProviderManagerTests { ProviderManager parentMgr = new ProviderManager(createProviderWhichThrows(badCredentialsExParent)); ProviderManager childMgr = new ProviderManager(Collections.singletonList( createProviderWhichThrows(new BadCredentialsException("Bad Credentials in child"))), parentMgr); - AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class); parentMgr.setAuthenticationEventPublisher(publisher); childMgr.setAuthenticationEventPublisher(publisher); - final Authentication authReq = mock(Authentication.class); - try { childMgr.authenticate(authReq); fail("Expected exception"); @@ -341,7 +323,6 @@ public class ProviderManagerTests { AuthenticationProvider provider = mock(AuthenticationProvider.class); given(provider.supports(any(Class.class))).willReturn(true); given(provider.authenticate(any(Authentication.class))).willThrow(ex); - return provider; } @@ -349,7 +330,6 @@ public class ProviderManagerTests { AuthenticationProvider provider = mock(AuthenticationProvider.class); given(provider.supports(any(Class.class))).willReturn(true); given(provider.authenticate(any(Authentication.class))).willReturn(a); - return provider; } diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java index 99cb38c3d3..7a4bbb3740 100644 --- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java @@ -64,27 +64,21 @@ public class ReactiveAuthenticationManagerAdapterTests { public void authenticateWhenSuccessThenSuccess() { given(this.delegate.authenticate(any())).willReturn(this.authentication); given(this.authentication.isAuthenticated()).willReturn(true); - Authentication result = this.manager.authenticate(this.authentication).block(); - assertThat(result).isEqualTo(this.authentication); } @Test public void authenticateWhenReturnNotAuthenticatedThenError() { given(this.delegate.authenticate(any())).willReturn(this.authentication); - Authentication result = this.manager.authenticate(this.authentication).block(); - assertThat(result).isNull(); } @Test public void authenticateWhenBadCredentialsThenError() { given(this.delegate.authenticate(any())).willThrow(new BadCredentialsException("Failed")); - Mono result = this.manager.authenticate(this.authentication); - StepVerifier.create(result).expectError(BadCredentialsException.class).verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java index d6fd522756..1887df9bb3 100644 --- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java @@ -71,11 +71,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { @Test public void authenticateWhenUserNotFoundThenBadCredentials() { given(this.repository.findByUsername(this.username)).willReturn(Mono.empty()); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } @@ -88,11 +86,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { .build(); // @formatter:on given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password + "INVALID"); Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } @@ -105,11 +101,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { .build(); // @formatter:on given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isEqualTo(authentication); } @@ -119,11 +113,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { given(this.passwordEncoder.matches(any(), any())).willReturn(true); User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")); given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isEqualTo(authentication); } @@ -133,12 +125,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { given(this.passwordEncoder.matches(any(), any())).willReturn(false); User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")); given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username, this.password); - Mono authentication = this.manager.authenticate(token); - StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify(); } diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java index ec2a84e921..1435300fc8 100644 --- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java @@ -35,9 +35,7 @@ public class TestingAuthenticationProviderTests { TestingAuthenticationProvider provider = new TestingAuthenticationProvider(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_ONE", "ROLE_TWO"); Authentication result = provider.authenticate(token); - assertThat(result instanceof TestingAuthenticationToken).isTrue(); - TestingAuthenticationToken castResult = (TestingAuthenticationToken) result; assertThat(castResult.getPrincipal()).isEqualTo("Test"); assertThat(castResult.getCredentials()).isEqualTo("Password"); diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java index 35ec2095b7..8b7c6f4617 100644 --- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java @@ -32,7 +32,6 @@ public class TestingAuthenticationTokenTests { @Test public void constructorWhenNoAuthoritiesThenUnauthenticated() { TestingAuthenticationToken unauthenticated = new TestingAuthenticationToken("principal", "credentials"); - assertThat(unauthenticated.isAuthenticated()).isFalse(); } @@ -40,7 +39,6 @@ public class TestingAuthenticationTokenTests { public void constructorWhenArityAuthoritiesThenAuthenticated() { TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials", "authority"); - assertThat(authenticated.isAuthenticated()).isTrue(); } @@ -48,7 +46,6 @@ public class TestingAuthenticationTokenTests { public void constructorWhenCollectionAuthoritiesThenAuthenticated() { TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials", Arrays.asList(new SimpleGrantedAuthority("authority"))); - assertThat(authenticated.isAuthenticated()).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java index 1718a05da4..8c6362b14e 100644 --- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java @@ -72,7 +72,6 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .roles("USER") .build(); // @formatter:on - private UserDetailsRepositoryReactiveAuthenticationManager manager; @Before @@ -97,9 +96,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verify(this.scheduler).schedule(any()); } @@ -115,9 +112,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verify(this.encoder).encode(this.user.getPassword()); verify(this.userDetailsPasswordService).updatePassword(eq(this.user), eq(encodedPassword)); } @@ -130,9 +125,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(BadCredentialsException.class); - verifyZeroInteractions(this.userDetailsPasswordService); } @@ -145,9 +138,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - Authentication result = this.manager.authenticate(token).block(); - verifyZeroInteractions(this.userDetailsPasswordService); } @@ -158,11 +149,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { given(this.encoder.matches(any(), any())).willReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); - assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager .authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block()) .withMessage("account is locked"); - verify(this.postAuthenticationChecks).check(eq(this.user)); } @@ -171,12 +160,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user)); given(this.encoder.matches(any(), any())).willReturn(true); this.manager.setPasswordEncoder(this.encoder); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword()); - this.manager.authenticate(token).block(); - verifyZeroInteractions(this.postAuthenticationChecks); } @@ -191,10 +177,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(expiredUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser, expiredUser.getPassword()); - this.manager.authenticate(token).block(); } @@ -209,17 +193,14 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(lockedUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser, lockedUser.getPassword()); - this.manager.authenticate(token).block(); } @Test(expected = DisabledException.class) public void authenticateWhenAccountDisabledThenException() { this.manager.setPasswordEncoder(this.encoder); - // @formatter:off UserDetails disabledUser = User.withUsername("user") .password("password") @@ -228,10 +209,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { .build(); // @formatter:on given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(disabledUser)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser, disabledUser.getPassword()); - this.manager.authenticate(token).block(); } diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java index 7ea4eaab20..61cd51ecef 100644 --- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java @@ -34,26 +34,20 @@ public class UsernamePasswordAuthenticationTokenTests { public void authenticatedPropertyContractIsSatisfied() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.NO_AUTHORITIES); - // check default given we passed some GrantedAuthorty[]s (well, we passed empty // list) assertThat(token.isAuthenticated()).isTrue(); - // check explicit set to untrusted (we can safely go from trusted to untrusted, // but not the reverse) token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); - // Now let's create a UsernamePasswordAuthenticationToken without any // GrantedAuthorty[]s (different constructor) token = new UsernamePasswordAuthenticationToken("Test", "Password"); - assertThat(!token.isAuthenticated()).isTrue(); - // check we're allowed to still set it to untrusted token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); - // check denied changing it to trusted try { token.setAuthenticated(true); diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java index 81745b88c2..808cb36347 100644 --- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java @@ -38,10 +38,8 @@ public class AnonymousAuthenticationProviderTests { @Test public void testDetectsAnInvalidKey() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("WRONG_KEY", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - try { aap.authenticate(token); fail("Should have thrown BadCredentialsException"); @@ -57,7 +55,6 @@ public class AnonymousAuthenticationProviderTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -70,10 +67,8 @@ public class AnonymousAuthenticationProviderTests { @Test public void testIgnoresClassesItDoesNotSupport() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(aap.authenticate(token)).isNull(); } @@ -81,12 +76,9 @@ public class AnonymousAuthenticationProviderTests { @Test public void testNormalOperation() { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty"); - AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - Authentication result = aap.authenticate(token); - assertThat(token).isEqualTo(result); } diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java index 05fd37fb78..298a43e633 100644 --- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java @@ -46,21 +46,18 @@ public class AnonymousAuthenticationTokenTests { } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", null, ROLES_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", "Test", null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES); fail("Should have thrown IllegalArgumentException"); @@ -73,14 +70,12 @@ public class AnonymousAuthenticationTokenTests { public void testEqualsWhenEqual() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - assertThat(token2).isEqualTo(token1); } @Test public void testGetters() { AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - assertThat(token.getKeyHash()).isEqualTo("key".hashCode()); assertThat(token.getPrincipal()).isEqualTo("Test"); assertThat(token.getCredentials()).isEqualTo(""); @@ -91,7 +86,6 @@ public class AnonymousAuthenticationTokenTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = AnonymousAuthenticationToken.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); @@ -104,7 +98,6 @@ public class AnonymousAuthenticationTokenTests { public void testNotEqualsDueToAbstractParentEqualsCheck() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -113,16 +106,13 @@ public class AnonymousAuthenticationTokenTests { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @Test public void testNotEqualsDueToKey() { AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12); - AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index ca50e2d215..8429503319 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -74,17 +74,14 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticateFailsForIncorrectPasswordCase() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "KOala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @@ -94,105 +91,86 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null); try { provider.authenticate(authenticationToken); fail("Expected BadCredenialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsIfAccountExpired() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountExpired()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown AccountExpiredException"); } catch (AccountExpiredException expected) { - } } @Test public void testAuthenticateFailsIfAccountLocked() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountLocked()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown LockedException"); } catch (LockedException expected) { - } } @Test public void testAuthenticateFailsIfCredentialsExpired() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeterCredentialsExpired()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown CredentialsExpiredException"); } catch (CredentialsExpiredException expected) { - } - // Check that wrong password causes BadCredentialsException, rather than // CredentialsExpiredException token = new UsernamePasswordAuthenticationToken("peter", "wrong_password"); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsIfUserDisabled() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserPeter()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown DisabledException"); } catch (DisabledException expected) { - } } @Test public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown InternalAuthenticationServiceException"); @@ -204,116 +182,95 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticateFailsWithEmptyUsername() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidPassword() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "INVALID_PASSWORD"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionFalse() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setHideUserNotFoundExceptions(false); // we want // UsernameNotFoundExceptions provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionsWithDefaultOfTrue() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); assertThat(provider.isHideUserNotFoundExceptions()).isTrue(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithInvalidUsernameAndChangePasswordEncoder() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - DaoAuthenticationProvider provider = createProvider(); assertThat(provider.isHideUserNotFoundExceptions()).isTrue(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } - provider.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @Test public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("RoD", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - try { provider.authenticate(token); fail("Should have thrown BadCredentialsException"); } catch (BadCredentialsException expected) { - } } @@ -321,17 +278,13 @@ public class DaoAuthenticationProviderTests { public void testAuthenticates() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); token.setDetails("192.168.0.1"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertThat(castResult.getPrincipal().getClass()).isEqualTo(User.class); assertThat(castResult.getCredentials()).isEqualTo("koala"); @@ -342,42 +295,32 @@ public class DaoAuthenticationProviderTests { @Test public void testAuthenticatesASecondTime() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - // Now try to authenticate with the previous result (with its UserDetails) Authentication result2 = provider.authenticate(result); - if (!(result2 instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - assertThat(result2.getCredentials()).isEqualTo(result.getCredentials()); } @Test public void testAuthenticatesWithForcePrincipalAsString() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); provider.setForcePrincipalAsString(true); - Authentication result = provider.authenticate(token); - if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertThat(castResult.getPrincipal().getClass()).isEqualTo(String.class); assertThat(castResult.getPrincipal()).isEqualTo("rod"); @@ -388,7 +331,6 @@ public class DaoAuthenticationProviderTests { String password = "password"; String encodedPassword = "encoded"; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", password); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -396,16 +338,13 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(true); given(encoder.upgradeEncoding(any())).willReturn(true); given(encoder.encode(any())).willReturn(encodedPassword); given(userDetailsService.loadUserByUsername(any())).willReturn(user); given(passwordManager.updatePassword(any(), any())).willReturn(user); - Authentication result = provider.authenticate(token); - verify(encoder).encode(password); verify(passwordManager).updatePassword(eq(user), eq(encodedPassword)); } @@ -413,7 +352,6 @@ public class DaoAuthenticationProviderTests { @Test public void authenticateWhenBadCredentialsAndPasswordManagerThenNoUpdate() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -421,20 +359,16 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(false); given(userDetailsService.loadUserByUsername(any())).willReturn(user); - assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class); - verifyZeroInteractions(passwordManager); } @Test public void authenticateWhenNotUpgradeAndPasswordManagerThenNoUpdate() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); @@ -442,24 +376,19 @@ public class DaoAuthenticationProviderTests { provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); - UserDetails user = PasswordEncodedUser.user(); given(encoder.matches(any(), any())).willReturn(true); given(encoder.upgradeEncoding(any())).willReturn(false); given(userDetailsService.loadUserByUsername(any())).willReturn(user); - Authentication result = provider.authenticate(token); - verifyZeroInteractions(passwordManager); } @Test public void testDetectsNullBeingReturnedFromAuthenticationDao() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull()); - try { provider.authenticate(token); fail("Should have thrown AuthenticationServiceException"); @@ -475,10 +404,8 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setPasswordEncoder(new BCryptPasswordEncoder()); assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(BCryptPasswordEncoder.class); - provider.setUserCache(new EhCacheBasedUserCache()); assertThat(provider.getUserCache().getClass()).isEqualTo(EhCacheBasedUserCache.class); - assertThat(provider.isForcePrincipalAsString()).isFalse(); provider.setForcePrincipalAsString(true); assertThat(provider.isForcePrincipalAsString()).isTrue(); @@ -487,26 +414,20 @@ public class DaoAuthenticationProviderTests { @Test public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - MockUserDetailsServiceUserRod authenticationDao = new MockUserDetailsServiceUserRod(); MockUserCache cache = new MockUserCache(); DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(authenticationDao); provider.setUserCache(cache); - // This will work, as password still "koala" provider.authenticate(token); - // Check "rod = koala" ended up in the cache assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("koala"); - // Now change the password the AuthenticationDao will return authenticationDao.setPassword("easternLongNeckTurtle"); - // Now try authentication again, with the new password token = new UsernamePasswordAuthenticationToken("rod", "easternLongNeckTurtle"); provider.authenticate(token); - // To get this far, the new password was accepted // Check the cache was updated assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("easternLongNeckTurtle"); @@ -515,13 +436,11 @@ public class DaoAuthenticationProviderTests { @Test public void testStartupFailsIfNoAuthenticationDao() throws Exception { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -531,13 +450,11 @@ public class DaoAuthenticationProviderTests { provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); assertThat(provider.getUserCache().getClass()).isEqualTo(NullUserCache.class); provider.setUserCache(null); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -549,7 +466,6 @@ public class DaoAuthenticationProviderTests { provider.setUserCache(new MockUserCache()); assertThat(provider.getUserDetailsService()).isEqualTo(userDetailsService); provider.afterPropertiesSet(); - } @Test @@ -576,7 +492,6 @@ public class DaoAuthenticationProviderTests { } catch (UsernameNotFoundException success) { } - // ensure encoder invoked w/ non-null strings since PasswordEncoder impls may fail // if encoded password is null verify(encoder).matches(isA(String.class), isA(String.class)); @@ -629,16 +544,13 @@ public class DaoAuthenticationProviderTests { MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod(); userDetailsService.password = encoder.encode((CharSequence) foundUser.getCredentials()); provider.setUserDetailsService(userDetailsService); - int sampleSize = 100; - List userFoundTimes = new ArrayList<>(sampleSize); for (int i = 0; i < sampleSize; i++) { long start = System.currentTimeMillis(); provider.authenticate(foundUser); userFoundTimes.add(System.currentTimeMillis() - start); } - List userNotFoundTimes = new ArrayList<>(sampleSize); for (int i = 0; i < sampleSize; i++) { long start = System.currentTimeMillis(); @@ -650,7 +562,6 @@ public class DaoAuthenticationProviderTests { } userNotFoundTimes.add(System.currentTimeMillis() - start); } - double userFoundAvg = avg(userFoundTimes); double userNotFoundAvg = avg(userNotFoundTimes); assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage("User not found average " @@ -679,7 +590,6 @@ public class DaoAuthenticationProviderTests { } catch (UsernameNotFoundException success) { } - verify(encoder, times(0)).matches(anyString(), anyString()); } diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java index 1f5bf770ff..d843593f5c 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java @@ -37,7 +37,6 @@ public class AuthenticationEventTests { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); - return authentication; } @@ -60,13 +59,11 @@ public class AuthenticationEventTests { @Test public void testRejectsNullAuthentication() { AuthenticationException exception = new DisabledException("TEST"); - try { new AuthenticationFailureDisabledEvent(null, exception); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -77,7 +74,6 @@ public class AuthenticationEventTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java index e75590f5c4..4d788d4377 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java @@ -33,7 +33,6 @@ public class LoggerListenerTests { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); - return authentication; } @@ -43,7 +42,6 @@ public class LoggerListenerTests { new LockedException("TEST")); LoggerListener listener = new LoggerListener(); listener.onApplicationEvent(event); - } } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java index ce23ea8c54..e075c6184d 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java @@ -80,7 +80,6 @@ public class DefaultJaasAuthenticationProviderTests { given(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).willReturn(aces); this.token = new UsernamePasswordAuthenticationToken("user", "password"); ReflectionTestUtils.setField(this.provider, "log", this.log); - } @Test(expected = IllegalArgumentException.class) @@ -119,7 +118,6 @@ public class DefaultJaasAuthenticationProviderTests { } catch (AuthenticationException success) { } - verifyFailedLogin(); } @@ -131,7 +129,6 @@ public class DefaultJaasAuthenticationProviderTests { } catch (AuthenticationException success) { } - verifyFailedLogin(); } @@ -141,13 +138,10 @@ public class DefaultJaasAuthenticationProviderTests { SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); given(token.getLoginContext()).willReturn(context); - this.provider.onApplicationEvent(event); - verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); @@ -158,9 +152,7 @@ public class DefaultJaasAuthenticationProviderTests { @Test public void logoutNullSession() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(this.log).debug(anyString()); verifyNoMoreInteractions(event); @@ -170,11 +162,8 @@ public class DefaultJaasAuthenticationProviderTests { public void logoutNullAuthentication() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); @@ -185,12 +174,9 @@ public class DefaultJaasAuthenticationProviderTests { public void logoutNonJaasAuthentication() { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(this.token); - this.provider.handleLogout(event); - verify(event).getSecurityContexts(); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); @@ -202,15 +188,12 @@ public class DefaultJaasAuthenticationProviderTests { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); - this.provider.onApplicationEvent(event); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); - verifyNoMoreInteractions(event, securityContext, token); } @@ -221,14 +204,11 @@ public class DefaultJaasAuthenticationProviderTests { JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); LoginException loginException = new LoginException("Failed Login"); - given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext)); given(securityContext.getAuthentication()).willReturn(token); given(token.getLoginContext()).willReturn(context); willThrow(loginException).given(context).logout(); - this.provider.onApplicationEvent(event); - verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); @@ -241,7 +221,6 @@ public class DefaultJaasAuthenticationProviderTests { public void publishNullPublisher() { this.provider.setApplicationEventPublisher(null); AuthenticationException ae = new BadCredentialsException("Failed to login"); - this.provider.publishFailureEvent(this.token, ae); this.provider.publishSuccessEvent(this.token); } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java index f474ce4c40..6f59331bbf 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java @@ -79,7 +79,6 @@ public class JaasAuthenticationProviderTests { } catch (AuthenticationException ex) { } - assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") .isNotNull(); @@ -94,7 +93,6 @@ public class JaasAuthenticationProviderTests { } catch (AuthenticationException ex) { } - assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") .isNotNull(); @@ -105,9 +103,7 @@ public class JaasAuthenticationProviderTests { public void testConfigurationLoop() throws Exception { String resName = "/" + getClass().getName().replace('.', '/') + ".conf"; URL url = getClass().getResource(resName); - Security.setProperty("login.config.url.1", url.toString()); - setUp(); testFull(); } @@ -119,7 +115,6 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName()); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown ApplicationContextException"); @@ -136,7 +131,6 @@ public class JaasAuthenticationProviderTests { // Create temp directory with a space in the name File configDir = new File(System.getProperty("java.io.tmpdir") + File.separator + "jaas test"); configDir.deleteOnExit(); - if (configDir.exists()) { configDir.delete(); } @@ -149,14 +143,12 @@ public class JaasAuthenticationProviderTests { "JAASTestBlah {" + "org.springframework.security.authentication.jaas.TestLoginModule required;" + "};"); pw.flush(); pw.close(); - JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider(); myJaasProvider.setApplicationEventPublisher(this.context); myJaasProvider.setLoginConfig(new FileSystemResource(configFile)); myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName()); - myJaasProvider.afterPropertiesSet(); } @@ -168,7 +160,6 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginConfig(this.jaasProvider.getLoginConfig()); myJaasProvider.setLoginContextName(null); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -176,9 +167,7 @@ public class JaasAuthenticationProviderTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).startsWith("loginContextName must be set on"); } - myJaasProvider.setLoginContextName(""); - try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -192,25 +181,19 @@ public class JaasAuthenticationProviderTests { public void testFull() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE")); - assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); - Authentication auth = this.jaasProvider.authenticate(token); - assertThat(this.jaasProvider.getAuthorityGranters()).isNotNull(); assertThat(this.jaasProvider.getCallbackHandlers()).isNotNull(); assertThat(this.jaasProvider.getLoginConfig()).isNotNull(); assertThat(this.jaasProvider.getLoginContextName()).isNotNull(); - Collection list = auth.getAuthorities(); Set set = AuthorityUtils.authorityListToSet(list); - assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE") .isFalse(); assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue(); assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue(); boolean foundit = false; - for (GrantedAuthority a : list) { if (a instanceof JaasGrantedAuthority) { JaasGrantedAuthority grant = (JaasGrantedAuthority) a; @@ -219,9 +202,7 @@ public class JaasAuthenticationProviderTests { foundit = true; } } - assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue(); - assertThat(this.eventCheck.successEvent).as("Success event should be fired").isNotNull(); assertThat(this.eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal") .isEqualTo(auth); @@ -237,7 +218,6 @@ public class JaasAuthenticationProviderTests { public void testLoginExceptionResolver() { assertThat(this.jaasProvider.getLoginExceptionResolver()).isNotNull(); this.jaasProvider.setLoginExceptionResolver((e) -> new LockedException("This is just a test!")); - try { this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -251,26 +231,19 @@ public class JaasAuthenticationProviderTests { @Test public void testLogout() throws Exception { MockLoginContext loginContext = new MockLoginContext(this.jaasProvider.getLoginContextName()); - JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext); - SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(token); - SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); given(event.getSecurityContexts()).willReturn(Arrays.asList(context)); - this.jaasProvider.handleLogout(event); - assertThat(loginContext.loggedOut).isTrue(); } @Test public void testNullDefaultAuthorities() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); - assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); - Authentication auth = this.jaasProvider.authenticate(token); assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned") .hasSize(2); diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java index 565ea98356..7efedeecb6 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java @@ -35,7 +35,6 @@ public class JaasEventCheck implements ApplicationListener options = new HashMap<>(); options.put("ignoreMissingAuthentication", "true"); - this.module.initialize(this.subject, null, null, options); SecurityContextHolder.getContext().setAuthentication(null); assertThat(this.module.login()).as("Should return false and ask to be ignored").isFalse(); diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java index fbab33f747..2a557097a3 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java @@ -28,12 +28,10 @@ public class TestAuthorityGranter implements AuthorityGranter { @Override public Set grant(Principal principal) { Set rtnSet = new HashSet<>(); - if (principal.getName().equals("TEST_PRINCIPAL")) { rtnSet.add("ROLE_TEST1"); rtnSet.add("ROLE_TEST2"); } - return rtnSet; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java index ab0d94fe90..b00267effc 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java @@ -52,14 +52,11 @@ public class TestLoginModule implements LoginModule { @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; - try { TextInputCallback textCallback = new TextInputCallback("prompt"); NameCallback nameCallback = new NameCallback("prompt"); PasswordCallback passwordCallback = new PasswordCallback("prompt", false); - callbackHandler.handle(new Callback[] { textCallback, nameCallback, passwordCallback }); - this.password = new String(passwordCallback.getPassword()); this.user = nameCallback.getName(); } @@ -73,15 +70,11 @@ public class TestLoginModule implements LoginModule { if (!this.user.equals("user")) { throw new LoginException("Bad User"); } - if (!this.password.equals("password")) { throw new LoginException("Bad Password"); } - this.subject.getPrincipals().add(() -> "TEST_PRINCIPAL"); - this.subject.getPrincipals().add(() -> "NULL_PRINCIPAL"); - return true; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java index 58bb0120f5..c1f4f8be7f 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java @@ -45,7 +45,6 @@ public class InMemoryConfigurationTests { public void setUp() { this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.emptyMap()) }; - this.mappedEntries = Collections.singletonMap("name", new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL, Collections.emptyMap()) }); diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java index 3602d38288..a52f73ace0 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java @@ -41,24 +41,20 @@ public class RemoteAuthenticationManagerImplTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); manager.setAuthenticationManager(am); - manager.attemptAuthentication("rod", "password"); } @Test public void testStartupChecksAuthenticationManagerSet() throws Exception { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); - try { manager.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - manager.setAuthenticationManager(mock(AuthenticationManager.class)); manager.afterPropertiesSet(); - } @Test @@ -67,7 +63,6 @@ public class RemoteAuthenticationManagerImplTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willReturn(new TestingAuthenticationToken("u", "p", "A")); manager.setAuthenticationManager(am); - manager.attemptAuthentication("rod", "password"); } diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java index ed48fbfe87..42b37a73c8 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java @@ -39,13 +39,11 @@ public class RemoteAuthenticationProviderTests { public void testExceptionsGetPassedBackToCaller() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false)); - try { provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); fail("Should have thrown RemoteAuthenticationException"); } catch (RemoteAuthenticationException expected) { - } } @@ -59,25 +57,20 @@ public class RemoteAuthenticationProviderTests { @Test public void testStartupChecksAuthenticationManagerSet() throws Exception { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true)); provider.afterPropertiesSet(); - } @Test public void testSuccessfulAuthenticationCreatesObject() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true)); - Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); assertThat(result.getPrincipal()).isEqualTo("rod"); assertThat(result.getCredentials()).isEqualTo("password"); @@ -88,14 +81,12 @@ public class RemoteAuthenticationProviderTests { public void testNullCredentialsDoesNotCauseNullPointerException() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false)); - try { provider.authenticate(new UsernamePasswordAuthenticationToken("rod", null)); fail("Expected Exception"); } catch (RemoteAuthenticationException success) { } - } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java index 3673f6b05e..169e9802cd 100644 --- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java @@ -38,10 +38,8 @@ public class RememberMeAuthenticationProviderTests { @Test public void testDetectsAnInvalidKey() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("WRONG_KEY", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - try { aap.authenticate(token); fail("Should have thrown BadCredentialsException"); @@ -57,7 +55,6 @@ public class RememberMeAuthenticationProviderTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -71,10 +68,8 @@ public class RememberMeAuthenticationProviderTests { @Test public void testIgnoresClassesItDoesNotSupport() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse(); - // Try it anyway assertThat(aap.authenticate(token)).isNull(); } @@ -82,12 +77,9 @@ public class RememberMeAuthenticationProviderTests { @Test public void testNormalOperation() { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty"); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - Authentication result = aap.authenticate(token); - assertThat(token).isEqualTo(result); } diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java index 492566f564..6bdf73bd5d 100644 --- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java @@ -45,17 +45,13 @@ public class RememberMeAuthenticationTokenTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { new RememberMeAuthenticationToken("key", null, ROLES_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { List authsContainingNull = new ArrayList<>(); authsContainingNull.add(null); @@ -63,7 +59,6 @@ public class RememberMeAuthenticationTokenTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -71,14 +66,12 @@ public class RememberMeAuthenticationTokenTests { public void testEqualsWhenEqual() { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); - assertThat(token2).isEqualTo(token1); } @Test public void testGetters() { RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", "Test", ROLES_12); - assertThat(token.getKeyHash()).isEqualTo("key".hashCode()); assertThat(token.getPrincipal()).isEqualTo("Test"); assertThat(token.getCredentials()).isEqualTo(""); @@ -92,7 +85,6 @@ public class RememberMeAuthenticationTokenTests { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -101,7 +93,6 @@ public class RememberMeAuthenticationTokenTests { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } @@ -109,7 +100,6 @@ public class RememberMeAuthenticationTokenTests { public void testNotEqualsDueToKey() { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12); RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12); - assertThat(token1.equals(token2)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java index 788fb05eb1..b9a333abbb 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java @@ -46,39 +46,32 @@ public class AuthenticatedReactiveAuthorizationManagerTests { @Test public void checkWhenAuthenticatedThenReturnTrue() { given(this.authentication.isAuthenticated()).willReturn(true); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @Test public void checkWhenNotAuthenticatedThenReturnFalse() { boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenEmptyThenReturnFalse() { boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenAnonymousAuthenticatedThenReturnFalse() { AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class); - boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenErrorThenError() { Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); - StepVerifier.create(result).expectError().verify(); } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java index eeb5fe479d..096e983924 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java @@ -46,21 +46,18 @@ public class AuthorityReactiveAuthorizationManagerTests { @Test public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() { boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndEmptyThenReturnFalse() { boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndErrorThenError() { Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); - StepVerifier.create(result).expectError().verify(); } @@ -68,27 +65,21 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() { given(this.authentication.isAuthenticated()).willReturn(true); given(this.authentication.getAuthorities()).willReturn(Collections.emptyList()); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -96,9 +87,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasRoleAndAuthorizedThenReturnTrue() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -106,9 +95,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } @@ -117,9 +104,7 @@ public class AuthorityReactiveAuthorizationManagerTests { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isTrue(); } @@ -127,9 +112,7 @@ public class AuthorityReactiveAuthorizationManagerTests { public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); - assertThat(granted).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java index 265ab85f16..3c47bc6416 100644 --- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java +++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java @@ -66,7 +66,6 @@ public class DelegatingSecurityContextRunnableTests { assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext); return null; }).given(this.delegate).run(); - this.executor = Executors.newFixedThreadPool(1); } diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java index 7f087dfbab..86d242ad66 100644 --- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java +++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java @@ -51,7 +51,6 @@ public class DelegatingApplicationListenerTests { @Test public void processEventNull() { this.listener.onApplicationEvent(null); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } @@ -60,14 +59,12 @@ public class DelegatingApplicationListenerTests { given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true); given(this.delegate.supportsSourceType(this.event.getSource().getClass())).willReturn(true); this.listener.onApplicationEvent(this.event); - verify(this.delegate).onApplicationEvent(this.event); } @Test public void processEventEventTypeNotSupported() { this.listener.onApplicationEvent(this.event); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } @@ -75,7 +72,6 @@ public class DelegatingApplicationListenerTests { public void processEventSourceTypeNotSupported() { given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true); this.listener.onApplicationEvent(this.event); - verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class)); } diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java index 292c9d1680..33b297c385 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java @@ -63,20 +63,16 @@ public class SpringSecurityCoreVersionTests { public void springVersionIsUpToDate() { // Property is set by the build script String springVersion = System.getProperty("springVersion"); - assertThat(SpringSecurityCoreVersion.MIN_SPRING_VERSION).isEqualTo(springVersion); } @Test public void serialVersionMajorAndMinorVersionMatchBuildVersion() { String version = System.getProperty("springSecurityVersion"); - // Strip patch version String serialVersion = String.valueOf(SpringSecurityCoreVersion.SERIAL_VERSION_UID).substring(0, 2); - assertThat(serialVersion.charAt(0)).isEqualTo(version.charAt(0)); assertThat(serialVersion.charAt(1)).isEqualTo(version.charAt(2)); - } // SEC-2295 @@ -87,9 +83,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn(version).when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn(version).when(SpringVersion.class, "getVersion"); - performChecks(); - verifyZeroInteractions(this.logger); } @@ -99,9 +93,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("1").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn(null).when(SpringVersion.class, "getVersion"); - performChecks(); - verifyZeroInteractions(this.logger); } @@ -111,9 +103,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion"); - performChecks(); - verify(this.logger, times(1)).warn(any()); } @@ -123,9 +113,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("4.0.0.RELEASE").when(SpringVersion.class, "getVersion"); - performChecks(); - verify(this.logger, never()).warn(any()); } @@ -137,9 +125,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.spy(SpringVersion.class); PowerMockito.doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("3.2.10.RELEASE").when(SpringVersion.class, "getVersion"); - performChecks(minSpringVersion); - verify(this.logger, never()).warn(any()); } @@ -150,9 +136,7 @@ public class SpringSecurityCoreVersionTests { PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion"); PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion"); System.setProperty(getDisableChecksProperty(), Boolean.TRUE.toString()); - performChecks(); - verifyZeroInteractions(this.logger); } diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java index e9de5e9787..b795c3609b 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java @@ -42,12 +42,10 @@ public class SpringSecurityMessageSourceTests { // Change Locale to English Locale before = LocaleContextHolder.getLocale(); LocaleContextHolder.setLocale(Locale.FRENCH); - // Cause a message to be generated MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); assertThat("Le jeton nonce est compromis FOOBAR").isEqualTo(messages.getMessage( "DigestAuthenticationFilter.nonceCompromised", new Object[] { "FOOBAR" }, "ERROR - FAILED TO LOOKUP")); - // Revert to original Locale LocaleContextHolder.setLocale(before); } @@ -57,14 +55,11 @@ public class SpringSecurityMessageSourceTests { public void germanSystemLocaleWithEnglishLocaleContextHolder() { Locale beforeSystem = Locale.getDefault(); Locale.setDefault(Locale.GERMAN); - Locale beforeHolder = LocaleContextHolder.getLocale(); LocaleContextHolder.setLocale(Locale.US); - MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor(); assertThat("Access is denied") .isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops")); - // Revert to original Locale Locale.setDefault(beforeSystem); LocaleContextHolder.setLocale(beforeHolder); diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java index 5d3ff6a689..34af08348f 100644 --- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java @@ -34,9 +34,7 @@ public class AuthorityUtilsTests { public void commaSeparatedStringIsParsedCorrectly() { List authorityArray = AuthorityUtils .commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E "); - Set authorities = AuthorityUtils.authorityListToSet(authorityArray); - assertThat(authorities.contains("B")).isTrue(); assertThat(authorities.contains("C")).isTrue(); assertThat(authorities.contains("E")).isTrue(); diff --git a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java index 5380b81d71..09177a9fef 100644 --- a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java @@ -35,14 +35,10 @@ public class SimpleGrantedAuthorityTests { SimpleGrantedAuthority auth1 = new SimpleGrantedAuthority("TEST"); assertThat(auth1).isEqualTo(auth1); assertThat(new SimpleGrantedAuthority("TEST")).isEqualTo(auth1); - assertThat(auth1.equals("TEST")).isFalse(); - SimpleGrantedAuthority auth3 = new SimpleGrantedAuthority("NOT_EQUAL"); assertThat(!auth1.equals(auth3)).isTrue(); - assertThat(auth1.equals(mock(GrantedAuthority.class))).isFalse(); - assertThat(auth1.equals(222)).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java index f1515a3661..35781b5f30 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java @@ -57,13 +57,11 @@ public class SimpleAuthoritiesMapperTests { assertThat(mapped).hasSize(2); assertThat(mapped.contains("AaA")).isTrue(); assertThat(mapped.contains("Bbb")).isTrue(); - mapper.setConvertToLowerCase(true); mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap)); assertThat(mapped).hasSize(2); assertThat(mapped.contains("aaa")).isTrue(); assertThat(mapped.contains("bbb")).isTrue(); - mapper.setConvertToLowerCase(false); mapper.setConvertToUpperCase(true); mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap)); @@ -76,7 +74,6 @@ public class SimpleAuthoritiesMapperTests { public void duplicatesAreRemoved() { SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); mapper.setConvertToUpperCase(true); - Set mapped = AuthorityUtils .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA"))); assertThat(mapped).hasSize(1); diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java index eb915d7e32..0cbad90105 100644 --- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java +++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java @@ -32,7 +32,6 @@ public class ReactiveSecurityContextHolderTests { @Test public void getContextWhenEmpty() { Mono context = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(context).verifyComplete(); } @@ -40,23 +39,19 @@ public class ReactiveSecurityContextHolderTests { public void setContextAndGetContextThenEmitsContext() { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono context = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); - StepVerifier.create(context).expectNext(expectedContext).verifyComplete(); } @Test public void demo() { Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); - Mono messageByUsername = ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication).map(Authentication::getName) .flatMap(this::findMessageByUsername) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)); - StepVerifier.create(messageByUsername).expectNext("Hi user").verifyComplete(); } @@ -68,23 +63,19 @@ public class ReactiveSecurityContextHolderTests { public void setContextAndClearAndGetContextThenEmitsEmpty() { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono context = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) .subscriberContext(ReactiveSecurityContextHolder.clearContext()) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); - StepVerifier.create(context).verifyComplete(); } @Test public void setAuthenticationAndGetContextThenEmitsContext() { Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); - Mono authentication = Mono.subscriberContext() .flatMap((c) -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication)); - StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete(); } diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java index c8a22279cb..7ea8a2eca8 100644 --- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java +++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java @@ -60,7 +60,6 @@ public class SecurityContextHolderTests { fail("Should have rejected null"); } catch (IllegalArgumentException expected) { - } } diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java index 8f1cb7ee62..bbaf08c7a1 100644 --- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java +++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java @@ -48,15 +48,12 @@ public class DefaultSecurityParameterNameDiscovererTests { public void constructorDefault() { List discoverers = (List) ReflectionTestUtils .getField(this.discoverer, "parameterNameDiscoverers"); - assertThat(discoverers).hasSize(2); - ParameterNameDiscoverer annotationDisc = discoverers.get(0); assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class); Set annotationsToUse = (Set) ReflectionTestUtils.getField(annotationDisc, "annotationClassesToUse"); assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName()); - assertThat(discoverers.get(1).getClass()).isEqualTo(DefaultParameterNameDiscoverer.class); } @@ -64,19 +61,15 @@ public class DefaultSecurityParameterNameDiscovererTests { public void constructorDiscoverers() { this.discoverer = new DefaultSecurityParameterNameDiscoverer( Arrays.asList(new LocalVariableTableParameterNameDiscoverer())); - List discoverers = (List) ReflectionTestUtils .getField(this.discoverer, "parameterNameDiscoverers"); - assertThat(discoverers).hasSize(3); assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class); - ParameterNameDiscoverer annotationDisc = discoverers.get(1); assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class); Set annotationsToUse = (Set) ReflectionTestUtils.getField(annotationDisc, "annotationClassesToUse"); assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName()); - assertThat(discoverers.get(2)).isInstanceOf(DefaultParameterNameDiscoverer.class); } diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java index f2d1cbbcaf..626fcea0ed 100644 --- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java +++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java @@ -34,16 +34,12 @@ public class SessionInformationTests { Object principal = "Some principal object"; String sessionId = "1234567890"; Date currentDate = new Date(); - SessionInformation info = new SessionInformation(principal, sessionId, currentDate); assertThat(info.getPrincipal()).isEqualTo(principal); assertThat(info.getSessionId()).isEqualTo(sessionId); assertThat(info.getLastRequest()).isEqualTo(currentDate); - Thread.sleep(10); - info.refreshLastRequest(); - assertThat(info.getLastRequest().after(currentDate)).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java index 404722f8cb..df9ea8376d 100644 --- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java +++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java @@ -44,10 +44,8 @@ public class SessionRegistryImplTests { public void sessionDestroyedEventRemovesSessionFromRegistry() { Object principal = "Some principal object"; final String sessionId = "zzzz"; - // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // De-register session via an ApplicationEvent this.sessionRegistry.onApplicationEvent(new SessionDestroyedEvent("") { @Override @@ -60,7 +58,6 @@ public class SessionRegistryImplTests { return null; } }); - // Check attempts to retrieve cleared session return null assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); } @@ -70,10 +67,8 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; final String sessionId = "zzzz"; final String newSessionId = "123"; - // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // De-register session via an ApplicationEvent this.sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") { @Override @@ -86,7 +81,6 @@ public class SessionRegistryImplTests { return newSessionId; } }); - assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); assertThat(this.sessionRegistry.getSessionInformation(newSessionId)).isNotNull(); assertThat(this.sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal); @@ -99,11 +93,9 @@ public class SessionRegistryImplTests { String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; String sessionId3 = "5432109876"; - this.sessionRegistry.registerNewSession(sessionId1, principal1); this.sessionRegistry.registerNewSession(sessionId2, principal1); this.sessionRegistry.registerNewSession(sessionId3, principal2); - assertThat(this.sessionRegistry.getAllPrincipals()).hasSize(2); assertThat(this.sessionRegistry.getAllPrincipals().contains(principal1)).isTrue(); assertThat(this.sessionRegistry.getAllPrincipals().contains(principal2)).isTrue(); @@ -115,32 +107,24 @@ public class SessionRegistryImplTests { String sessionId = "1234567890"; // Register new Session this.sessionRegistry.registerNewSession(sessionId, principal); - // Retrieve existing session by session ID Date currentDateTime = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest(); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId); assertThat(this.sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull(); - // Retrieve existing session by principal assertThat(this.sessionRegistry.getAllSessions(principal, false)).hasSize(1); - // Sleep to ensure SessionRegistryImpl will update time Thread.sleep(1000); - // Update request date/time this.sessionRegistry.refreshLastRequest(sessionId); - Date retrieved = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest(); assertThat(retrieved.after(currentDateTime)).isTrue(); - // Check it retrieves correctly when looked up via principal assertThat(this.sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved, 2000L); - // Clear session information this.sessionRegistry.removeSessionInformation(sessionId); - // Check attempts to retrieve cleared session return null assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull(); assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty(); @@ -151,21 +135,17 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; - this.sessionRegistry.registerNewSession(sessionId1, principal); List sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId1, principal)).isTrue(); - this.sessionRegistry.registerNewSession(sessionId2, principal); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(2); assertThat(contains(sessionId2, principal)).isTrue(); - // Expire one session SessionInformation session = this.sessionRegistry.getSessionInformation(sessionId2); session.expireNow(); - // Check retrieval still correct assertThat(this.sessionRegistry.getSessionInformation(sessionId2).isExpired()).isTrue(); assertThat(this.sessionRegistry.getSessionInformation(sessionId1).isExpired()).isFalse(); @@ -176,22 +156,18 @@ public class SessionRegistryImplTests { Object principal = "Some principal object"; String sessionId1 = "1234567890"; String sessionId2 = "9876543210"; - this.sessionRegistry.registerNewSession(sessionId1, principal); List sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId1, principal)).isTrue(); - this.sessionRegistry.registerNewSession(sessionId2, principal); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(2); assertThat(contains(sessionId2, principal)).isTrue(); - this.sessionRegistry.removeSessionInformation(sessionId1); sessions = this.sessionRegistry.getAllSessions(principal, false); assertThat(sessions).hasSize(1); assertThat(contains(sessionId2, principal)).isTrue(); - this.sessionRegistry.removeSessionInformation(sessionId2); assertThat(this.sessionRegistry.getSessionInformation(sessionId2)).isNull(); assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty(); @@ -199,13 +175,11 @@ public class SessionRegistryImplTests { private boolean contains(String sessionId, Object principal) { List info = this.sessionRegistry.getAllSessions(principal, false); - for (SessionInformation sessionInformation : info) { if (sessionId.equals(sessionInformation.getSessionId())) { return true; } } - return false; } diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java index 5a392720ac..1dc583b84b 100644 --- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java +++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java @@ -35,7 +35,6 @@ public class DefaultTokenTests { String key = "key"; long created = new Date().getTime(); String extendedInformation = "extended"; - DefaultToken t1 = new DefaultToken(key, created, extendedInformation); DefaultToken t2 = new DefaultToken(key, created, extendedInformation); assertThat(t2).isEqualTo(t1); @@ -52,7 +51,6 @@ public class DefaultTokenTests { public void testEqualityWithDifferentExtendedInformation3() { String key = "key"; long created = new Date().getTime(); - DefaultToken t1 = new DefaultToken(key, created, "length1"); DefaultToken t2 = new DefaultToken(key, created, "longerLength2"); assertThat(t1).isNotEqualTo(t2); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java index f9d983a406..a6f8760871 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java @@ -33,7 +33,6 @@ public class MapReactiveUserDetailsServiceTests { .roles("USER") .build(); // @formatter:on - private MapReactiveUserDetailsService users = new MapReactiveUserDetailsService(Arrays.asList(USER_DETAILS)); @Test(expected = IllegalArgumentException.class) @@ -71,7 +70,6 @@ public class MapReactiveUserDetailsServiceTests { assertThat(foundUser.getPassword()).isNotEmpty(); foundUser.eraseCredentials(); assertThat(foundUser.getPassword()).isNull(); - foundUser = this.users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block(); assertThat(foundUser.getPassword()).isNotEmpty(); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java index 3a2a074971..5a771a6ed9 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java @@ -49,7 +49,6 @@ public class MockUserDetailsService implements UserDetailsService { if (this.users.get(username) == null) { throw new UsernameNotFoundException("User not found: " + username); } - return this.users.get(username); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java index 920d6a249f..4ac32d65ba 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java @@ -44,7 +44,6 @@ public class UserTests { @Test public void equalsReturnsTrueIfUsernamesAreTheSame() { User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); - assertThat(user1).isNotNull(); assertThat(user1).isNotEqualTo("A STRING"); assertThat(user1).isEqualTo(user1); @@ -56,7 +55,6 @@ public class UserTests { User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); Set users = new HashSet<>(); users.add(user1); - assertThat(users).contains(new User("rod", "koala", true, true, true, true, ROLE_12)); assertThat(users).contains(new User("rod", "anotherpass", false, false, false, false, AuthorityUtils.createAuthorityList("ROLE_X"))); @@ -66,7 +64,6 @@ public class UserTests { @Test public void testNoArgConstructorDoesntExist() { Class clazz = User.class; - try { clazz.getDeclaredConstructor((Class[]) null); fail("Should have thrown NoSuchMethodException"); @@ -83,14 +80,12 @@ public class UserTests { } catch (IllegalArgumentException expected) { } - try { new User("rod", null, true, true, true, true, ROLE_12); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } - try { List auths = AuthorityUtils.createAuthorityList("ROLE_ONE"); auths.add(null); @@ -145,9 +140,7 @@ public class UserTests { @Test public void withUserDetailsWhenAllEnabled() { User expected = new User("rob", "pass", true, true, true, true, ROLE_12); - UserDetails actual = User.withUserDetails(expected).build(); - assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); @@ -160,9 +153,7 @@ public class UserTests { @Test public void withUserDetailsWhenAllDisabled() { User expected = new User("rob", "pass", false, false, false, false, ROLE_12); - UserDetails actual = User.withUserDetails(expected).build(); - assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); @@ -175,10 +166,8 @@ public class UserTests { @Test public void withUserWhenDetailsPasswordEncoderThenEncodes() { UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build(); - UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder((p) -> p + "encoded") .build(); - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -186,7 +175,6 @@ public class UserTests { public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() { UserDetails withEncodedPassword = User.withUsername("user").password("password") .passwordEncoder((p) -> p + "encoded").roles("USER").build(); - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -199,7 +187,6 @@ public class UserTests { .roles("USER") .build(); // @formatter:on - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @@ -214,7 +201,6 @@ public class UserTests { .roles("USER") .build(); // @formatter:on - assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java index 1d989dbe98..45f1887853 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java @@ -53,7 +53,6 @@ public class EhCacheBasedUserCacheTests { private Ehcache getCache() { Ehcache cache = cacheManager.getCache("ehcacheusercachetests"); cache.removeAll(); - return cache; } @@ -67,15 +66,12 @@ public class EhCacheBasedUserCacheTests { EhCacheBasedUserCache cache = new EhCacheBasedUserCache(); cache.setCache(getCache()); cache.afterPropertiesSet(); - // Check it gets stored in the cache cache.putUserInCache(getUser()); assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword()); - // Check it gets removed from the cache cache.removeUserFromCache(getUser()); assertThat(cache.getUserFromCache(getUser().getUsername())).isNull(); - // Check it doesn't return values for null or unknown users assertThat(cache.getUserFromCache(null)).isNull(); assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull(); @@ -84,10 +80,8 @@ public class EhCacheBasedUserCacheTests { @Test(expected = IllegalArgumentException.class) public void startupDetectsMissingCache() throws Exception { EhCacheBasedUserCache cache = new EhCacheBasedUserCache(); - cache.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); - Ehcache myCache = getCache(); cache.setCache(myCache); assertThat(cache.getCache()).isEqualTo(myCache); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java index 7fa442e322..44bf44bade 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java @@ -64,15 +64,12 @@ public class SpringCacheBasedUserCacheTests { @Test public void cacheOperationsAreSuccessful() throws Exception { SpringCacheBasedUserCache cache = new SpringCacheBasedUserCache(getCache()); - // Check it gets stored in the cache cache.putUserInCache(getUser()); assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword()); - // Check it gets removed from the cache cache.removeUserFromCache(getUser()); assertThat(cache.getUserFromCache(getUser().getUsername())).isNull(); - // Check it doesn't return values for null or unknown users assertThat(cache.getUserFromCache(null)).isNull(); assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull(); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java index bfad0a615e..90f45656b4 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java @@ -43,7 +43,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setDataSource(PopulatedDatabase.getDataSource()); dao.afterPropertiesSet(); - return dao; } @@ -52,7 +51,6 @@ public class JdbcDaoImplTests { dao.setDataSource(PopulatedDatabase.getDataSource()); dao.setRolePrefix("ARBITRARY_PREFIX_"); dao.afterPropertiesSet(); - return dao; } @@ -63,7 +61,6 @@ public class JdbcDaoImplTests { assertThat(user.getUsername()).isEqualTo("rod"); assertThat(user.getPassword()).isEqualTo("koala"); assertThat(user.isEnabled()).isTrue(); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TELLER"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_SUPERVISOR"); } @@ -88,7 +85,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setAuthoritiesByUsernameQuery("SELECT * FROM FOO"); assertThat(dao.getAuthoritiesByUsernameQuery()).isEqualTo("SELECT * FROM FOO"); - dao.setUsersByUsernameQuery("SELECT USERS FROM FOO"); assertThat(dao.getUsersByUsernameQuery()).isEqualTo("SELECT USERS FROM FOO"); } @@ -96,7 +92,6 @@ public class JdbcDaoImplTests { @Test public void testLookupFailsIfUserHasNoGrantedAuthorities() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); - try { dao.loadUserByUsername("cooper"); fail("Should have thrown UsernameNotFoundException"); @@ -108,13 +103,11 @@ public class JdbcDaoImplTests { @Test public void testLookupFailsWithWrongUsername() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); - try { dao.loadUserByUsername("UNKNOWN_USER"); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { - } } @@ -129,11 +122,9 @@ public class JdbcDaoImplTests { public void testRolePrefixWorks() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDaoWithRolePrefix(); assertThat(dao.getRolePrefix()).isEqualTo("ARBITRARY_PREFIX_"); - UserDetails user = dao.loadUserByUsername("rod"); assertThat(user.getUsername()).isEqualTo("rod"); assertThat(user.getAuthorities()).hasSize(2); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ARBITRARY_PREFIX_ROLE_TELLER"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())) .contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR"); @@ -144,7 +135,6 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = makePopulatedJdbcDao(); dao.setEnableAuthorities(false); dao.setEnableGroups(true); - UserDetails jerry = dao.loadUserByUsername("jerry"); assertThat(jerry.getAuthorities()).hasSize(3); } @@ -162,34 +152,29 @@ public class JdbcDaoImplTests { @Test public void testStartupFailsIfDataSourceNotSet() { JdbcDaoImpl dao = new JdbcDaoImpl(); - try { dao.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testStartupFailsIfUserMapSetToNull() { JdbcDaoImpl dao = new JdbcDaoImpl(); - try { dao.setDataSource(null); dao.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test(expected = IllegalArgumentException.class) public void setMessageSourceWhenNullThenThrowsException() { JdbcDaoImpl dao = new JdbcDaoImpl(); - dao.setMessageSource(null); } @@ -199,9 +184,7 @@ public class JdbcDaoImplTests { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setMessageSource(source); String code = "code"; - dao.getMessages().getMessage(code); - verify(source).getMessage(eq(code), any(), any()); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java index 757d05bbeb..1d700855e8 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java @@ -31,7 +31,6 @@ public class UserAttributeEditorTests { public void testCorrectOperationWithTrailingSpaces() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password ,ROLE_ONE,ROLE_TWO "); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.getPassword()).isEqualTo("password"); assertThat(user.getAuthorities()).hasSize(2); @@ -43,7 +42,6 @@ public class UserAttributeEditorTests { public void testCorrectOperationWithoutEnabledDisabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,ROLE_ONE,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(user.isEnabled()).isTrue(); // default @@ -57,7 +55,6 @@ public class UserAttributeEditorTests { public void testDisabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,disabled,ROLE_ONE,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(!user.isEnabled()).isTrue(); @@ -71,7 +68,6 @@ public class UserAttributeEditorTests { public void testEmptyStringReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText(""); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -80,7 +76,6 @@ public class UserAttributeEditorTests { public void testEnabledKeyword() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,ROLE_ONE,enabled,ROLE_TWO"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user.isValid()).isTrue(); assertThat(user.isEnabled()).isTrue(); @@ -94,7 +89,6 @@ public class UserAttributeEditorTests { public void testMalformedStringReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("MALFORMED_STRING"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -103,7 +97,6 @@ public class UserAttributeEditorTests { public void testNoPasswordOrRolesReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("disabled"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -112,7 +105,6 @@ public class UserAttributeEditorTests { public void testNoRolesReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText("password,enabled"); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } @@ -121,7 +113,6 @@ public class UserAttributeEditorTests { public void testNullReturnsNull() { UserAttributeEditor editor = new UserAttributeEditor(); editor.setAsText(null); - UserAttribute user = (UserAttribute) editor.getValue(); assertThat(user == null).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java index 1efa6f4b62..924364f352 100644 --- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java @@ -48,7 +48,6 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests { + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - @Test public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java index 2fcc882be4..91dbb6750e 100644 --- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java @@ -41,7 +41,6 @@ public class BadCredentialsExceptionMixinTests extends AbstractMixinTests { + "\"suppressed\": [\"[Ljava.lang.Throwable;\",[]]" + "}"; // @formatter:on - @Test public void serializeBadCredentialsExceptionMixinTest() throws JsonProcessingException, JSONException { BadCredentialsException exception = new BadCredentialsException("message"); diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java index 9500354e97..85b05860e8 100644 --- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java @@ -48,7 +48,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - // @formatter:off private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{" + "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," @@ -59,7 +58,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - @Test(expected = IllegalArgumentException.class) public void testWithNullPrincipal() { new RememberMeAuthenticationToken("key", null, Collections.emptyList()); diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java index ab9405c986..8f2806079f 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java @@ -44,7 +44,6 @@ public class SecurityContextMixinTests extends AbstractMixinTests { + "\"authentication\": " + UsernamePasswordAuthenticationTokenMixinTests.AUTHENTICATED_STRINGPRINCIPAL_JSON + "}"; // @formatter:on - @Test public void securityContextSerializeTest() throws JsonProcessingException, JSONException { SecurityContext context = new SecurityContextImpl(); diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java index d053a451b9..106750a1e6 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java @@ -58,7 +58,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenExplicitDefaultTypingAfterSecuritySetupThenReadsAsSpecificType() throws Exception { this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @@ -68,14 +67,12 @@ public class SecurityJackson2ModulesTests { this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); SecurityJackson2Modules.enableDefaultTyping(this.mapper); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @Test public void readValueWhenAnnotatedThenReadsAsSpecificType() throws Exception { String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlistedButAnnotated\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlistedButAnnotated.class); } @@ -83,7 +80,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenMixinProvidedThenReadsAsSpecificType() throws Exception { this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class); String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class); } @@ -91,7 +87,6 @@ public class SecurityJackson2ModulesTests { public void readValueWhenHashMapThenReadsAsSpecificType() throws Exception { this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class); String content = "{\"@class\":\"java.util.HashMap\"}"; - assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(HashMap.class); } diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java index 2786cd2b24..05d67d7323 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java @@ -36,18 +36,12 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests { // @formatter:off public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}"; - public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]"; - public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]"; - public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", []]"; - public static final String EMPTY_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$EmptyList\", []]"; - public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]"; // @formatter:on - @Test public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java index f7d902486b..299b4f9026 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java @@ -53,7 +53,6 @@ public class UserDeserializerTests extends AbstractMixinTests { + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON + "}"; // @formatter:on - @Test public void serializeUserTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); @@ -72,14 +71,12 @@ public class UserDeserializerTests extends AbstractMixinTests { public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException { String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]"); - this.mapper.readValue(userJsonWithoutPasswordString, User.class); } @Test public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception { String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), this.mapper, "password"); - User user = this.mapper.readValue(userJsonWithoutPasswordString, User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); @@ -107,7 +104,6 @@ public class UserDeserializerTests extends AbstractMixinTests { private String removeNode(String json, ObjectMapper mapper, String toRemove) throws Exception { ObjectNode node = mapper.getFactory().createParser(json).readValueAsTree(); node.remove(toRemove); - String result = mapper.writeValueAsString(node); JSONAssert.assertNotEquals(json, result, false); return result; diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java index c3c4816c06..cca7f4d75b 100644 --- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java @@ -44,7 +44,6 @@ public class InMemoryUserDetailsManagerTests { @Test public void changePasswordWhenUsernameIsNotInLowercase() { UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user()).username("User").build(); - String newPassword = "newPassword"; this.manager.updatePassword(userNotLowerCase, newPassword); assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()) diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java index 413bff2c53..ddb9a46d7e 100644 --- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java @@ -97,7 +97,6 @@ public class JdbcUserDetailsManagerTests { this.manager.setChangePasswordSql(JdbcUserDetailsManager.DEF_CHANGE_PASSWORD_SQL); this.manager.initDao(); this.template = this.manager.getJdbcTemplate(); - this.template.execute("create table users(username varchar(20) not null primary key," + "password varchar(20) not null, enabled boolean not null)"); this.template @@ -121,7 +120,6 @@ public class JdbcUserDetailsManagerTests { this.template.execute("alter table users add column acc_locked boolean default false not null"); this.template.execute("alter table users add column acc_expired boolean default false not null"); this.template.execute("alter table users add column creds_expired boolean default false not null"); - this.manager.setUsersByUsernameQuery( "select username,password,enabled, acc_locked, acc_expired, creds_expired from users where username = ?"); this.manager.setCreateUserSql( @@ -133,22 +131,17 @@ public class JdbcUserDetailsManagerTests { @Test public void createUserInsertsCorrectData() { this.manager.createUser(joe); - UserDetails joe2 = this.manager.loadUserByUsername("joe"); - assertThat(joe2).isEqualTo(joe); } @Test public void createUserInsertsCorrectDataWithLocking() { setUpAccLockingColumns(); - UserDetails user = new User("joe", "pass", true, false, true, false, AuthorityUtils.createAuthorityList("A", "B")); this.manager.createUser(user); - UserDetails user2 = this.manager.loadUserByUsername(user.getUsername()); - assertThat(user2).isEqualToComparingFieldByField(user); } @@ -156,7 +149,6 @@ public class JdbcUserDetailsManagerTests { public void deleteUserRemovesUserDataAndAuthoritiesAndClearsCache() { insertJoe(); this.manager.deleteUser("joe"); - assertThat(this.template.queryForList(SELECT_JOE_SQL)).isEmpty(); assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty(); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); @@ -167,11 +159,8 @@ public class JdbcUserDetailsManagerTests { insertJoe(); User newJoe = new User("joe", "newpassword", false, true, true, true, AuthorityUtils.createAuthorityList(new String[] { "D", "F", "E" })); - this.manager.updateUser(newJoe); - UserDetails joe = this.manager.loadUserByUsername("joe"); - assertThat(joe).isEqualTo(newJoe); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); } @@ -179,16 +168,11 @@ public class JdbcUserDetailsManagerTests { @Test public void updateUserChangesDataCorrectlyAndClearsCacheWithLocking() { setUpAccLockingColumns(); - insertJoe(); - User newJoe = new User("joe", "newpassword", false, false, false, true, AuthorityUtils.createAuthorityList("D", "F", "E")); - this.manager.updateUser(newJoe); - UserDetails joe = this.manager.loadUserByUsername(newJoe.getUsername()); - assertThat(joe).isEqualToComparingFieldByField(newJoe); assertThat(this.cache.getUserMap().containsKey(newJoe.getUsername())).isFalse(); } @@ -216,7 +200,6 @@ public class JdbcUserDetailsManagerTests { authenticateJoe(); this.manager.changePassword("wrongpassword", "newPassword"); UserDetails newJoe = this.manager.loadUserByUsername("joe"); - assertThat(newJoe.getPassword()).isEqualTo("newPassword"); assertThat(this.cache.getUserMap().containsKey("joe")).isFalse(); } @@ -227,11 +210,9 @@ public class JdbcUserDetailsManagerTests { Authentication currentAuth = authenticateJoe(); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(currentAuth)).willReturn(currentAuth); - this.manager.setAuthenticationManager(am); this.manager.changePassword("password", "newPassword"); UserDetails newJoe = this.manager.loadUserByUsername("joe"); - assertThat(newJoe.getPassword()).isEqualTo("newPassword"); // The password in the context should also be altered Authentication newAuth = SecurityContextHolder.getContext().getAuthentication(); @@ -247,16 +228,13 @@ public class JdbcUserDetailsManagerTests { authenticateJoe(); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); - this.manager.setAuthenticationManager(am); - try { this.manager.changePassword("password", "newPassword"); fail("Expected BadCredentialsException"); } catch (BadCredentialsException expected) { } - // Check password hasn't changed. UserDetails newJoe = this.manager.loadUserByUsername("joe"); assertThat(newJoe.getPassword()).isEqualTo("password"); @@ -268,7 +246,6 @@ public class JdbcUserDetailsManagerTests { public void findAllGroupsReturnsExpectedGroupNames() { List groups = this.manager.findAllGroups(); assertThat(groups).hasSize(4); - Collections.sort(groups); assertThat(groups.get(0)).isEqualTo("GROUP_0"); assertThat(groups.get(1)).isEqualTo("GROUP_1"); @@ -289,10 +266,8 @@ public class JdbcUserDetailsManagerTests { @SuppressWarnings("unchecked") public void createGroupInsertsCorrectData() { this.manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y")); - List roles = this.template.queryForList("select ga.authority from groups g, group_authorities ga " + "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'"); - assertThat(roles).hasSize(2); } @@ -302,7 +277,6 @@ public class JdbcUserDetailsManagerTests { this.manager.deleteGroup("GROUP_1"); this.manager.deleteGroup("GROUP_2"); this.manager.deleteGroup("GROUP_3"); - assertThat(this.template.queryForList("select * from group_authorities")).isEmpty(); assertThat(this.template.queryForList("select * from group_members")).isEmpty(); assertThat(this.template.queryForList("select id from groups")).isEmpty(); @@ -311,7 +285,6 @@ public class JdbcUserDetailsManagerTests { @Test public void renameGroupIsSuccessful() { this.manager.renameGroup("GROUP_0", "GROUP_X"); - assertThat(this.template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class)) .isZero(); } @@ -319,14 +292,12 @@ public class JdbcUserDetailsManagerTests { @Test public void addingGroupUserSetsCorrectData() { this.manager.addUserToGroup("tom", "GROUP_0"); - assertThat(this.template.queryForList("select username from group_members where group_id = 0")).hasSize(2); } @Test public void removeUserFromGroupDeletesGroupMemberRow() { this.manager.removeUserFromGroup("jerry", "GROUP_1"); - assertThat(this.template.queryForList("select group_id from group_members where username = 'jerry'")) .hasSize(1); } @@ -341,7 +312,6 @@ public class JdbcUserDetailsManagerTests { public void addGroupAuthorityInsertsCorrectGroupAuthorityRow() { GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_X"); this.manager.addGroupAuthority("GROUP_0", auth); - this.template.queryForObject( "select authority from group_authorities where authority = 'ROLE_X' and group_id = 0", String.class); } @@ -351,7 +321,6 @@ public class JdbcUserDetailsManagerTests { GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_A"); this.manager.removeGroupAuthority("GROUP_0", auth); assertThat(this.template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty(); - this.manager.removeGroupAuthority("GROUP_2", auth); assertThat(this.template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2); } @@ -388,7 +357,6 @@ public class JdbcUserDetailsManagerTests { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("joe", "password", joe.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); - return auth; } diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java index 51835d2133..2d7317b7a1 100644 --- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java @@ -28,12 +28,10 @@ public class FieldUtilsTests { @Test public void gettingAndSettingProtectedFieldIsSuccessful() throws Exception { Object tc = new TestClass(); - assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("x"); assertThat(FieldUtils.getFieldValue(tc, "nested.protectedField")).isEqualTo("z"); FieldUtils.setProtectedFieldValue("protectedField", tc, "y"); assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("y"); - try { FieldUtils.getProtectedFieldValue("nonExistentField", tc); } diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java index aa099fb9c0..7bc823f2bb 100644 --- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java @@ -61,14 +61,11 @@ public class MethodInvocationUtilsTests { AdvisedTarget t = new AdvisedTarget(); // Just lie about interfaces t.setInterfaces(new Class[] { Serializable.class, MethodInvocation.class, Blah.class }); - MethodInvocation mi = MethodInvocationUtils.create(t, "blah"); assertThat(mi).isNotNull(); - t.setProxyTargetClass(true); mi = MethodInvocationUtils.create(t, "blah"); assertThat(mi).isNotNull(); - assertThat(MethodInvocationUtils.create(t, "blah", "non-existent arg")).isNull(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java index dce328f4b3..23fde39954 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java @@ -89,7 +89,6 @@ public class Argon2PasswordEncoderTests { public void matchesWhenGeneratedWithDifferentEncoderThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(); - String password = "secret"; String oldEncodedPassword = oldEncoder.encode(password); assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue(); @@ -113,9 +112,7 @@ public class Argon2PasswordEncoderTests { @Test public void encodeWhenUsingPredictableSaltThenEqualTestHash() throws Exception { injectPredictableSaltGen(); - String hash = this.encoder.encode("sometestpassword"); - assertThat(hash).isEqualTo( "$argon2id$v=19$m=4096,t=3,p=1$QUFBQUFBQUFBQUFBQUFBQQ$hmmTNyJlwbb6HAvFoHFWF+u03fdb0F2qA+39oPlcAqo"); } @@ -125,7 +122,6 @@ public class Argon2PasswordEncoderTests { this.encoder = new Argon2PasswordEncoder(16, 32, 4, 512, 5); injectPredictableSaltGen(); String hash = this.encoder.encode("sometestpassword"); - assertThat(hash).isEqualTo( "$argon2id$v=19$m=512,t=5,p=4$QUFBQUFBQUFBQUFBQUFBQQ$PNv4C3K50bz3rmON+LtFpdisD7ePieLNq+l5iUHgc1k"); } @@ -133,16 +129,13 @@ public class Argon2PasswordEncoderTests { @Test public void upgradeEncodingWhenSameEncodingThenFalse() { String hash = this.encoder.encode("password"); - assertThat(this.encoder.upgradeEncoding(hash)).isFalse(); } @Test public void upgradeEncodingWhenSameStandardParamsThenFalse() { Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(); - String hash = this.encoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -150,9 +143,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenSameCustomParamsThenFalse() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -160,9 +151,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasLowerMemoryThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 512, 4); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isTrue(); } @@ -170,9 +159,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasLowerIterationsThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 5); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isTrue(); } @@ -180,9 +167,7 @@ public class Argon2PasswordEncoderTests { public void upgradeEncodingWhenHashHasHigherParamsThenFalse() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 128, 3); - String hash = oldEncoder.encode("password"); - assertThat(newEncoder.upgradeEncoding(hash)).isFalse(); } @@ -205,7 +190,6 @@ public class Argon2PasswordEncoderTests { byte[] bytes = new byte[16]; Arrays.fill(bytes, (byte) 0x41); Mockito.when(this.keyGeneratorMock.generateKey()).thenReturn(bytes); - // we can't use the @InjectMock-annotation because the salt-generator is set in // the constructor // and Mockito will only inject mocks if they are null diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java index 1b88c0fc09..b9c9c1072f 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java @@ -113,7 +113,6 @@ public class BCryptPasswordEncoderTests { BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(8); String result = encoder.encode("password"); assertThat(encoder.matches("password", result)).isTrue(); - } @Test @@ -169,10 +168,8 @@ public class BCryptPasswordEncoderTests { public void upgradeFromLowerStrength() { BCryptPasswordEncoder weakEncoder = new BCryptPasswordEncoder(5); BCryptPasswordEncoder strongEncoder = new BCryptPasswordEncoder(15); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse(); assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java index 7fcd8739c9..010c1e9c8e 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java @@ -11,7 +11,6 @@ // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - package org.springframework.security.crypto.bcrypt; import java.util.ArrayList; @@ -141,7 +140,6 @@ public class BCryptTests { "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti")); testObjectsString.add(new TestObject<>("~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq")); - testObjectsByteArray = new ArrayList<>(); testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.uiVGfgi6Z1Iz.vZr11mi/38o09TUVCy")); @@ -315,11 +313,9 @@ public class BCryptTests { print("BCrypt.hashpw w/ international chars: "); String pw1 = "ππππππππ"; String pw2 = "????????"; - String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt()); assertThat(BCrypt.checkpw(pw2, h1)).isFalse(); print("."); - String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt()); assertThat(BCrypt.checkpw(pw1, h2)).isFalse(); print("."); @@ -386,15 +382,12 @@ public class BCryptTests { @Test public void testBase64EncodeDecode() { byte[] ba = new byte[3]; - for (int b = 0; b <= 0xFF; b++) { for (int i = 0; i < ba.length; i++) { Arrays.fill(ba, (byte) 0); ba[i] = (byte) b; - String s = encode_base64(ba, 3); assertThat(s.length()).isEqualTo(4); - byte[] decoded = BCrypt.decode_base64(s, 3); assertThat(decoded).isEqualTo(ba); } @@ -452,10 +445,8 @@ public class BCryptTests { public void equalsOnStringsIsCorrect() { assertThat(BCrypt.equalsNoEarlyReturn("", "")).isTrue(); assertThat(BCrypt.equalsNoEarlyReturn("test", "test")).isTrue(); - assertThat(BCrypt.equalsNoEarlyReturn("test", "")).isFalse(); assertThat(BCrypt.equalsNoEarlyReturn("", "test")).isFalse(); - assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java index 9a66e090d9..4c1b202df8 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java @@ -33,9 +33,7 @@ public class Utf8Tests { byte[] bytes = Utf8.encode("6048b75ed560785c"); assertThat(bytes).hasSize(16); assertThat(Arrays.equals("6048b75ed560785c".getBytes("UTF-8"), bytes)).isTrue(); - String decoded = Utf8.decode(bytes); - assertThat(decoded).isEqualTo("6048b75ed560785c"); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java index 0d1a9b678b..d806b028cb 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java @@ -67,7 +67,6 @@ public class AesBytesEncryptorTests { byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -77,11 +76,9 @@ public class AesBytesEncryptorTests { CryptoAssumptions.assumeGCMJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, CipherAlgorithm.GCM); - byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -92,11 +89,9 @@ public class AesBytesEncryptorTests { PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), 1024, 256); SecretKey secretKey = CipherUtils.newSecretKey(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name(), keySpec); AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, CipherAlgorithm.GCM); - byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); - byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java index 56a70c073d..44506004d1 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java @@ -102,7 +102,6 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests { Assert.assertArrayEquals(this.testData, leftDecrypted); Assert.assertArrayEquals(this.testData, rightDecrypted); } - } private void testCompatibility(BytesEncryptor left, BytesEncryptor right) { diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java index 3feeb87868..3fca2601c8 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java @@ -52,7 +52,6 @@ public final class CryptoAssumptions { throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", ex); } Assume.assumeTrue("AES key length of 256 not allowed, skipping test", aes256Available); - } } diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java index 7aff4acdd3..89143fae4e 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java @@ -35,7 +35,6 @@ public class PasswordEncoderFactoriesTests { @Test public void encodeWhenDefaultThenBCryptUsed() { String encodedPassword = this.encoder.encode(this.rawPassword); - assertThat(encodedPassword).startsWith("{bcrypt}"); assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java index e53288afcc..c98fd1016b 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java @@ -69,7 +69,6 @@ public class DelegatingPasswordEncoderTests { this.delegates = new HashMap<>(); this.delegates.put(this.bcryptId, this.bcrypt); this.delegates.put("noop", this.noop); - this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); } @@ -92,9 +91,7 @@ public class DelegatingPasswordEncoderTests { public void matchesWhenCustomDefaultPasswordEncoderForMatchesThenDelegates() { String encodedPassword = "{unmapped}" + this.rawPassword; this.passwordEncoder.setDefaultPasswordEncoderForMatches(this.invalidId); - assertThat(this.passwordEncoder.matches(this.rawPassword, encodedPassword)).isFalse(); - verify(this.invalidId).matches(this.rawPassword, encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); } @@ -102,16 +99,13 @@ public class DelegatingPasswordEncoderTests { @Test public void encodeWhenValidThenUsesIdForEncode() { given(this.bcrypt.encode(this.rawPassword)).willReturn(this.encodedPassword); - assertThat(this.passwordEncoder.encode(this.rawPassword)).isEqualTo(this.bcryptEncodedPassword); } @Test public void matchesWhenBCryptThenDelegatesToBCrypt() { given(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.bcryptEncodedPassword)).isTrue(); - verify(this.bcrypt).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.noop); } @@ -119,9 +113,7 @@ public class DelegatingPasswordEncoderTests { @Test public void matchesWhenNoopThenDelegatesToNoop() { given(this.noop.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.noopEncodedPassword)).isTrue(); - verify(this.noop).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt); } @@ -131,7 +123,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -140,7 +131,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -149,7 +139,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -158,7 +147,6 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -167,20 +155,16 @@ public class DelegatingPasswordEncoderTests { assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenIdIsNullThenFalse() { this.delegates = new Hashtable<>(this.delegates); - DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); - assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("There is no PasswordEncoder mapped for the id \"null\""); - verifyZeroInteractions(this.bcrypt, this.noop); } @@ -189,9 +173,7 @@ public class DelegatingPasswordEncoderTests { this.delegates.put(null, this.invalidId); this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); given(this.invalidId.matches(this.rawPassword, this.encodedPassword)).willReturn(true); - assertThat(this.passwordEncoder.matches(this.rawPassword, this.encodedPassword)).isTrue(); - verify(this.invalidId).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); } @@ -219,23 +201,19 @@ public class DelegatingPasswordEncoderTests { @Test public void upgradeEncodingWhenSameIdAndEncoderFalseThenEncoderDecidesFalse() { assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse(); - verify(this.bcrypt).upgradeEncoding(this.encodedPassword); } @Test public void upgradeEncodingWhenSameIdAndEncoderTrueThenEncoderDecidesTrue() { given(this.bcrypt.upgradeEncoding(any())).willReturn(true); - assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isTrue(); - verify(this.bcrypt).upgradeEncoding(this.encodedPassword); } @Test public void upgradeEncodingWhenDifferentIdThenTrue() { assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue(); - verifyZeroInteractions(this.bcrypt); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java index dfd72f22af..c2ba10087f 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java @@ -83,14 +83,11 @@ public class LdapShaPasswordEncoderTests { public void correctPrefixCaseIsUsed() { this.sha.setForceLowerCasePrefix(false); assertThat(this.sha.encode("somepassword").startsWith("{SSHA}")); - this.sha.setForceLowerCasePrefix(true); assertThat(this.sha.encode("somepassword").startsWith("{ssha}")); - this.sha = new LdapShaPasswordEncoder(KeyGenerators.shared(0)); this.sha.setForceLowerCasePrefix(false); assertThat(this.sha.encode("somepassword").startsWith("{SHA}")); - this.sha.setForceLowerCasePrefix(true); assertThat(this.sha.encode("somepassword").startsWith("{SSHA}")); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java index b36ac74940..a1de26c6c3 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java @@ -62,7 +62,6 @@ public class Md4PasswordEncoderTests { String rawPassword = "password"; Md4PasswordEncoder md4 = new Md4PasswordEncoder(); String encodedPassword = md4.encode(rawPassword); - assertThat(md4.matches(rawPassword, encodedPassword)).isTrue(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java index a430e8108e..057545ca41 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java @@ -95,7 +95,6 @@ public class MessageDigestPasswordEncoderTests { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1"); String raw = "abc123"; assertThat(pe.matches(raw, "{THIS_IS_A_SALT}b2f50ffcbd3407fe9415c062d55f54731f340d32")); - } @Test diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java index 3da34c5daf..bd54171718 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java @@ -71,14 +71,12 @@ public class Pbkdf2PasswordEncoderTests { byte[] originalBytes = Hex.decode(originalEncodedPassword); byte[] fixedBytes = Arrays.copyOfRange(originalBytes, saltLength, originalBytes.length); String fixedHex = String.valueOf(Hex.encode(fixedBytes)); - assertThat(fixedHex).isEqualTo(encodedPassword); } @Test public void encodeAndMatchWhenBase64ThenSuccess() { this.encoder.setEncodeHashAsBase64(true); - String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); @@ -89,7 +87,6 @@ public class Pbkdf2PasswordEncoderTests { this.encoder.setEncodeHashAsBase64(true); String rawPassword = "password"; String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ=="; - assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as // Base64 @@ -98,7 +95,6 @@ public class Pbkdf2PasswordEncoderTests { @Test public void encodeAndMatchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); - String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); @@ -107,7 +103,6 @@ public class Pbkdf2PasswordEncoderTests { @Test public void matchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); - String rawPassword = "password"; String encodedPassword = "821447f994e2b04c5014e31fa9fca4ae1cc9f2188c4ed53d3ddb5ba7980982b51a0ecebfc0b81a79"; assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java index 22fa4d5ffe..6dcd99865a 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java @@ -68,7 +68,6 @@ public class SCryptPasswordEncoderTests { public void samePasswordWithDifferentParams() { SCryptPasswordEncoder oldEncoder = new SCryptPasswordEncoder(16384, 8, 1, 32, 64); SCryptPasswordEncoder newEncoder = new SCryptPasswordEncoder(); - String password = "secret"; String oldEncodedPassword = oldEncoder.encode(password); assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue(); @@ -140,10 +139,8 @@ public class SCryptPasswordEncoderTests { public void upgradeEncodingWhenWeakerToStrongerThenFalse() { SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64); SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse(); } @@ -151,10 +148,8 @@ public class SCryptPasswordEncoderTests { public void upgradeEncodingWhenStrongerToWeakerThenTrue() { SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64); SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64); - String weakPassword = weakEncoder.encode("password"); String strongPassword = strongEncoder.encode("password"); - assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue(); } diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java index 38cd7e3f01..b4937afebb 100644 --- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java +++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java @@ -49,7 +49,6 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectSecurityContextHolderAuthentication() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(authentication); - assertThat(getRoot().getAuthentication()).isSameAs(authentication); } @@ -57,10 +56,8 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(authentication); - assertThat(getRoot().getAuthentication()).isSameAs(explicit); } @@ -68,7 +65,6 @@ public class SecurityEvaluationContextExtensionTests { public void getRootObjectExplicitAuthentication() { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); - assertThat(getRoot().getAuthentication()).isSameAs(explicit); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java index 7978c18b4b..ae84d19654 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java @@ -37,16 +37,13 @@ public class LdapUtilsTests { public void testCloseContextSwallowsNamingException() throws Exception { final DirContext dirCtx = mock(DirContext.class); willThrow(new NamingException()).given(dirCtx).close(); - LdapUtils.closeContext(dirCtx); } @Test public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName() throws Exception { final DirContext mockCtx = mock(DirContext.class); - given(mockCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org"); - assertThat(LdapUtils.getRelativeName("dc=springframework,dc=org", mockCtx)).isEqualTo(""); } @@ -54,7 +51,6 @@ public class LdapUtilsTests { public void testGetRelativeNameReturnsFullDnWithEmptyBaseName() throws Exception { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn(""); - assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx)) .isEqualTo("cn=jane,dc=springframework,dc=org"); } @@ -63,7 +59,6 @@ public class LdapUtilsTests { public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org"); - assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx)) .isEqualTo("cn=jane smith"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java index e7e0b487f1..1b8f25afad 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java @@ -52,7 +52,6 @@ public class SpringSecurityAuthenticationSourceTests { @Test public void principalIsEmptyForAnonymousUser() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); - SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored"))); assertThat(source.getPrincipal()).isEqualTo(""); @@ -62,7 +61,6 @@ public class SpringSecurityAuthenticationSourceTests { public void getPrincipalRejectsNonLdapUserDetailsObject() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password")); - source.getPrincipal(); } @@ -70,7 +68,6 @@ public class SpringSecurityAuthenticationSourceTests { public void expectedCredentialsAreReturned() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password")); - assertThat(source.getCredentials()).isEqualTo("password"); } @@ -82,7 +79,6 @@ public class SpringSecurityAuthenticationSourceTests { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null)); - assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java index 082392d6d5..5494ae1490 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java @@ -60,16 +60,13 @@ public class SpringSecurityLdapTemplateTests { String searchResultName = "ldap://example.com/dc=springframework,dc=org"; Object[] params = new Object[] {}; DirContextAdapter searchResultObject = mock(DirContextAdapter.class); - given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture())) .willReturn(this.resultsEnum); given(this.resultsEnum.hasMore()).willReturn(true, false); given(this.resultsEnum.next()).willReturn(this.searchResult); given(this.searchResult.getObject()).willReturn(searchResultObject); - SpringSecurityLdapTemplate.searchForSingleEntryInternal(this.ctx, mock(SearchControls.class), base, filter, params); - assertThat(this.searchControls.getValue().getReturningObjFlag()).isTrue(); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java index fc090ac0a7..cf6b6eefcc 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java @@ -53,7 +53,6 @@ public class LdapAuthenticationProviderTests { public void testSupportsUsernamePasswordAuthenticationToken() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - assertThat(ldapProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); } @@ -61,7 +60,6 @@ public class LdapAuthenticationProviderTests { public void testDefaultMapperIsSet() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - assertThat(ldapProvider.getUserDetailsContextMapper() instanceof LdapUserDetailsMapper).isTrue(); } @@ -69,14 +67,12 @@ public class LdapAuthenticationProviderTests { public void testEmptyOrNullUserNameThrowsException() { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); - try { ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password")); fail("Expected BadCredentialsException for empty username"); } catch (BadCredentialsException expected) { } - try { ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword")); fail("Expected BadCredentialsException for null username"); @@ -90,7 +86,6 @@ public class LdapAuthenticationProviderTests { final LdapAuthenticator authenticator = mock(LdapAuthenticator.class); final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password"); given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody")); - LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator); provider.authenticate(joe); } @@ -100,7 +95,6 @@ public class LdapAuthenticationProviderTests { final LdapAuthenticator authenticator = mock(LdapAuthenticator.class); final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password"); given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody")); - LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator); provider.setHideUserNotFoundExceptions(false); provider.authenticate(joe); @@ -113,9 +107,7 @@ public class LdapAuthenticationProviderTests { LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper(); userMapper.setRoleAttributes(new String[] { "ou" }); ldapProvider.setUserDetailsContextMapper(userMapper); - assertThat(ldapProvider.getAuthoritiesPopulator()).isNotNull(); - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); Object authDetails = new Object(); @@ -128,7 +120,6 @@ public class LdapAuthenticationProviderTests { assertThat(user.getPassword()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); assertThat(user.getUsername()).isEqualTo("ben"); assertThat(populator.getRequestedUsername()).isEqualTo("ben"); - assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_ENTRY"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_POPULATOR"); } @@ -138,12 +129,10 @@ public class LdapAuthenticationProviderTests { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()); ldapProvider.setUseAuthenticationRequestCredentials(false); - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); Authentication authResult = ldapProvider.authenticate(authRequest); assertThat(authResult.getCredentials()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); - } @Test @@ -166,7 +155,6 @@ public class LdapAuthenticationProviderTests { LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class); CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException()); given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause); - LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator); try { ldapProvider.authenticate(authRequest); @@ -185,19 +173,15 @@ public class LdapAuthenticationProviderTests { ctx.setAttributeValue("ou", "FROM_ENTRY"); String username = authentication.getName(); String password = (String) authentication.getCredentials(); - if (username.equals("ben") && password.equals("benspassword")) { ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org")); ctx.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ="); - return ctx; } else if (username.equals("jen") && password.equals("")) { ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org")); - return ctx; } - throw new BadCredentialsException("Authentication failed."); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java index e5c10d8798..7a1a8e35bd 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java @@ -43,22 +43,16 @@ public class PasswordComparisonAuthenticatorMockTests { final BaseLdapPathContextSource source = mock(BaseLdapPathContextSource.class); final BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("uid", "bob")); - PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(source); - authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" }); - // Get the mock to return an empty attribute set given(source.getReadOnlyContext()).willReturn(dirCtx); given(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).willReturn(attrs); given(dirCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org"); - // Setup a single return value (i.e. success) final NamingEnumeration searchResults = new BasicAttributes("", null).getAll(); - given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class), any(SearchControls.class))).willReturn(searchResults); - authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword")); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java index b3c3a78d34..8272ec247f 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java @@ -98,43 +98,33 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @Test public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception { String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))"; - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - customProvider.setSearchFilter(customSearchFilter); Authentication result = customProvider.authenticate(this.joe); - assertThat(result.isAuthenticated()).isTrue(); } @Test public void defaultSearchFilter() throws Exception { final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = customProvider.authenticate(this.joe); - assertThat(result.isAuthenticated()).isTrue(); verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)); @@ -145,21 +135,16 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { public void bindPrincipalAndUsernameUsed() throws Exception { final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; ArgumentCaptor captor = ArgumentCaptor.forClass(Object[].class); - DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)); - ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = customProvider.authenticate(this.joe); - assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe"); assertThat(result.isAuthenticated()).isTrue(); } @@ -179,20 +164,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/"); DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class), any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr)); this.provider.contextFactory = createContextFactoryReturning(ctx); - try { this.provider.authenticate(this.joe); fail("Expected BadCredentialsException for user with no domain information"); } catch (BadCredentialsException expected) { } - this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password")); } @@ -202,9 +184,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willThrow(new NameNotFoundException()); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -215,9 +195,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(new EmptyEnumeration<>()); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -239,9 +217,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(searchResults.next()).willReturn(searchResult); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(searchResults); - this.provider.contextFactory = createContextFactoryReturning(ctx); - this.provider.authenticate(this.joe); } @@ -274,7 +250,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.provider.contextFactory = createContextFactoryThrowing( new AuthenticationException(msg + dataCode + ", xxxx]")); this.provider.setConvertSubErrorCodesToExceptions(true); - this.thrown.expect(BadCredentialsException.class); this.thrown.expect(new BaseMatcher() { private Matcher causeInstance = CoreMatchers @@ -297,21 +272,18 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { this.causeDataCode.describeTo(desc); } }); - this.provider.authenticate(this.joe); } @Test(expected = CredentialsExpiredException.class) public void expiredPasswordIsCorrectlyMapped() { this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]")); - try { this.provider.authenticate(this.joe); fail("BadCredentialsException should had been thrown"); } catch (BadCredentialsException expected) { } - this.provider.setConvertSubErrorCodesToExceptions(true); this.provider.authenticate(this.joe); } @@ -379,7 +351,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain"); checkAuthentication("dc=ad,dc=eu,dc=mydomain", provider); - } @Test(expected = IllegalArgumentException.class) @@ -395,10 +366,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @Test public void contextEnvironmentPropertiesUsed() { Hashtable env = new Hashtable<>(); - env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory"); this.provider.setContextEnvironmentProperties(env); - try { this.provider.authenticate(this.joe); fail("CommunicationException was expected with a root cause of ClassNotFoundException"); @@ -433,24 +402,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { throws NamingException { DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); - DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); @SuppressWarnings("deprecation") DistinguishedName searchBaseDn = new DistinguishedName(rootDn); given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class))) .willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr)); - provider.contextFactory = createContextFactoryReturning(ctx); - Authentication result = provider.authenticate(this.joe); - assertThat(result.getAuthorities()).isEmpty(); - dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu"); - result = provider.authenticate(this.joe); - assertThat(result.getAuthorities()).hasSize(1); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java index 0f0ffef89f..84cc77f851 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java @@ -54,7 +54,6 @@ public class PasswordPolicyAwareContextSourceTests { if ("manager".equals(env.get(Context.SECURITY_PRINCIPAL))) { return PasswordPolicyAwareContextSourceTests.this.ctx; } - return null; } }; @@ -71,7 +70,6 @@ public class PasswordPolicyAwareContextSourceTests { @Test(expected = UncategorizedLdapException.class) public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception { willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class)); - this.ctxSource.getContext("user", "ignored"); } @@ -79,9 +77,7 @@ public class PasswordPolicyAwareContextSourceTests { public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception { given(this.ctx.getResponseControls()).willReturn(new Control[] { new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) }); - willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class)); - this.ctxSource.getContext("user", "ignored"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java index 2572727594..50babf5437 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java @@ -33,7 +33,6 @@ public class PasswordPolicyControlFactoryTests { public void returnsNullForUnrecognisedOID() { PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory(); Control wrongCtrl = mock(Control.class); - given(wrongCtrl.getID()).willReturn("wrongId"); assertThat(ctrlFactory.getControlInstance(wrongCtrl)).isNull(); } @@ -42,7 +41,6 @@ public class PasswordPolicyControlFactoryTests { public void returnsControlForCorrectOID() { PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory(); Control control = mock(Control.class); - given(control.getID()).willReturn(PasswordPolicyControl.OID); given(control.getEncodedValue()).willReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL); Control result = ctrlFactory.getControlInstance(control); diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java index ebca7d35ba..0422f10ef7 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java @@ -66,7 +66,6 @@ public class PasswordPolicyResponseControlTests { // // //com.sun.jndi.ldap.LdapPoolManager.showStats(System.out); // } - // private PasswordPolicyResponseControl getPPolicyResponseCtl(InitialLdapContext ctx) // throws NamingException { // Control[] ctrls = ctx.getResponseControls(); @@ -79,13 +78,10 @@ public class PasswordPolicyResponseControlTests { // // return null; // } - @Test public void openLDAP33SecondsTillPasswordExpiryCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getTimeBeforeExpiration()).isEqualTo(33); } @@ -93,9 +89,7 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAP496GraceLoginsRemainingCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01, (byte) 0xF0 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(496); } @@ -105,7 +99,6 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAP5GraceLoginsRemainingCtrlIsParsedCorrectly() { PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_5_LOGINS_REMAINING_CTRL); - assertThat(ctrl.hasWarning()).isTrue(); assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(5); } @@ -115,7 +108,6 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAPAccountLockedCtrlIsParsedCorrectly() { PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_LOCKED_CTRL); - assertThat(ctrl.hasError() && ctrl.isLocked()).isTrue(); assertThat(ctrl.hasWarning()).isFalse(); } @@ -123,9 +115,7 @@ public class PasswordPolicyResponseControlTests { @Test public void openLDAPPasswordExpiredCtrlIsParsedCorrectly() { byte[] ctrlBytes = { 0x30, 0x03, (byte) 0xA1, 0x01, 0x00 }; - PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes); - assertThat(ctrl.hasError() && ctrl.isExpired()).isTrue(); assertThat(ctrl.hasWarning()).isFalse(); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java index 1f1e767efe..5e007f84ed 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java @@ -35,7 +35,6 @@ public class InetOrgPersonTests { public void testUsernameIsMappedFromContextUidIfNotSet() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getUsername()).isEqualTo("ghengis"); } @@ -55,7 +54,6 @@ public class InetOrgPersonTests { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); essence.setUsername("joe"); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getUsername()).isEqualTo("joe"); assertThat(p.getUid()).isEqualTo("ghengis"); } @@ -64,7 +62,6 @@ public class InetOrgPersonTests { public void attributesMapCorrectlyFromContext() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getCarLicense()).isEqualTo("HORS1"); assertThat(p.getMail()).isEqualTo("ghengis@mongolia"); assertThat(p.getGivenName()).isEqualTo("Ghengis"); @@ -89,7 +86,6 @@ public class InetOrgPersonTests { public void testPasswordIsSetFromContextUserPassword() { InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext()); InetOrgPerson p = (InetOrgPerson) essence.createUserDetails(); - assertThat(p.getPassword()).isEqualTo("pillage"); } @@ -102,7 +98,6 @@ public class InetOrgPersonTests { ctx2.setDn(new DistinguishedName("ignored=ignored")); InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails(); p.populateContext(ctx2); - assertThat(ctx2).isEqualTo(ctx1); } @@ -116,13 +111,11 @@ public class InetOrgPersonTests { InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails(); InetOrgPerson p2 = (InetOrgPerson) new InetOrgPerson.Essence(p).createUserDetails(); p2.populateContext(ctx2); - assertThat(ctx2).isEqualTo(ctx1); } private DirContextAdapter createUserContext() { DirContextAdapter ctx = new DirContextAdapter(); - ctx.setDn(new DistinguishedName("ignored=ignored")); ctx.setAttributeValue("uid", "ghengis"); ctx.setAttributeValue("userPassword", "pillage"); @@ -147,7 +140,6 @@ public class InetOrgPersonTests { ctx.setAttributeValue("sn", "Khan"); ctx.setAttributeValue("street", "Westward Avenue"); ctx.setAttributeValue("telephoneNumber", "+442075436521"); - return ctx; } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java index 7671e06211..e803d89288 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java @@ -35,7 +35,6 @@ public class LdapUserDetailsImplTests { mutableLdapUserDetails.setDn("uid=username1,ou=people,dc=example,dc=com"); mutableLdapUserDetails.setUsername("username1"); mutableLdapUserDetails.setPassword("password"); - LdapUserDetails ldapUserDetails = mutableLdapUserDetails.createUserDetails(); assertThat(ldapUserDetails).isInstanceOf(CredentialsContainer.class); ldapUserDetails.eraseCredentials(); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java index 40dfe14fc9..e0205051e3 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java @@ -40,17 +40,12 @@ public class LdapUserDetailsMapperTests { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setConvertToUpperCase(false); mapper.setRolePrefix(""); - mapper.setRoleAttributes(new String[] { "userRole" }); - DirContextAdapter ctx = new DirContextAdapter(); - ctx.setAttributeValues("userRole", new String[] { "X", "Y", "Z" }); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getAuthorities()).hasSize(3); } @@ -60,18 +55,13 @@ public class LdapUserDetailsMapperTests { @Test public void testNonRetrievedRoleAttributeIsIgnored() { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); - mapper.setRoleAttributes(new String[] { "userRole", "nonRetrievedAttribute" }); - BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("userRole", "x")); - DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getAuthorities()).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_X"); } @@ -79,17 +69,13 @@ public class LdapUserDetailsMapperTests { @Test public void testPasswordAttributeIsMappedCorrectly() { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); - mapper.setPasswordAttributeName("myappsPassword"); BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes())); - DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertThat(user.getPassword()).isEqualTo("mypassword"); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java index 5ef160ca9a..3dfd7c53dd 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java @@ -52,13 +52,10 @@ public class LdapUserDetailsServiceTests { @Test public void correctAuthoritiesAreReturned() { DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe")); - LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData), new MockAuthoritiesPopulator()); service.setUserDetailsMapper(new LdapUserDetailsMapper()); - UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway"); - Set authorities = AuthorityUtils.authorityListToSet(user.getAuthorities()); assertThat(authorities).hasSize(1); assertThat(authorities.contains("ROLE_FROM_POPULATOR")).isTrue(); @@ -67,7 +64,6 @@ public class LdapUserDetailsServiceTests { @Test public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() { DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe")); - LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData)); UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway"); assertThat(user.getAuthorities()).isEmpty(); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java index cfdb2267c4..09ea5382e6 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java @@ -44,10 +44,8 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests { given(uds.loadUserByUsername("joe")).willReturn(user); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(user.getAuthorities()).willReturn(authorities); - UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds); Collection auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe"); - assertThat(auths).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER")).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java index 3a23553cca..13277bc737 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java @@ -56,7 +56,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { @Before public void setup() { this.handler = new DefaultMessageSecurityExpressionHandler<>(); - this.message = new GenericMessage<>(""); this.authentication = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); @@ -67,7 +66,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { public void trustResolverPopulated() { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("authenticated"); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse(); } @@ -82,7 +80,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("authenticated"); given(this.trustResolver.isAnonymous(this.authentication)).willReturn(false); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } @@ -94,7 +91,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { this.handler.setRoleHierarchy(roleHierarchy); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')"); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } @@ -104,7 +100,6 @@ public class DefaultMessageSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message); Expression expression = this.handler.getExpressionParser().parseExpression("hasPermission(message, 'read')"); given(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).willReturn(true); - assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java index 98a01be6b5..f4a66f8761 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java @@ -66,7 +66,6 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { this.matcherToExpression = new LinkedHashMap<>(); this.matcherToExpression.put(this.matcher1, this.expression1); this.matcherToExpression.put(this.matcher2, this.expression2); - this.source = ExpressionBasedMessageSecurityMetadataSourceFactory .createExpressionMessageMetadataSource(this.matcherToExpression); this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message); @@ -74,18 +73,14 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { @Test public void createExpressionMessageMetadataSourceNoMatch() { - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).isNull(); } @Test public void createExpressionMessageMetadataSourceMatchFirst() { given(this.matcher1.matches(this.message)).willReturn(true); - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).hasSize(1); ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); @@ -96,9 +91,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { @Test public void createExpressionMessageMetadataSourceMatchSecond() { given(this.matcher2.matches(this.message)).willReturn(true); - Collection attrs = this.source.getAttributes(this.message); - assertThat(attrs).hasSize(1); ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java index 0add3f1d23..27918fa51a 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java @@ -74,7 +74,6 @@ public class MessageExpressionConfigAttributeTests { @Test public void toStringUsesExpressionString() { given(this.expression.getExpressionString()).willReturn("toString"); - assertThat(this.attribute.toString()).isEqualTo(this.expression.getExpressionString()); } @@ -84,10 +83,8 @@ public class MessageExpressionConfigAttributeTests { Message message = MessageBuilder.withPayload("M") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build(); EvaluationContext context = mock(EvaluationContext.class); - this.attribute = new MessageExpressionConfigAttribute(this.expression, matcher); this.attribute.postProcess(context, message); - verify(context).setVariable("topic", "someTopic"); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java index fcd38b0553..700e2714cb 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java @@ -71,7 +71,6 @@ public class MessageExpressionVoterTests { public void setup() { this.attributes = Arrays .asList(new MessageExpressionConfigAttribute(this.expression, this.matcher)); - this.voter = new MessageExpressionVoter(); } @@ -127,10 +126,8 @@ public class MessageExpressionVoterTests { given(this.expressionHandler.createEvaluationContext(this.authentication, this.message)) .willReturn(this.evaluationContext); given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true); - assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message); } @@ -144,7 +141,6 @@ public class MessageExpressionVoterTests { this.attributes = Arrays.asList(configAttribute); given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext); given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true); - assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); verify(configAttribute).postProcess(this.evaluationContext, this.message); diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java index 43da6ad2f6..94d546c32e 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java @@ -77,7 +77,6 @@ public class ChannelSecurityInterceptorTests { this.interceptor = new ChannelSecurityInterceptor(this.source); this.interceptor.setAccessDecisionManager(this.accessDecisionManager); this.interceptor.setRunAsManager(this.runAsManager); - this.originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(this.originalAuth); } @@ -110,9 +109,7 @@ public class ChannelSecurityInterceptorTests { @Test public void preSendGrant() { given(this.source.getAttributes(this.message)).willReturn(this.attrs); - Message result = this.interceptor.preSend(this.message, this.channel); - assertThat(result).isSameAs(this.message); } @@ -121,7 +118,6 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class), eq(this.message), eq(this.attrs)); - this.interceptor.preSend(this.message, this.channel); } @@ -131,13 +127,9 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) .willReturn(this.runAs); - Message preSend = this.interceptor.preSend(this.message, this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); - this.interceptor.postSend(preSend, this.channel, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth); } @@ -152,13 +144,9 @@ public class ChannelSecurityInterceptorTests { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) .willReturn(this.runAs); - Message preSend = this.interceptor.preSend(this.message, this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); - this.interceptor.afterSendCompletion(preSend, this.channel, true, new RuntimeException()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java index 037958cb4d..4bf00db940 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java @@ -63,7 +63,6 @@ public class DefaultMessageSecurityMetadataSourceTests { this.messageMap = new LinkedHashMap<>(); this.messageMap.put(this.matcher1, Arrays.asList(this.config1)); this.messageMap.put(this.matcher2, Arrays.asList(this.config2)); - this.source = new DefaultMessageSecurityMetadataSource(this.messageMap); } @@ -75,14 +74,12 @@ public class DefaultMessageSecurityMetadataSourceTests { @Test public void getAttributesFirst() { given(this.matcher1.matches(this.message)).willReturn(true); - assertThat(this.source.getAttributes(this.message)).containsOnly(this.config1); } @Test public void getAttributesSecond() { given(this.matcher1.matches(this.message)).willReturn(true); - assertThat(this.source.getAttributes(this.message)).containsOnly(this.config2); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java index 43656244ad..c11683c321 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java @@ -63,7 +63,6 @@ public class SecurityContextChannelInterceptorTests { this.messageBuilder = MessageBuilder.withPayload("payload"); this.expectedAnonymous = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); - this.interceptor = new SecurityContextChannelInterceptor(); } @@ -82,18 +81,14 @@ public class SecurityContextChannelInterceptorTests { String headerName = "header"; this.interceptor = new SecurityContextChannelInterceptor(headerName); this.messageBuilder.setHeader(headerName, this.authentication); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @Test public void preSendUserSet() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @@ -107,9 +102,7 @@ public class SecurityContextChannelInterceptorTests { this.expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous", AuthorityUtils.createAuthorityList("ROLE_CUSTOM")); this.interceptor.setAnonymousAuthentication(this.expectedAnonymous); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -117,9 +110,7 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotAuthentication() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal); - this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -127,7 +118,6 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotSet() { this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @@ -135,32 +125,26 @@ public class SecurityContextChannelInterceptorTests { @Test public void preSendUserNotSetCustomAnonymous() { this.interceptor.preSend(this.messageBuilder.build(), this.channel); - assertAnonymous(); } @Test public void afterSendCompletion() { SecurityContextHolder.getContext().setAuthentication(this.authentication); - this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void afterSendCompletionNullAuthentication() { this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void beforeHandleUserSet() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); - this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); } @@ -168,9 +152,7 @@ public class SecurityContextChannelInterceptorTests { @Test public void beforeHandleUserNotAuthentication() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal); - this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertAnonymous(); } @@ -178,23 +160,19 @@ public class SecurityContextChannelInterceptorTests { @Test public void beforeHandleUserNotSet() { this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertAnonymous(); } @Test public void afterMessageHandledUserNotSet() { this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @Test public void afterMessageHandled() { SecurityContextHolder.getContext().setAuthentication(this.authentication); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -203,14 +181,10 @@ public class SecurityContextChannelInterceptorTests { public void restoresOriginalContext() { TestingAuthenticationToken original = new TestingAuthenticationToken("original", "original", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(original); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(original); } @@ -222,35 +196,25 @@ public class SecurityContextChannelInterceptorTests { public void restoresOriginalContextNestedThreeDeep() { AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_USER")); - TestingAuthenticationToken origional = new TestingAuthenticationToken("original", "origional", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(origional); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); - // start send websocket this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null); this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler); - assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo(anonymous.getName()); - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication); // end send websocket - this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(origional); } private void assertAnonymous() { Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); assertThat(currentAuthentication).isInstanceOf(AnonymousAuthenticationToken.class); - AnonymousAuthenticationToken anonymous = (AnonymousAuthenticationToken) currentAuthentication; assertThat(anonymous.getName()).isEqualTo(this.expectedAnonymous.getName()); assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(this.expectedAnonymous.getAuthorities()); diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java index a22a63ee0a..f7e259aeed 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java +++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java @@ -265,17 +265,14 @@ public final class ResolvableMethod { factory.addAdvice(interceptor); return (T) factory.getProxy(); } - else { Enhancer enhancer = new Enhancer(); enhancer.setSuperclass(type); enhancer.setInterfaces(new Class[] { Supplier.class }); enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE); enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class); - Class proxyClass = enhancer.createClass(); Object proxy = null; - if (objenesis.isWorthTrying()) { try { proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache()); @@ -284,7 +281,6 @@ public final class ResolvableMethod { logger.debug("Objenesis failed, falling back to default constructor", ex); } } - if (proxy == null) { try { proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance(); @@ -295,7 +291,6 @@ public final class ResolvableMethod { ex); } } - ((Factory) proxy).setCallbacks(new Callback[] { interceptor }); return (T) proxy; } @@ -440,7 +435,6 @@ public final class ResolvableMethod { } // Build & resolve shortcuts... - /** * Resolve and return the {@code Method} equivalent to: *

@@ -489,7 +483,6 @@ public final class ResolvableMethod { */ public MethodParameter resolveReturnType(Class returnType, ResolvableType generic, ResolvableType... generics) { - return returning(returnType, generic, generics).method().returnType(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java index dd740ed3c2..368b50d839 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java @@ -79,7 +79,6 @@ public class AndMessageMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new AndMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -88,7 +87,6 @@ public class AndMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(true); given(this.delegate2.matches(this.message)).willReturn(true); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -96,7 +94,6 @@ public class AndMessageMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -104,7 +101,6 @@ public class AndMessageMatcherTests { public void matchesMultiBothFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -113,7 +109,6 @@ public class AndMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(true); given(this.delegate2.matches(this.message)).willReturn(false); this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java index 157dd8c772..51aa9f3040 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java @@ -79,7 +79,6 @@ public class OrMessageMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -87,7 +86,6 @@ public class OrMessageMatcherTests { public void matchesMultiTrue() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } @@ -95,7 +93,6 @@ public class OrMessageMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.message)).willReturn(false); this.matcher = new OrMessageMatcher<>(this.delegate); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -104,7 +101,6 @@ public class OrMessageMatcherTests { given(this.delegate.matches(this.message)).willReturn(false); given(this.delegate2.matches(this.message)).willReturn(false); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isFalse(); } @@ -112,7 +108,6 @@ public class OrMessageMatcherTests { public void matchesMultiSingleFalse() { given(this.delegate.matches(this.message)).willReturn(true); this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.message)).isTrue(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java index ed1ed3d9fc..9161a95ff8 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java @@ -59,74 +59,59 @@ public class SimpDestinationMessageMatcherTests { @Test public void matchesAllWithDestination() { this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesSpecificWithDestination() { this.matcher = new SimpDestinationMessageMatcher("/destination/1"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesFalseWithDestination() { this.matcher = new SimpDestinationMessageMatcher("/nomatch"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1"); - assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse(); } @Test public void matchesFalseMessageTypeNotDisconnectType() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT); - assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse(); } @Test public void matchesTrueMessageType() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesTrueSubscribeType() { this.matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", this.pathMatcher); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void matchesNullMessageType() { this.matcher = new SimpDestinationMessageMatcher("/match"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue(); } @Test public void extractPathVariablesFromDestination() { this.matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**"); - this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1"); this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE); - assertThat(this.matcher.extractPathVariables(this.messageBuilder.build()).get("topic")).isEqualTo("someTopic"); } @@ -139,11 +124,8 @@ public class SimpDestinationMessageMatcherTests { @Test public void typeConstructorParameterIsTransmitted() { this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher); - MessageMatcher expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE); - assertThat(this.matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher); - } } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java index 08b727f0fe..c6f6b72b7d 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java @@ -44,7 +44,6 @@ public class SimpMessageTypeMatcherTests { public void matchesMessageMessageTrue() { Message message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build(); - assertThat(this.matcher.matches(message)).isTrue(); } @@ -52,14 +51,12 @@ public class SimpMessageTypeMatcherTests { public void matchesMessageConnectFalse() { Message message = MessageBuilder.withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build(); - assertThat(this.matcher.matches(message)).isFalse(); } @Test public void matchesMessageNullFalse() { Message message = MessageBuilder.withPayload("Hi").build(); - assertThat(this.matcher.matches(message)).isFalse(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java index 9ec31982c2..f7d1e6d76c 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java @@ -51,7 +51,6 @@ public class CsrfChannelInterceptorTests { public void setup() { this.token = new DefaultCsrfToken("header", "param", "token"); this.interceptor = new CsrfChannelInterceptor(); - this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT); this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken()); this.messageHeaders.setSessionAttributes(new HashMap<>()); @@ -66,84 +65,72 @@ public class CsrfChannelInterceptorTests { @Test public void preSendIgnoresConnectAck() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT_ACK); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresDisconnect() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresDisconnectAck() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT_ACK); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresHeartbeat() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.HEARTBEAT); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresMessage() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.MESSAGE); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresOther() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.OTHER); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresSubscribe() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.SUBSCRIBE); - this.interceptor.preSend(message(), this.channel); } @Test public void preSendIgnoresUnsubscribe() { this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.UNSUBSCRIBE); - this.interceptor.preSend(message(), this.channel); } @Test(expected = InvalidCsrfTokenException.class) public void preSendNoToken() { this.messageHeaders.removeNativeHeader(this.token.getHeaderName()); - this.interceptor.preSend(message(), this.channel); } @Test(expected = InvalidCsrfTokenException.class) public void preSendInvalidToken() { this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid"); - this.interceptor.preSend(message(), this.channel); } @Test(expected = MissingCsrfTokenException.class) public void preSendMissingToken() { this.messageHeaders.getSessionAttributes().clear(); - this.interceptor.preSend(message(), this.channel); } @Test(expected = MissingCsrfTokenException.class) public void preSendMissingTokenNullSessionAttributes() { this.messageHeaders.setSessionAttributes(null); - this.interceptor.preSend(message(), this.channel); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java index 04e511db7f..b92390fecd 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java @@ -60,14 +60,12 @@ public class CsrfTokenHandshakeInterceptorTests { this.httpRequest = new MockHttpServletRequest(); this.attributes = new HashMap<>(); this.request = new ServletServerHttpRequest(this.httpRequest); - this.interceptor = new CsrfTokenHandshakeInterceptor(); } @Test public void beforeHandshakeNoAttribute() throws Exception { this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes); - assertThat(this.attributes).isEmpty(); } @@ -75,9 +73,7 @@ public class CsrfTokenHandshakeInterceptorTests { public void beforeHandshake() throws Exception { CsrfToken token = new DefaultCsrfToken("header", "param", "token"); this.httpRequest.setAttribute(CsrfToken.class.getName(), token); - this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes); - assertThat(this.attributes.keySet()).containsOnly(CsrfToken.class.getName()); assertThat(this.attributes.values()).containsOnly(token); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java index 5de8cb739c..bb777ce820 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java @@ -61,7 +61,6 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() { ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientCredentialsClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java index b64751f885..190af59bc3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java @@ -61,7 +61,6 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() { ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientCredentialsClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java index 8959d18c38..8de4368877 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java @@ -166,20 +166,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -190,23 +186,18 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal), any()); @@ -220,26 +211,20 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { .willReturn(this.clientRegistration); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).willReturn(this.authorizedClient); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -252,15 +237,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -271,22 +253,17 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -298,20 +275,15 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); @@ -321,7 +293,6 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -333,16 +304,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -353,16 +320,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verifyNoInteractions(this.authorizedClientService); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java index 857ed535a1..aafb30ec73 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java @@ -155,7 +155,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { given(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(Mono.empty()); StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest)) .verifyError(IllegalArgumentException.class); - } @SuppressWarnings("unchecked") @@ -164,23 +163,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty()); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), eq(this.principal)); } @@ -190,27 +184,20 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -221,31 +208,23 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationSuccessHandler( (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); - Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationSuccessHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -255,30 +234,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName())); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -289,30 +260,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName())); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -323,30 +286,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } @@ -355,29 +310,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } @@ -386,33 +333,24 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationFailureHandler( (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); - assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationFailureHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); @@ -425,27 +363,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -458,16 +390,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), eq(this.principal)); } @@ -477,24 +406,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); @@ -505,24 +428,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); - this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete(); verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); this.saveAuthorizedClientProbe.assertWasSubscribed(); verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); @@ -532,7 +449,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java index 4cc00ed3f7..3fd7402466 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java @@ -96,7 +96,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -106,11 +105,9 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -124,14 +121,11 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -141,7 +135,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -157,19 +150,14 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java index 32ba665c88..b6014bf6c4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java @@ -97,7 +97,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -107,11 +106,9 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -125,14 +122,11 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -142,7 +136,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -158,20 +151,15 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java index ae155f6966..cd86c5d416 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java @@ -61,10 +61,8 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes()); - OAuth2AuthorizedClientProvider authorizedClientProvider = mock(OAuth2AuthorizedClientProvider.class); given(authorizedClientProvider.authorize(any())).willReturn(authorizedClient); - DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class), authorizedClientProvider); @@ -79,7 +77,6 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) .principal(new TestingAuthenticationToken("principal", "password")).build(); - DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class)); assertThat(delegate.authorize(context)).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java index a9f81cf137..802465922c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java @@ -62,7 +62,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes()); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty()); @@ -72,7 +71,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider3.authorize(any())).willReturn(Mono.just(authorizedClient)); - DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) @@ -86,14 +84,12 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) .principal(new TestingAuthenticationToken("principal", "password")).build(); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty()); ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty()); - DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( authorizedClientProvider1, authorizedClientProvider2); assertThat(delegate.authorize(context).block()).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java index d86f847cbf..17288536a1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java @@ -73,13 +73,11 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test public void constructorWhenAuthorizedClientsProvidedThenUseProvidedAuthorizedClients() { String registrationId = this.registration3.getRegistrationId(); - Map authorizedClients = Collections.singletonMap( new OAuth2AuthorizedClientId(this.registration3.getRegistrationId(), this.principalName1), mock(OAuth2AuthorizedClient.class)); ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).willReturn(this.registration3); - InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService( clientRegistrationRepository, authorizedClients); assertThat((Object) authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1)) @@ -114,11 +112,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void loadAuthorizedClientWhenClientRegistrationFoundAndAssociatedToPrincipalThenReturnAuthorizedClient() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName1); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -138,11 +134,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenSavedThenCanLoad() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName2); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration3, this.principalName2, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -162,18 +156,14 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { public void removeAuthorizedClientWhenSavedThenRemoved() { Authentication authentication = mock(Authentication.class); given(authentication.getName()).willReturn(this.principalName2); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName2, mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNotNull(); - this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); - loadedAuthorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java index d782405489..6855cd5846 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java @@ -139,7 +139,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { Mono saveAndLoad = this.authorizedClientService .saveAuthorizedClient(authorizedClient, this.principal) .then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndLoad).expectNext(authorizedClient).verifyComplete(); } @@ -198,7 +197,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { Mono saveAndDeleteAndLoad = this.authorizedClientService .saveAuthorizedClient(authorizedClient, this.principal).then(this.authorizedClientService .removeAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndDeleteAndLoad).verifyComplete(); } @@ -213,7 +211,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { .then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName)) .then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)); - StepVerifier.create(saveAndDeleteAndLoad).verifyComplete(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java index d2d2931620..49b7fbb3fa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java @@ -150,12 +150,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void loadAuthorizedClientWhenExistsThenReturnAuthorizedClient() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -179,9 +176,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(null); Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - assertThatThrownBy(() -> this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName())) .isInstanceOf(DataRetrievalFailureException.class) @@ -192,7 +187,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Test public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { Authentication principal = createPrincipal(); - assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) .isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null"); } @@ -201,7 +195,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenPrincipalIsNullThenThrowIllegalArgumentException() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) .isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null"); } @@ -210,12 +203,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void saveAuthorizedClientWhenSaveThenLoadReturnsSaved() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -232,16 +222,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { .isEqualTo(expected.getRefreshToken().getTokenValue()); assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); - // Test save/load of NOT NULL attributes only principal = createPrincipal(); expected = createAuthorizedClient(principal, this.clientRegistration, true); - this.authorizedClientService.saveAuthorizedClient(expected, principal); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); @@ -263,15 +249,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); - // When a client with the same principal and registration id is saved OAuth2AuthorizedClient updatedClient = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(updatedClient, principal); - // Then the saved client is updated OAuth2AuthorizedClient savedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - assertThat(savedClient).isNotNull(); assertThat(savedClient.getClientRegistration()).isEqualTo(updatedClient.getClientRegistration()); assertThat(savedClient.getPrincipalName()).isEqualTo(updatedClient.getPrincipalName()); @@ -299,14 +282,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests { JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper authorizedClientParametersMapper = spy( new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper()); this.authorizedClientService.setAuthorizedClientParametersMapper(authorizedClientParametersMapper); - Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - verify(authorizedClientRowMapper).mapRow(any(), anyInt()); verify(authorizedClientParametersMapper).apply(any()); } @@ -328,16 +308,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void removeAuthorizedClientWhenExistsThenRemoved() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); - this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); @@ -347,19 +323,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public void tableDefinitionWhenCustomThenAbleToOverride() { CustomTableDefinitionJdbcOAuth2AuthorizedClientService customAuthorizedClientService = new CustomTableDefinitionJdbcOAuth2AuthorizedClientService( new JdbcTemplate(createDb("custom-oauth2-client-schema.sql")), this.clientRegistrationRepository); - Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - customAuthorizedClientService.saveAuthorizedClient(authorizedClient, principal); - authorizedClient = customAuthorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); - customAuthorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); - authorizedClient = customAuthorizedClientService .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); @@ -473,7 +444,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { "The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, " + "however, it was not found in the ClientRegistrationRepository."); } - OAuth2AccessToken.TokenType tokenType = null; if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("accessTokenType"))) { tokenType = OAuth2AccessToken.TokenType.BEARER; @@ -488,7 +458,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests { } OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt, scopes); - OAuth2RefreshToken refreshToken = null; byte[] refreshTokenValue = rs.getBytes("refreshTokenValue"); if (refreshTokenValue != null) { @@ -500,9 +469,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { } refreshToken = new OAuth2RefreshToken(tokenValue, issuedAt); } - String principalName = rs.getString("principalName"); - return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java index 5d2d0c8418..cf348d52cd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java @@ -78,7 +78,6 @@ public class OAuth2AuthorizeRequestTests { attrs.put("name1", "value1"); attrs.put("name2", "value2"); }).build(); - assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal); @@ -92,7 +91,6 @@ public class OAuth2AuthorizeRequestTests { attrs.put("name1", "value1"); attrs.put("name2", "value2"); }).build(); - assertThat(authorizeRequest.getClientRegistrationId()) .isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isEqualTo(this.authorizedClient); @@ -105,7 +103,6 @@ public class OAuth2AuthorizeRequestTests { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal("principalName") .build(); - assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal().getName()).isEqualTo("principalName"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java index fae43f8872..c1639e420c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java @@ -90,7 +90,6 @@ public class OAuth2AuthorizedClientProviderBuilderTests { public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .authorizationCode().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal) .build(); @@ -104,15 +103,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .refreshToken( (configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) .build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -123,12 +119,10 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .clientCredentials( (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) .build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -138,13 +132,11 @@ public class OAuth2AuthorizedClientProviderBuilderTests { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) .build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); } @@ -159,44 +151,35 @@ public class OAuth2AuthorizedClientProviderBuilderTests { (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) .build(); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); - // authorization_code OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext)) .isInstanceOf(ClientAuthorizationRequiredException.class); - // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext); - assertThat(reauthorizedClient).isNotNull(); verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); - // client_credentials OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal) .build(); authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); - // password OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); authorizedClient = authorizedClientProvider.authorize(passwordContext); - assertThat(authorizedClient).isNotNull(); verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); @@ -205,15 +188,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @Test public void buildWhenCustomProviderThenProviderCalled() { OAuth2AuthorizedClientProvider customProvider = mock(OAuth2AuthorizedClientProvider.class); - OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .provider(customProvider).build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal) .build(); authorizedClientProvider.authorize(authorizationContext); - verify(customProvider).authorize(any(OAuth2AuthorizationContext.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java index 8e5e4a8a9f..a91d541770 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java @@ -65,7 +65,6 @@ public class OAuth2AuthorizedClientTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken); - assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isEqualTo(this.accessToken); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java index 3f74f56885..8ded488091 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java @@ -96,7 +96,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotPasswordThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -124,13 +123,11 @@ public class PasswordOAuth2AuthorizedClientProviderTests { public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -144,21 +141,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests { "access-token-expired", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); // without refresh token - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); - } @Test @@ -171,7 +164,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests { this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with // refresh // token - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") @@ -191,22 +183,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); // without refresh // token - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java index e1803063c8..53f11ad2db 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java @@ -97,7 +97,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenNotPasswordThenUnableToAuthorize() { ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(clientRegistration).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -125,13 +124,11 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistration).principal(this.principal) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -145,21 +142,17 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { "access-token-expired", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken); // without refresh token - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); - } @Test @@ -172,7 +165,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with // refresh // token - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") @@ -192,23 +184,18 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken); // without refresh // token - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient) .attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal) .build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java index 12d2d4bb63..a43dba1211 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java @@ -81,7 +81,6 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() { ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().authorizationCode().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block()) @@ -93,21 +92,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().refreshToken().build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(reauthorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); @@ -118,20 +111,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().clientCredentials().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build()) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); @@ -142,21 +130,16 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().password().build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration( this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build()) .principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); @@ -169,47 +152,35 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().authorizationCode().refreshToken().clientCredentials().password().build(); - // authorization_code OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block()) .isInstanceOf(ClientAuthorizationRequiredException.class); - // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); - OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext).block(); - assertThat(reauthorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(1); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); - // client_credentials OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build()) .principal(this.principal).build(); authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - recordedRequest = this.server.takeRequest(); formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); - // password OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext .withClientRegistration( @@ -217,11 +188,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { .principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username") .attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build(); authorizedClient = authorizedClientProvider.authorize(passwordContext).block(); - assertThat(authorizedClient).isNotNull(); - assertThat(this.server.getRequestCount()).isEqualTo(3); - recordedRequest = this.server.takeRequest(); formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); @@ -231,14 +199,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { public void buildWhenCustomProviderThenProviderCalled() { ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class); given(customProvider.authorize(any())).willReturn(Mono.empty()); - ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder .builder().provider(customProvider).build(); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build(); authorizedClientProvider.authorize(authorizationContext).block(); - verify(customProvider).authorize(any(OAuth2AuthorizationContext.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java index e78a1d9898..ee63d83c36 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java @@ -117,7 +117,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -127,7 +126,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); @@ -139,7 +137,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); Instant expiresAt = now.minus(Duration.ofMinutes(1)); @@ -147,16 +144,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken()); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -168,12 +161,9 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -185,14 +175,11 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - String[] requestScope = new String[] { "read", "write" }; OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build(); - this.authorizedClientProvider.authorize(authorizationContext); - ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); @@ -206,7 +193,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build(); - assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)) .isInstanceOf(IllegalArgumentException.class) .hasMessageStartingWith("The context attribute must be of type String[] '" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java index 06f9e27527..07dcd2b7a1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java @@ -118,7 +118,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -128,7 +127,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken()); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); @@ -140,7 +138,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); Instant expiresAt = now.minus(Duration.ofMinutes(1)); @@ -148,17 +145,13 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { "access-token-1234", issuedAt, expiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken()); - // Shorten the lifespan of the access token by 90 seconds, which will ultimately // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -170,13 +163,10 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal).build(); - OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) .block(); - assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -188,14 +178,11 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("new-refresh-token").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - String[] requestScope = new String[] { "read", "write" }; OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build(); - this.authorizedClientProvider.authorize(authorizationContext).block(); - ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); @@ -209,7 +196,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withAuthorizedClient(this.authorizedClient).principal(this.principal) .attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build(); - assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()) .isInstanceOf(IllegalArgumentException.class) .hasMessageStartingWith("The context attribute must be of type String[] '" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java index a2dfa39428..c250c84f06 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java @@ -72,7 +72,6 @@ public class OAuth2AuthenticationTokenTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(this.principal, this.authorities, this.authorizedClientRegistrationId); - assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(this.authorities); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 3d82ba7717..251dbb8fc9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -84,7 +84,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - assertThatThrownBy(() -> this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) .isInstanceOf(OAuth2AuthorizationException.class) @@ -97,7 +96,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - assertThatThrownBy(() -> this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) .isInstanceOf(OAuth2AuthorizationException.class) @@ -109,13 +107,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .refreshToken("refresh").build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider .authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authenticationResult.isAuthenticated()).isTrue(); assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authenticationResult.getCredentials()) @@ -133,18 +129,14 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() .additionalParameters(additionalParameters).build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); - OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider .authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication.getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java index f3d4a0900e..c93b774a3c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java @@ -69,7 +69,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange); - assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authentication.getCredentials()) .isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode()); @@ -103,7 +102,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange, this.accessToken); - assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authentication.getCredentials()).isEqualTo(this.accessToken.getTokenValue()); assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java index 1e956bd75d..459ac5c5b9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java @@ -82,18 +82,14 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { @Test public void authenticateWhenValidThenSuccess() { given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(this.tokenResponse.build())); - OAuth2AuthorizationCodeAuthenticationToken result = authenticate(); - assertThat(result).isNotNull(); } @Test public void authenticateWhenEmptyThenEmpty() { given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.empty()); - OAuth2AuthorizationCodeAuthenticationToken result = authenticate(); - assertThat(result).isNull(); } @@ -101,7 +97,6 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() { given(this.accessTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error")))); - assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java index 7833f2ab05..9d25859dfa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java @@ -125,10 +125,8 @@ public class OAuth2LoginAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication).isNull(); } @@ -136,12 +134,10 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_REQUEST)); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -150,12 +146,10 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_state_parameter")); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890") .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -164,15 +158,12 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenLoginSuccessThenReturnAuthentication() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -187,21 +178,17 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -210,16 +197,13 @@ public class OAuth2LoginAuthenticationProviderTests { public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() { OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - OAuth2User principal = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -230,11 +214,9 @@ public class OAuth2LoginAuthenticationProviderTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234") .additionalParameters(additionalParameters).build(); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java index 8a50f56c84..cb83eef68b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java @@ -76,7 +76,6 @@ public class OAuth2LoginAuthenticationTokenTests { public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange); - assertThat(authentication.getPrincipal()).isNull(); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList()); @@ -126,7 +125,6 @@ public class OAuth2LoginAuthenticationTokenTests { public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() { OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal, this.authorities, this.accessToken); - assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials()).isEqualTo(""); assertThat(authentication.getAuthorities()).isEqualTo(this.authorities); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java index 977feff17d..9309ba2db3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java @@ -113,9 +113,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { // we didn't do anything because it should cause a ClassCastException (as verified // below) TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b"); - assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class); } @@ -157,10 +155,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) .block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -179,9 +175,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { Collections.singletonMap("user", "rob"), "user"); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); - this.manager.authenticate(loginToken()).block(); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -199,10 +193,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.manager.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) .block(); - assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java index 458ab5ab3e..9338e165b5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java @@ -98,25 +98,19 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=authorization_code"); assertThat(formParameters).contains("code=code-1234"); assertThat(formParameters).contains("redirect_uri=https%3A%2F%2Fclient.com%2Fcallback%2Fclient-1"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -132,9 +126,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); } @@ -144,15 +136,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.from(this.clientRegistration) .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration)); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-1"); assertThat(formParameters).contains("client_secret=secret"); @@ -163,7 +151,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -175,7 +162,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -189,10 +175,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -202,10 +186,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"refresh_token\": \"refresh-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(this.authorizationCodeGrantRequest()); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); } @@ -213,7 +195,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { String invalidTokenUri = "https://invalid-provider.com/oauth2/token"; ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build(); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest( clientRegistration))).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -228,7 +209,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -238,7 +218,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -246,7 +225,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest())) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java index e7c0cfd370..a7e28cf954 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java @@ -92,27 +92,20 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"scope\": \"read write\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -128,12 +121,9 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); } @@ -143,18 +133,13 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.from(this.clientRegistration) .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); - this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-1"); assertThat(formParameters).contains("client_secret=secret"); @@ -165,10 +150,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -180,10 +163,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -197,13 +178,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -212,13 +190,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(clientCredentialsGrantRequest); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); } @@ -226,10 +201,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { String invalidTokenUri = "https://invalid-provider.com/oauth2/token"; ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build(); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -243,10 +216,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); @@ -256,10 +227,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -267,10 +236,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java index 0f24023a2e..31e196cf00 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java @@ -93,29 +93,22 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); assertThat(formParameters).contains("password=password"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -129,17 +122,13 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -150,10 +139,8 @@ public class DefaultPasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -167,16 +154,12 @@ public class DefaultPasswordTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -184,10 +167,8 @@ public class DefaultPasswordTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -195,10 +176,8 @@ public class DefaultPasswordTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java index d4f5b66239..a4cd6dd27d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java @@ -97,28 +97,21 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); assertThat(formParameters).contains("refresh_token=refresh-token"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -132,18 +125,13 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); - this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -154,10 +142,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( @@ -171,18 +157,14 @@ public class DefaultRefreshTokenTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -190,10 +172,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]"); } @@ -201,10 +181,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining( "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java index 7f366ba058..a9bf107e9d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java @@ -75,7 +75,6 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" @@ -84,20 +83,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), this.authorizationExchange)); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -111,13 +104,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() { this.exception.expect(IllegalArgumentException.class); - String redirectUri = "http:\\example.com"; OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .redirectUri(redirectUri).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); } @@ -125,10 +116,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenTokenUriMalformedThenThrowIllegalArgumentException() { this.exception.expect(IllegalArgumentException.class); - String tokenUri = "http:\\provider.com\\oauth2\\token"; this.clientRegistrationBuilder.tokenUri(tokenUri); - this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); } @@ -137,22 +126,17 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); - MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n"; // "}\n"; // Make the JSON invalid/malformed - server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -165,10 +149,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { this.exception.expect(OAuth2AuthorizationException.class); - String tokenUri = "https://invalid-provider.com/oauth2/token"; this.clientRegistrationBuilder.tokenUri(tokenUri); - this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); } @@ -177,17 +159,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("unauthorized_client")); - MockWebServer server = new MockWebServer(); - String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setResponseCode(500).setBody(accessTokenErrorResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -202,15 +180,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("server_error")); - MockWebServer server = new MockWebServer(); - server.enqueue(new MockResponse().setResponseCode(500)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -225,19 +199,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { throws Exception { this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); - MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; - server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - try { this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( this.clientRegistrationBuilder.build(), this.authorizationExchange)); @@ -251,27 +220,21 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .scope("openid", "profile", "email", "address").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile"); } @@ -279,26 +242,20 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() throws Exception { MockWebServer server = new MockWebServer(); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setBody(accessTokenSuccessResponse)); server.start(); - String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .scope("openid", "profile", "email", "address").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)); - server.shutdown(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java index 5000346862..c75fc03315 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java @@ -74,19 +74,15 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { authorizationResponse); OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( clientRegistration, authorizationExchange); - RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); @@ -101,35 +97,27 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { public void convertWhenPkceGrantRequestValidThenConverts() { ClientRegistration clientRegistration = this.clientRegistrationBuilder.clientAuthenticationMethod(null) .clientSecret(null).build(); - Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); - Map additionalParameters = new HashMap<>(); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234"); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"); - OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.attributes(attributes) .additionalParameters(additionalParameters).build(); - OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBuilder.build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( clientRegistration, authorizationExchange); - RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull(); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java index 9771f072df..28c625f841 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java @@ -58,7 +58,6 @@ public class OAuth2AuthorizationCodeGrantRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest( this.clientRegistration, this.authorizationExchange); - assertThat(authorizationCodeGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationCodeGrantRequest.getAuthorizationExchange()).isEqualTo(this.authorizationExchange); assertThat(authorizationCodeGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java index 4aa6632681..f5b402ed3e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java @@ -56,19 +56,15 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.clientCredentialsGrantRequest); - ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java index f0bc076c22..1bb619e9b1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java @@ -55,7 +55,6 @@ public class OAuth2ClientCredentialsGrantRequestTests { .clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT) .redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth") .clientName("Client 1").build(); - assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)) .isInstanceOf(IllegalArgumentException.class).hasMessage( "clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS"); @@ -65,7 +64,6 @@ public class OAuth2ClientCredentialsGrantRequestTests { public void constructorWhenValidParametersProvidedThenCreated() { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration); - assertThat(clientCredentialsGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(clientCredentialsGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java index af4378312c..2032c722b0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java @@ -53,19 +53,15 @@ public class OAuth2PasswordGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.passwordGrantRequest); - ClientRegistration clientRegistration = this.passwordGrantRequest.getClientRegistration(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.PASSWORD.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java index c53b600a3a..60c53bdeda 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java @@ -58,20 +58,16 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests { @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity requestEntity = this.converter.convert(this.refreshTokenGrantRequest); - ClientRegistration clientRegistration = this.refreshTokenGrantRequest.getClientRegistration(); OAuth2RefreshToken refreshToken = this.refreshTokenGrantRequest.getRefreshToken(); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) .isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index f2a2dba39e..f614700b0f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -63,9 +63,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - String tokenUri = this.server.url("/oauth2/token").toString(); - this.clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(tokenUri); } @@ -82,18 +80,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); String body = this.server.takeRequest().getBody().readUtf8(); - assertThat(body).isEqualTo( "grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D"); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -184,10 +177,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; - this.server.enqueue( jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -200,7 +191,6 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenErrorResponse = "{}"; this.server.enqueue( jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("server_error"); } @@ -209,9 +199,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_token_response"); } @@ -222,12 +210,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile"); } @@ -236,12 +221,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(authorizationCodeGrantRequest()).block(); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address"); } @@ -272,19 +254,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { public void setCustomWebClientThenCustomWebClientIsUsed() { WebClient customClient = mock(WebClient.class); given(customClient.post()).willReturn(WebClient.builder().build().post()); - this.tokenResponseClient.setWebClient(customClient); - String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"openid profile\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.clientRegistration.scope("openid", "profile", "email", "address"); - OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()) .block(); - verify(customClient, atLeastOnce()).post(); } @@ -294,10 +271,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - this.tokenResponseClient.getTokenResponse(pkceAuthorizationCodeGrantRequest()).block(); String body = this.server.takeRequest().getBody().readUtf8(); - assertThat(body).isEqualTo( "grant_type=authorization_code&client_id=client-id&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D&code_verifier=code-verifier-1234"); } @@ -305,14 +280,11 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() { ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null) .build(); - Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); - Map additionalParameters = new HashMap<>(); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234"); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .clientId(registration.getClientId()).state("state") .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java index 46ce905b07..7e47b19533 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java @@ -56,7 +56,6 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - this.clientRegistration = TestClientRegistrations.clientCredentials() .tokenUri(this.server.url("/oauth2/token").uri().toASCIIString()); } @@ -74,11 +73,9 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + " \"scope\":\"create\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); RecordedRequest actualRequest = this.server.takeRequest(); String body = actualRequest.getUtf8Body(); - assertThat(response.getAccessToken()).isNotNull(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); @@ -92,13 +89,10 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { enqueueJson("{\n" + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + " \"scope\":\"create\"\n" + "}"); - OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); RecordedRequest actualRequest = this.server.takeRequest(); String body = actualRequest.getUtf8Body(); - assertThat(response.getAccessToken()).isNotNull(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); assertThat(body).isEqualTo( @@ -112,9 +106,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); - assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes()); } @@ -127,16 +119,13 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void setWebClientCustomThenCustomClientIsUsed() { WebClient customClient = mock(WebClient.class); given(customClient.post()).willReturn(WebClient.builder().build().post()); - this.client.setWebClient(customClient); ClientRegistration registration = this.clientRegistration.build(); enqueueJson("{\n" + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" + " \"token_type\":\"bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}"); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); - verify(customClient, atLeastOnce()).post(); } @@ -144,15 +133,12 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { public void getTokenResponseWhenInvalidResponse() throws WebClientResponseException { ClientRegistration registration = this.clientRegistration.build(); enqueueUnexpectedResponse(); - OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); - assertThatThrownBy(() -> this.client.getTokenResponse(request).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) .hasMessageContaining("[invalid_token_response]") .hasMessageContaining("Empty OAuth 2.0 Access Token Response"); - } private void enqueueUnexpectedResponse() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java index a131e93910..a48a48505c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java @@ -85,30 +85,23 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) .block(); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); assertThat(formParameters).contains("password=password"); assertThat(formParameters).contains("scope=read+write"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -122,17 +115,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); - this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -143,10 +132,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) @@ -161,17 +148,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) .block(); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -179,10 +162,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -192,10 +173,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java index 4599d702e6..47a5cdcd24 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java @@ -91,28 +91,21 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - Instant expiresAtBefore = Instant.now().plusSeconds(3600); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest).block(); - Instant expiresAtAfter = Instant.now().plusSeconds(3600); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); assertThat(formParameters).contains("refresh_token=refresh-token"); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); @@ -126,18 +119,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - ClientRegistration clientRegistration = this.clientRegistrationBuilder .clientAuthenticationMethod(ClientAuthenticationMethod.POST).build(); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); - this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); - String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("client_id=client-id"); assertThat(formParameters).contains("client_secret=client-secret"); @@ -148,10 +136,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[invalid_token_response]") .hasMessageContaining("An error occurred parsing the Access Token response") @@ -164,18 +150,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); - OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient .getTokenResponse(refreshTokenGrantRequest).block(); - RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); - assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -183,10 +165,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client")) @@ -196,10 +176,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); - OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); - assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response")) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java index 10815a3cc6..6eeade77ca 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java @@ -38,9 +38,7 @@ public class OAuth2ErrorResponseErrorHandlerTests { public void handleErrorWhenErrorResponseBodyThenHandled() { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - assertThatThrownBy(() -> this.errorHandler.handleError(response)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessage("[unauthorized_client] The client is not authorized"); @@ -49,10 +47,8 @@ public class OAuth2ErrorResponseErrorHandlerTests { @Test public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() { String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\""; - MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST); response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader); - assertThatThrownBy(() -> this.errorHandler.handleError(response)) .isInstanceOf(OAuth2AuthorizationException.class) .hasMessage("[insufficient_scope] The access token expired"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java index 6bfcc4f2a9..e47de4a0a4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java @@ -51,7 +51,6 @@ public class OAuth2AuthenticationExceptionMixinTests { OAuth2AuthenticationException exception = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), "Authorization Request Not Found"); - String serializedJson = this.mapper.writeValueAsString(exception); String expected = asJson(exception); JSONAssert.assertEquals(expected, serializedJson, true); @@ -61,7 +60,6 @@ public class OAuth2AuthenticationExceptionMixinTests { public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { OAuth2AuthenticationException exception = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]")); - String serializedJson = this.mapper.writeValueAsString(exception); String expected = asJson(exception); JSONAssert.assertEquals(expected, serializedJson, true); @@ -79,13 +77,11 @@ public class OAuth2AuthenticationExceptionMixinTests { OAuth2AuthenticationException expected = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), "Authorization Request Not Found"); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class); assertThat(exception).isNotNull(); assertThat(exception.getCause()).isNull(); assertThat(exception.getMessage()).isEqualTo(expected.getMessage()); - OAuth2Error oauth2Error = exception.getError(); assertThat(oauth2Error).isNotNull(); assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); @@ -97,13 +93,11 @@ public class OAuth2AuthenticationExceptionMixinTests { public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { OAuth2AuthenticationException expected = new OAuth2AuthenticationException( new OAuth2Error("[authorization_request_not_found]")); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class); assertThat(exception).isNotNull(); assertThat(exception.getCause()).isNull(); assertThat(exception.getMessage()).isNull(); - OAuth2Error oauth2Error = exception.getError(); assertThat(oauth2Error).isNotNull(); assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java index 6e7583df26..ad7e4f5752 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java @@ -73,7 +73,6 @@ public class OAuth2AuthenticationTokenMixinTests { String expectedJson = asJson(authentication); String json = this.mapper.writeValueAsString(authentication); JSONAssert.assertEquals(expectedJson, json, true); - // OAuth2User authentication = TestOAuth2AuthenticationTokens.authenticated(); expectedJson = asJson(authentication); @@ -125,7 +124,6 @@ public class OAuth2AuthenticationTokenMixinTests { OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo(); OidcUserInfo userInfo = oidcUser.getUserInfo(); assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims()); - // OAuth2User expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated(); json = asJson(expectedAuthentication); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java index 2246bed695..531045c6e5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java @@ -127,7 +127,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { this.userService = mock(OAuth2UserService.class); this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, this.userService); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(this.accessTokenResponse); } @@ -166,10 +165,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); - assertThat(authentication).isNull(); } @@ -177,12 +174,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE)); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() .errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -191,12 +186,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_state_parameter")); - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012") .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); } @@ -205,11 +198,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenTokenResponseDoesNotContainIdTokenThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_id_token")); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse .withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -218,9 +209,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenJwkSetUriNotSetThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_signature_verifier")); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().jwkSetUri(null).build(); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange)); } @@ -229,11 +218,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenIdTokenValidationErrorThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("[invalid_id_token] ID Token Validation Error")); - JwtDecoder jwtDecoder = mock(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error")); this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -242,7 +229,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { public void authenticateWhenIdTokenInvalidNonceThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("[invalid_nonce]")); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://provider.com"); claims.put(IdTokenClaimNames.SUB, "subject1"); @@ -250,7 +236,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash"); this.setUpIdToken(claims); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); } @@ -264,15 +249,12 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -292,21 +274,17 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -320,16 +298,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.AZP, "client1"); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); this.setUpIdToken(claims); - OidcUser principal = mock(OidcUser.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); - this.authenticationProvider .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters()); } @@ -348,11 +323,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); - return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234") .additionalParameters(additionalParameters).build(); - } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index ceb35a8a25..cd1157c53b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -139,9 +139,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { // we didn't do anything because it should cause a ClassCastException (as verified // below) TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b"); - assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException(); - assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class); } @@ -172,10 +170,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error")); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block()) .isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("[invalid_id_token] ID Token Validation Error"); @@ -187,20 +183,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "sub"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash"); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]"); } @@ -212,16 +204,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.")) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.userService.loadUser(any())).willReturn(Mono.empty()); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); @@ -235,25 +224,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager .authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -266,25 +250,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .refreshToken("refresh-token").build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager .authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -301,25 +280,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { additionalParameters.put("param2", "value2"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId())); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); - this.manager.authenticate(authorizationCodeAuthentication).block(); - assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @@ -331,21 +305,17 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters( Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue())) .build(); - OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken(); - Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); claims.put(IdTokenClaimNames.AUD, Collections.singletonList(clientRegistration.getClientId())); claims.put(IdTokenClaimNames.NONCE, this.nonceHash); Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build(); - given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken); ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); - List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) @@ -353,9 +323,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); this.manager.setAuthoritiesMapper(authoritiesMapper); - Authentication result = this.manager.authenticate(authorizationCodeAuthentication).block(); - assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java index 38ea444a74..c74a5fc23e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java @@ -146,14 +146,10 @@ public class OidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() { Function> customJwtValidatorFactory = mock(Function.class); this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwtValidatorFactory.apply(same(clientRegistration))) .willReturn(new OidcIdTokenValidator(clientRegistration)); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -161,13 +157,9 @@ public class OidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() { Function customJwsAlgorithmResolver = mock(Function.class); this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwsAlgorithmResolver).apply(same(clientRegistration)); } @@ -176,14 +168,10 @@ public class OidcIdTokenDecoderFactoryTests { Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java index 8f1023628b..9c6aa401ec 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java @@ -102,7 +102,6 @@ public class OidcIdTokenValidatorTests { * issuer in the ID Token, the validation must fail */ this.registration = this.registration.issuerUri("https://somethingelse.com"); - assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription) .allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS)); } @@ -114,7 +113,6 @@ public class OidcIdTokenValidatorTests { * in the ID Token, the validation must succeed */ this.registration = this.registration.issuerUri("https://example.com"); - assertThat(this.validateIdToken()).isEmpty(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java index 99d2525d1b..10a57382c1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java @@ -146,14 +146,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() { Function> customJwtValidatorFactory = mock(Function.class); this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwtValidatorFactory.apply(same(clientRegistration))) .willReturn(new OidcIdTokenValidator(clientRegistration)); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -161,13 +157,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() { Function customJwsAlgorithmResolver = mock(Function.class); this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver); - ClientRegistration clientRegistration = this.registration.build(); - given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customJwsAlgorithmResolver).apply(same(clientRegistration)); } @@ -176,14 +168,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - ClientRegistration clientRegistration = this.registration.build(); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); - this.idTokenDecoderFactory.createDecoder(clientRegistration); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java index 1d9af0f825..0289684cc6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java @@ -104,18 +104,14 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoUriNullThenUserInfoNotRetrieved() { this.registration.userInfoUri(null); - OidcUser user = this.userService.loadUser(userRequest()).block(); - assertThat(user.getUserInfo()).isNull(); } @Test public void loadUserWhenOAuth2UserEmptyThenNullUserInfo() { given(this.oauth2UserService.loadUser(any())).willReturn(Mono.empty()); - OidcUser user = this.userService.loadUser(userRequest()).block(); - assertThat(user.getUserInfo()).isNull(); } @@ -124,7 +120,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThatCode(() -> this.userService.loadUser(userRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -137,7 +132,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThatCode(() -> this.userService.loadUser(userRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -150,7 +144,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull(); } @@ -163,7 +156,6 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - assertThat(this.userService.loadUser(userRequest()).block().getName()).isEqualTo("rob"); } @@ -175,18 +167,13 @@ public class OidcReactiveOAuth2UserServiceTests { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); - OidcUserRequest userRequest = userRequest(); - Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))) .willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters())); - this.userService.loadUser(userRequest).block().getUserInfo(); - verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration())); } @@ -196,7 +183,6 @@ public class OidcReactiveOAuth2UserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -210,7 +196,6 @@ public class OidcReactiveOAuth2UserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java index 973c8a150d..412a1ed786 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java @@ -82,7 +82,6 @@ public class OidcUserRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OidcUserRequest userRequest = new OidcUserRequest(this.clientRegistration, this.accessToken, this.idToken, this.additionalParameters); - assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken); assertThat(userRequest.getIdToken()).isEqualTo(this.idToken); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java index 79fc3ad856..045ac4a3f5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java @@ -52,21 +52,18 @@ public class OidcUserRequestUtilsTests { @Test public void shouldRetrieveUserInfoWhenNoUserInfoUriThenFalse() { this.registration.userInfoUri(null); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } @Test public void shouldRetrieveUserInfoWhenDifferentScopesThenFalse() { this.registration.scope("notintoken"); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } @Test public void shouldRetrieveUserInfoWhenNotAuthorizationCodeThenFalse() { this.registration.authorizationGrantType(AuthorizationGrantType.IMPLICIT); - assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java index 2517e8b4e5..73b0e8c68b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java @@ -90,14 +90,11 @@ public class OidcUserServiceTests { this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) .userNameAttributeName(StandardClaimNames.SUB); - this.accessToken = TestOAuth2AccessTokens.scopes(OidcScopes.OPENID, OidcScopes.PROFILE); - Map idTokenClaims = new HashMap<>(); idTokenClaims.put(IdTokenClaimNames.ISS, "https://provider.com"); idTokenClaims.put(IdTokenClaimNames.SUB, "subject1"); this.idToken = new OidcIdToken("access-token", Instant.MIN, Instant.MAX, idTokenClaims); - this.userService.setOauth2UserService(new DefaultOAuth2UserService()); } @@ -155,7 +152,6 @@ public class OidcUserServiceTests { ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user") .build(); this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNull(); @@ -168,14 +164,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.singleton("scope2")); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -188,14 +180,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.emptySet()); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -208,11 +196,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); @@ -224,14 +209,10 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - assertThat(user.getIdToken()).isNotNull(); assertThat(user.getUserInfo()).isNotNull(); assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6); @@ -243,7 +224,6 @@ public class OidcUserServiceTests { assertThat(user.getUserInfo().getFamilyName()).isEqualTo("last"); assertThat(user.getUserInfo().getPreferredUsername()).isEqualTo("user1"); assertThat(user.getUserInfo().getEmail()).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(3); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OidcUserAuthority.class); OidcUserAuthority userAuthority = (OidcUserAuthority) user.getAuthorities().iterator().next(); @@ -257,16 +237,12 @@ public class OidcUserServiceTests { public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_user_info_response")); - String userInfoResponse = "{\n" + " \"email\": \"full_name@provider.com\",\n" + " \"name\": \"full name\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userNameAttributeName(StandardClaimNames.EMAIL).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -274,14 +250,10 @@ public class OidcUserServiceTests { public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectNotSameAsIdTokenSubjectThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("invalid_user_info_response")); - String userInfoResponse = "{\n" + " \"sub\": \"other-subject\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -290,17 +262,13 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -309,13 +277,9 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -324,11 +288,8 @@ public class OidcUserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); } @@ -338,15 +299,11 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userNameAttributeName(StandardClaimNames.EMAIL).build(); - OidcUser user = this.userService .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - assertThat(user.getName()).isEqualTo("user1@example.com"); } @@ -357,11 +314,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) .isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -374,11 +328,8 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); @@ -394,12 +345,9 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -414,20 +362,14 @@ public class OidcUserServiceTests { + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - Function, Map>> customClaimTypeConverterFactory = mock( Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); - given(customClaimTypeConverterFactory.apply(same(clientRegistration))) .willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters())); - this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); - verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } @@ -437,7 +379,6 @@ public class OidcUserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class); @@ -451,7 +392,6 @@ public class OidcUserServiceTests { OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build()); OidcUser user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java index c55d019efe..a72c9059d6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java @@ -72,21 +72,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() throws IOException, ServletException { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token"); } @Test public void logoutWhenNotOAuth2AuthenticationThenDefaults() throws IOException, ServletException { Authentication token = mock(Authentication.class); - this.request.setUserPrincipal(token); this.handler.setDefaultTargetUrl("https://default"); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @@ -94,41 +90,32 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { public void logoutWhenNotOidcUserThenDefaults() throws IOException, ServletException { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.request.setUserPrincipal(token); this.handler.setDefaultTargetUrl("https://default"); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @Test public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() throws Exception { - ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration); OidcClientInitiatedLogoutSuccessHandler handler = new OidcClientInitiatedLogoutSuccessHandler(repository); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId()); - this.request.setUserPrincipal(token); handler.setDefaultTargetUrl("https://default"); handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default"); } @Test public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value")); this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue"); } @@ -136,7 +123,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { @Test public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); this.handler.setPostLogoutRedirectUri("{baseUrl}"); @@ -145,7 +131,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { this.request.setServerName("rp.example.org"); this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo( "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java index 21103b9cde..b0465c0dc6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java @@ -77,24 +77,19 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token"); } @Test public void logoutWhenNotOAuth2AuthenticationThenDefaults() { Authentication token = mock(Authentication.class); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setLogoutSuccessUrl(URI.create("https://default")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @@ -102,49 +97,37 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { public void logoutWhenNotOidcUserThenDefaults() { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setLogoutSuccessUrl(URI.create("https://default")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @Test public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() { - ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository( registration); OidcClientInitiatedServerLogoutSuccessHandler handler = new OidcClientInitiatedServerLogoutSuccessHandler( repository); - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - handler.setLogoutSuccessUrl(URI.create("https://default")); handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default"); } @Test public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); - given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value")); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue"); } @@ -152,17 +135,14 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests { @Test public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() throws IOException, ServletException { - OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); given(this.exchange.getPrincipal()).willReturn(Mono.just(token)); MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build(); given(this.exchange.getRequest()).willReturn(request); WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain); - this.handler.setPostLogoutRedirectUri("{baseUrl}"); this.handler.onLogoutSuccess(f, token).block(); - assertThat(redirectedUrl(this.exchange)).isEqualTo( "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java index db69a0ea48..f419a9c07f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java @@ -87,7 +87,6 @@ public class ClientRegistrationTests { .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).issuerUri(ISSUER_URI) .providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -274,7 +273,6 @@ public class ClientRegistrationTests { .authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI) .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT); @@ -345,7 +343,6 @@ public class ClientRegistrationTests { .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI) .scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI) .jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(overriddenId); } @@ -355,7 +352,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(SCOPES.toArray(new String[0])) .tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -425,7 +421,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.PASSWORD).scope(SCOPES.toArray(new String[0])) .tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -483,7 +478,6 @@ public class ClientRegistrationTests { .clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(customGrantType).scope(SCOPES.toArray(new String[0])).tokenUri(TOKEN_URI) .clientName(CLIENT_NAME).build(); - assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); @@ -518,12 +512,10 @@ public class ClientRegistrationTests { assertThat(clientRegistration.getAuthorizationGrantType()).isEqualTo(updated.getAuthorizationGrantType()); assertThat(clientRegistration.getRedirectUri()).isEqualTo(updated.getRedirectUri()); assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes()); - ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails(); ClientRegistration.ProviderDetails updatedProviderDetails = updated.getProviderDetails(); assertThat(providerDetails.getAuthorizationUri()).isEqualTo(updatedProviderDetails.getAuthorizationUri()); assertThat(providerDetails.getTokenUri()).isEqualTo(updatedProviderDetails.getTokenUri()); - ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails .getUserInfoEndpoint(); @@ -532,12 +524,10 @@ public class ClientRegistrationTests { .isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod()); assertThat(userInfoEndpoint.getUserNameAttributeName()) .isEqualTo(updatedUserInfoEndpoint.getUserNameAttributeName()); - assertThat(providerDetails.getJwkSetUri()).isEqualTo(updatedProviderDetails.getJwkSetUri()); assertThat(providerDetails.getIssuerUri()).isEqualTo(updatedProviderDetails.getIssuerUri()); assertThat(providerDetails.getConfigurationMetadata()) .isEqualTo(updatedProviderDetails.getConfigurationMetadata()); - assertThat(clientRegistration.getClientName()).isEqualTo(updated.getClientName()); } @@ -547,7 +537,6 @@ public class ClientRegistrationTests { ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration) .clientSecret("a-new-secret").scope("a-new-scope") .providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build(); - assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret()); assertThat(updated.getClientSecret()).isEqualTo("a-new-secret"); assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java index 61dc4e954a..4fa404c5e6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java @@ -200,45 +200,35 @@ public class ClientRegistrationsTests { @Test public void issuerWhenScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenOidcFallbackScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registrationOidcFallback("", null).build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenOAuth2ScopesNullThenScopesDefaulted() throws Exception { this.response.remove("scopes_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getScopes()).containsOnly("openid"); } @Test public void issuerWhenGrantTypesSupportedNullThenDefaulted() throws Exception { this.response.remove("grant_types_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } @Test public void issuerWhenOAuth2GrantTypesSupportedNullThenDefaulted() throws Exception { this.response.remove("grant_types_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } @@ -249,7 +239,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenGrantTypesSupportedInvalidThenException() { this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]"); @@ -258,7 +247,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() { this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]"); @@ -267,54 +255,42 @@ public class ClientRegistrationsTests { @Test public void issuerWhenTokenEndpointAuthMethodsNullThenDefaulted() throws Exception { this.response.remove("token_endpoint_auth_methods_supported"); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsNullThenDefaulted() throws Exception { this.response.remove("token_endpoint_auth_methods_supported"); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC); } @Test public void issuerWhenTokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST); } @Test public void issuerWhenTokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none")); - ClientRegistration registration = registration("").build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE); } @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none")); - ClientRegistration registration = registrationOAuth2("", null).build(); - assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE); } @@ -325,7 +301,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth")); - assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining( "Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]"); @@ -334,7 +309,6 @@ public class ClientRegistrationsTests { @Test public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth")); - assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining( "Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" @@ -384,7 +358,6 @@ public class ClientRegistrationsTests { MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(mockResponse); - return ClientRegistrations.fromOidcIssuerLocation(this.issuer).clientId("client-id") .clientSecret("client-secret"); } @@ -394,7 +367,6 @@ public class ClientRegistrationsTests { this.response.put("issuer", this.issuer); this.issuer = this.server.url(path).toString(); final String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response); - final Dispatcher dispatcher = new Dispatcher() { @Override public MockResponse dispatch(RecordedRequest request) { @@ -406,9 +378,7 @@ public class ClientRegistrationsTests { return new MockResponse().setResponseCode(404); } }; - this.server.setDispatcher(dispatcher); - return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret"); } @@ -428,9 +398,7 @@ public class ClientRegistrationsTests { private ClientRegistration.Builder registrationOidcFallback(String path, String body) throws Exception { this.issuer = createIssuerFromServer(path); this.response.put("issuer", this.issuer); - String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response); - final Dispatcher dispatcher = new Dispatcher() { @Override public MockResponse dispatch(RecordedRequest request) { @@ -443,7 +411,6 @@ public class ClientRegistrationsTests { } }; this.server.setDispatcher(dispatcher); - return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java index 7a37f60f92..9d5e3fdd3a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java @@ -71,7 +71,6 @@ public class CustomUserTypesOAuth2UserServiceTests { String registrationId = "client-registration-id-1"; this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId); this.accessToken = TestOAuth2AccessTokens.noScopes(); - Map> customUserTypes = new HashMap<>(); customUserTypes.put(registrationId, CustomOAuth2User.class); this.userService = new CustomUserTypesOAuth2UserService(customUserTypes); @@ -116,7 +115,6 @@ public class CustomUserTypesOAuth2UserServiceTests { public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("other-client-registration-id-1").build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(user).isNull(); } @@ -126,20 +124,15 @@ public class CustomUserTypesOAuth2UserServiceTests { String userInfoResponse = "{\n" + " \"id\": \"12345\",\n" + " \"name\": \"first last\",\n" + " \"login\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); - assertThat(user.getName()).isEqualTo("first last"); assertThat(user.getAttributes().size()).isEqualTo(4); assertThat((String) user.getAttribute("id")).isEqualTo("12345"); assertThat((String) user.getAttribute("name")).isEqualTo("first last"); assertThat((String) user.getAttribute("login")).isEqualTo("user1"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next().getAuthority()).isEqualTo("ROLE_USER"); } @@ -149,16 +142,12 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"id\": \"12345\",\n" + " \"name\": \"first last\",\n" + " \"login\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -167,13 +156,9 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -182,11 +167,8 @@ public class CustomUserTypesOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java index cfb50cc055..43b8e3a7b0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java @@ -112,7 +112,6 @@ public class DefaultOAuth2UserServiceTests { public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_user_info_uri")); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -121,7 +120,6 @@ public class DefaultOAuth2UserServiceTests { public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString("missing_user_name_attribute")); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user") .build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); @@ -133,14 +131,10 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); - assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); assertThat((String) user.getAttribute("user-name")).isEqualTo("user1"); @@ -149,7 +143,6 @@ public class DefaultOAuth2UserServiceTests { assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle"); assertThat((String) user.getAttribute("address")).isEqualTo("address"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class); OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next(); @@ -162,18 +155,14 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoResponse = "{\n" + " \"user-name\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -184,19 +173,14 @@ public class DefaultOAuth2UserServiceTests { "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); this.exception.expectMessage( containsString("Error Code: insufficient_scope, Error Description: The access token expired")); - String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\""; - MockResponse response = new MockResponse(); response.setHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader); response.setResponseCode(400); this.server.enqueue(response); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -206,15 +190,11 @@ public class DefaultOAuth2UserServiceTests { this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); this.exception.expectMessage(containsString("Error Code: invalid_token")); - String userInfoErrorResponse = "{\n" + " \"error\": \"invalid_token\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -223,14 +203,10 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error")); - this.server.enqueue(new MockResponse().setResponseCode(500)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -239,12 +215,9 @@ public class DefaultOAuth2UserServiceTests { this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource")); - String userInfoUri = "https://invalid-provider.com/user"; - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } @@ -255,12 +228,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) .isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -273,12 +243,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); @@ -294,12 +261,9 @@ public class DefaultOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; this.server.enqueue(jsonResponse(userInfoResponse)); - String userInfoUri = this.server.url("/user").toString(); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.FORM).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -316,7 +280,6 @@ public class DefaultOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write")); OAuth2User user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -332,7 +295,6 @@ public class DefaultOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes()); OAuth2User user = userService.loadUser(request); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -342,20 +304,16 @@ public class DefaultOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoSuccessResponseInvalidContentTypeThenThrowOAuth2AuthenticationException() { String userInfoUri = this.server.url("/user").toString(); - this.exception.expect(OAuth2AuthenticationException.class); this.exception.expectMessage(containsString( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource " + "from '" + userInfoUri + "': response contains invalid content type 'text/plain'.")); - MockResponse response = new MockResponse(); response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); response.setBody("invalid content type"); this.server.enqueue(response); - ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); - this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java index 5476241816..fec781af6f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java @@ -77,9 +77,7 @@ public class DefaultReactiveOAuth2UserServiceTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - String userInfoUri = this.server.url("/user").toString(); - this.clientRegistration = TestClientRegistrations.clientRegistration().userInfoUri(userInfoUri); } @@ -97,7 +95,6 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { this.clientRegistration.userInfoUri(null); - StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri")) .verify(); @@ -106,7 +103,6 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() { this.clientRegistration.userNameAttributeName(null); - StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute")) .verify(); @@ -118,9 +114,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block(); - assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); assertThat((String) user.getAttribute("id")).isEqualTo("user1"); @@ -129,7 +123,6 @@ public class DefaultReactiveOAuth2UserServiceTests { assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle"); assertThat((String) user.getAttribute("address")).isEqualTo("address"); assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com"); - assertThat(user.getAuthorities().size()).isEqualTo(1); assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class); OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next(); @@ -145,9 +138,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - this.userService.loadUser(oauth2UserRequest()).block(); - RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -163,9 +154,7 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n"; enqueueApplicationJsonBody(userInfoResponse); - this.userService.loadUser(oauth2UserRequest()).block(); - RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); @@ -180,7 +169,6 @@ public class DefaultReactiveOAuth2UserServiceTests { + " \"address\": \"address\",\n" + " \"email\": \"user1@example.com\"\n"; // "}\n"; // Make the JSON invalid/malformed enqueueApplicationJsonBody(userInfoResponse); - assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response"); } @@ -189,7 +177,6 @@ public class DefaultReactiveOAuth2UserServiceTests { public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() { this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .setResponseCode(500).setBody("{}")); - assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response"); } @@ -209,7 +196,6 @@ public class DefaultReactiveOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write")); OAuth2User user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(3); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -225,7 +211,6 @@ public class DefaultReactiveOAuth2UserServiceTests { OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes()); OAuth2User user = userService.loadUser(request).block(); - assertThat(user.getAuthorities()).hasSize(1); Iterator authorities = user.getAuthorities().iterator(); assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class); @@ -238,9 +223,7 @@ public class DefaultReactiveOAuth2UserServiceTests { response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); response.setBody("invalid content type"); this.server.enqueue(response); - OAuth2UserRequest userRequest = oauth2UserRequest(); - assertThatThrownBy(() -> this.userService.loadUser(userRequest).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining( "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '" @@ -258,7 +241,6 @@ public class DefaultReactiveOAuth2UserServiceTests { given(spec.retrieve()).willReturn(clientResponse); given(clientResponse.onStatus(any(Predicate.class), any(Function.class))).willReturn(clientResponse); given(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).willReturn(Mono.just(body)); - DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService(); userService.setWebClient(rest); return userService; @@ -269,7 +251,6 @@ public class DefaultReactiveOAuth2UserServiceTests { } private void enqueueApplicationJsonBody(String json) { - this.server.enqueue( new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java index 45eb7fcd4d..f259c60ddf 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java @@ -62,10 +62,8 @@ public class DelegatingOAuth2UserServiceTests { OAuth2UserService userService3 = mock(OAuth2UserService.class); OAuth2User mockUser = mock(OAuth2User.class); given(userService3.loadUser(any(OAuth2UserRequest.class))).willReturn(mockUser); - DelegatingOAuth2UserService delegatingUserService = new DelegatingOAuth2UserService<>( Arrays.asList(userService1, userService2, userService3)); - OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class)); assertThat(loadedUser).isEqualTo(mockUser); } @@ -76,10 +74,8 @@ public class DelegatingOAuth2UserServiceTests { OAuth2UserService userService1 = mock(OAuth2UserService.class); OAuth2UserService userService2 = mock(OAuth2UserService.class); OAuth2UserService userService3 = mock(OAuth2UserService.class); - DelegatingOAuth2UserService delegatingUserService = new DelegatingOAuth2UserService<>( Arrays.asList(userService1, userService2, userService3)); - OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class)); assertThat(loadedUser).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java index 61e80e7aad..a4f975736f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java @@ -49,13 +49,10 @@ public class OAuth2UserRequestEntityConverterTests { public void convertWhenAuthenticationMethodHeaderThenGetRequest() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken()); - RequestEntity requestEntity = this.converter.convert(userRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.GET); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)) @@ -68,18 +65,14 @@ public class OAuth2UserRequestEntityConverterTests { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken()); - RequestEntity requestEntity = this.converter.convert(userRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getContentType()) .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN)) .isEqualTo(userRequest.getAccessToken().getTokenValue()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java index 18edbf0661..85b13b8d83 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java @@ -77,7 +77,6 @@ public class OAuth2UserRequestTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2UserRequest userRequest = new OAuth2UserRequest(this.clientRegistration, this.accessToken, this.additionalParameters); - assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken); assertThat(userRequest.getAdditionalParameters()).containsAllEntriesOf(this.additionalParameters); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index 832bce8902..ddcc33cc29 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -107,7 +107,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNull(); } @@ -120,9 +119,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setContent("foo".getBytes(StandardCharsets.UTF_8)); request.setCharacterEncoding(StandardCharsets.UTF_8.name()); HttpServletRequest spyRequest = Mockito.spy(request); - this.resolver.resolve(spyRequest); - Mockito.verify(spyRequest, Mockito.never()).getReader(); Mockito.verify(spyRequest, Mockito.never()).getInputStream(); Mockito.verify(spyRequest, Mockito.never()).getParameter(ArgumentMatchers.anyString()); @@ -138,7 +135,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { + "-invalid"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - assertThatThrownBy(() -> this.resolver.resolve(request)).isInstanceOf(IllegalArgumentException.class) .hasMessage( "Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid"); @@ -150,7 +146,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -178,7 +173,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest).isNotNull(); @@ -192,7 +186,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -206,7 +199,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServerPort(8080); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -221,7 +213,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(8081); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -236,7 +227,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("http"); request.setServerPort(80); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -251,7 +241,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(443); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -266,7 +255,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setScheme("https"); request.setServerPort(-1); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -281,7 +269,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.setQueryString("foo=bar"); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) @@ -297,7 +284,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServerName("localhost"); request.setServerPort(80); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -314,7 +300,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServerName("example.com"); request.setServerPort(443); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -328,7 +313,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getAuthorizationRequestUri()) @@ -343,7 +327,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" @@ -358,7 +341,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.addParameter("action", "authorize"); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -373,7 +355,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.addParameter("action", "login"); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" @@ -387,7 +368,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -422,7 +402,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) @@ -456,11 +435,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver.setAuthorizationRequestCustomizer( (customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); @@ -477,13 +454,11 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver .setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> { uriBuilder.queryParam("param1", "value1"); return uriBuilder.build(); })); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" @@ -498,12 +473,10 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> { params.put("appid", params.get("client_id")); params.remove("client_id"); })); - OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()).matches( "https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java index 445dfa9fa6..4610f688c2 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java @@ -208,7 +208,6 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -216,15 +215,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any(), any()); @@ -235,10 +231,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -246,15 +240,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal), any()); @@ -269,13 +260,10 @@ public class DefaultOAuth2AuthorizedClientManagerTests { .willReturn(this.clientRegistration); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.request))).willReturn(this.authorizedClient); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -283,15 +271,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(any()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -303,10 +288,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(this.clientRegistration); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(this.authorizedClient); - // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -319,10 +302,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { } return contextAttributes; }); - this.request.addParameter(OAuth2ParameterNames.USERNAME, "username"); this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password"); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .attributes((attrs) -> { @@ -330,9 +311,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); this.authorizedClientManager.authorize(authorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME); assertThat(username).isEqualTo("username"); @@ -349,15 +328,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests { attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verifyNoInteractions(this.authorizationSuccessHandler); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class), @@ -369,25 +345,20 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), any()); @@ -399,25 +370,19 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestParameterScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(reauthorizedClient); - // Override the mock with the default this.authorizedClientManager .setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write"); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); this.authorizedClientManager.authorize(reauthorizeRequest); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); @@ -429,19 +394,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -452,19 +413,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willThrow(authorizationException); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).attributes((attrs) -> { attrs.put(HttpServletRequest.class.getName(), this.request); attrs.put(HttpServletResponse.class.getName(), this.response); }).build(); - assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verifyNoInteractions(this.authorizedClientRepository); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java index 0548e9fbff..a80ca4ee9d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java @@ -199,21 +199,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isNull(); this.loadAuthorizedClientProbe.assertWasSubscribed(); this.saveAuthorizedClientProbe.assertWasNotSubscribed(); @@ -226,21 +222,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -255,26 +247,20 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationSuccessHandler( (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); authorizationSuccessHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); @@ -286,30 +272,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange)); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -321,30 +300,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange)); this.removeAuthorizedClientProbe.assertWasSubscribed(); @@ -356,30 +328,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); } @@ -389,29 +354,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); } @@ -421,33 +379,25 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.error(exception)); - PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); this.authorizedClientManager.setAuthorizationFailureHandler( (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); - assertThatCode( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) .isEqualTo(exception); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isNull(); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - authorizationFailureHandlerProbe.assertWasSubscribed(); verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); @@ -461,27 +411,21 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange))).willReturn(this.loadAuthorizedClientProbe.mono()); - OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(any()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -493,10 +437,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) .willReturn(Mono.just(this.clientRegistration)); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.authorizedClient)); - // Set custom contextAttributesMapper capable of mapping the form parameters this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> currentServerWebExchange() .flatMap(ServerWebExchange::getFormData).map((formData) -> { @@ -507,19 +449,15 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password); return contextAttributes; })); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) .build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); - OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) .build(); this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME); assertThat(username).isEqualTo("username"); @@ -534,15 +472,12 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(this.authorizedClient); this.saveAuthorizedClientProbe.assertWasNotSubscribed(); } @@ -552,23 +487,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) .subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); - assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange)); @@ -580,24 +510,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { public void reauthorizeWhenRequestParameterScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); - given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(reauthorizedClient)); - // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); - this.serverWebExchange = MockServerWebExchange .builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")).build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); - OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal).build(); this.authorizedClientManager.authorize(reauthorizeRequest).subscriberContext(this.context).block(); - verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); - OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java index 36fca1a6f2..c28af93daa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java @@ -53,7 +53,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(authorizationRequest).isNull(); } @@ -61,14 +60,11 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void loadAuthorizationRequestWhenSavedThenReturnAuthorizationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -77,30 +73,24 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void loadAuthorizationRequestWhenMultipleSavedThenReturnMatchingAuthorizationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - String state1 = "state-1122"; OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().state(state1).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request, response); - String state2 = "state-3344"; OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().state(state2).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request, response); - String state3 = "state-5566"; OAuth2AuthorizationRequest authorizationRequest3 = createAuthorizationRequest().state(state3).build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response); - request.addParameter(OAuth2ParameterNames.STATE, state1); OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest1).isEqualTo(authorizationRequest1); - request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state2); OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest2).isEqualTo(authorizationRequest2); - request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state3); OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository @@ -111,18 +101,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void loadAuthorizationRequestWhenSavedAndStateParameterNullThenReturnNull() { MockHttpServletRequest request = new MockHttpServletRequest(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull(); } @Test public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class); } @@ -130,7 +117,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class); } @@ -146,15 +132,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void saveAuthorizationRequestWhenNotNullThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -162,15 +145,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void saveAuthorizationRequestWhenNoExistingSessionAndDistributedSessionThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockDistributedHttpSession()); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -178,19 +158,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void saveAuthorizationRequestWhenExistingSessionAndDistributedSessionThenSaved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockDistributedHttpSession()); - OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request, new MockHttpServletResponse()); - OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request, new MockHttpServletResponse()); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest2.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest2); } @@ -224,17 +200,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenSavedThenRemoved() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository .loadAuthorizationRequest(request); - assertThat(removedAuthorizationRequest).isNotNull(); assertThat(loadedAuthorizationRequest).isNull(); } @@ -244,18 +216,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenSavedThenRemovedFromSession() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); - this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); - request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); - String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; - assertThat(removedAuthorizationRequest).isNotNull(); assertThat(request.getSession().getAttribute(sessionAttributeName)).isNull(); } @@ -264,12 +231,9 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void removeAuthorizationRequestWhenNotSavedThenNotRemoved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); - MockHttpServletResponse response = new MockHttpServletResponse(); - OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository .removeAuthorizationRequest(request, response); - assertThat(removedAuthorizationRequest).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java index 34967f442e..7cf152bdbd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java @@ -92,7 +92,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -135,10 +134,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); - HttpSession session = this.request.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); @@ -181,10 +178,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response); - // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient1).isNotNull(); @@ -214,7 +209,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); - HttpSession session = this.request.getSession(false); assertThat(session).isNotNull(); assertThat(session @@ -227,13 +221,10 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response); - OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.request, this.response); - this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); - OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.request); assertThat(loadedAuthorizedClient2).isNotNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java index 4977086d0b..b77b743985 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java @@ -157,9 +157,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { // parameter. MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -169,9 +167,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -184,9 +180,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); authorizationResponse.setRequestURI(requestUri + "-no-match"); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -206,7 +200,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); this.filter.doFilter(authorizationResponse, response, filterChain); verifyNoInteractions(filterChain); - // 2) redirect_uri with query parameters AND authorization response additional // parameters Map additionalParameters = new LinkedHashMap<>(); @@ -231,7 +224,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); FilterChain filterChain = mock(FilterChain.class); - // 1) Parameter value Map parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.put("param2", "value8"); @@ -240,7 +232,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { authorizationResponse.setSession(authorizationRequest.getSession()); this.filter.doFilter(authorizationResponse, response, filterChain); verify(filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // 2) Parameter order parametersNotMatch = new LinkedHashMap<>(); parametersNotMatch.put("param2", "value2"); @@ -249,7 +240,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests { authorizationResponse.setSession(authorizationRequest.getSession()); this.filter.doFilter(authorizationResponse, response, filterChain); verify(filterChain, times(2)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // 3) Parameter missing parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.remove("param2"); @@ -267,9 +257,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(authorizationResponse)).isNull(); } @@ -280,13 +268,10 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); - OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT); given(this.authenticationManager.authenticate(any(Authentication.class))) .willThrow(new OAuth2AuthorizationException(error)); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1?error=invalid_grant"); } @@ -298,9 +283,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientService .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(authorizedClient).isNotNull(); @@ -318,9 +301,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1"); } @@ -338,9 +319,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(request, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(request, response, filterChain); - assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); } @@ -349,19 +328,14 @@ public class OAuth2AuthorizationCodeGrantFilterTests { MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - RequestCache requestCache = spy(HttpSessionRequestCache.class); this.filter.setRequestCache(requestCache); - authorizationRequest.setRequestURI("/saved-request"); requestCache.saveRequest(authorizationRequest, response); - this.filter.doFilter(authorizationResponse, response, filterChain); - verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); } @@ -374,26 +348,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(anonymousPrincipal); SecurityContextHolder.setContext(securityContext); - MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient( this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo(anonymousPrincipal.getName()); assertThat(authorizedClient.getAccessToken()).isNotNull(); - HttpSession session = authorizationResponse.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); @@ -407,26 +376,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests { throws Exception { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); SecurityContextHolder.setContext(securityContext); // null Authentication - MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1"); MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser"); assertThat(authorizedClient.getAccessToken()).isNotNull(); - HttpSession session = authorizationResponse.getSession(false); assertThat(session).isNotNull(); - @SuppressWarnings("unchecked") Map authorizedClients = (Map) session .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index c5e2ece886..26020004c6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -125,9 +125,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -139,11 +137,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value()); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); } @@ -156,11 +151,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); @@ -174,13 +166,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - AuthorizationRequestRepository authorizationRequestRepository = mock( AuthorizationRequestRepository.class); this.filter.setAuthorizationRequestRepository(authorizationRequestRepository); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(authorizationRequestRepository).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -194,11 +183,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=token&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/authorize/oauth2/implicit/registration-3"); @@ -212,13 +198,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - AuthorizationRequestRepository authorizationRequestRepository = mock( AuthorizationRequestRepository.class); this.filter.setAuthorizationRequestRepository(authorizationRequestRepository); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -229,17 +212,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { String authorizationRequestBaseUri = "/custom/authorization"; this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, authorizationRequestBaseUri); - String requestUri = authorizationRequestBaseUri + "/" + this.registration1.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); @@ -253,14 +232,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) .doFilter(any(ServletRequest.class), any(ServletResponse.class)); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); @@ -275,19 +250,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) .doFilter(any(ServletRequest.class), any(ServletResponse.class)); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - verifyZeroInteractions(filterChain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value()); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); } @@ -303,22 +272,17 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.addParameter("idp", "https://other.provider.com"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver( this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest .from(defaultAuthorizationRequestResolver.resolve(request)) .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build(); given(resolver.resolve(any())).willReturn(result); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id&" @@ -337,13 +301,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { request.addParameter(loginHintParamName, "user@provider.com"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver( this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); - OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); - OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request); Map additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters()); additionalParameters.put(loginHintParamName, request.getParameter(loginHintParamName)); @@ -355,13 +316,9 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))) .authorizationRequestUri(customAuthorizationRequestUri).build(); given(resolver.resolve(any())).willReturn(result); - OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); - filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 7237f3f046..2a783cc03e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -158,9 +158,7 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); verify(this.filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -174,17 +172,13 @@ public class OAuth2LoginAuthenticationFilterTests { // NOTE: // A valid Authorization Response contains either a 'code' or 'error' parameter. // Don't set it to force an invalid Authorization Response. - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -199,17 +193,13 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -226,10 +216,8 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found") .clientId("client-1").clientSecret("secret") .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) @@ -239,14 +227,11 @@ public class OAuth2LoginAuthenticationFilterTests { .userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1") .build(); this.setUpAuthorizationRequest(request, response, registrationNotFound, state); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor .getValue(); @@ -261,15 +246,11 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull(); } @@ -281,15 +262,11 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration1, state); this.setUpAuthenticationResult(this.registration1); - this.filter.doFilter(request, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request); assertThat(authorizedClient).isNotNull(); @@ -305,22 +282,17 @@ public class OAuth2LoginAuthenticationFilterTests { this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, filterProcessesUrl)); this.filter.setAuthenticationManager(this.authenticationManager); - String requestUri = "/login/oauth2/custom/" + this.registration2.getRegistrationId(); String state = "state"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); verify(this.filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -338,25 +310,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -375,25 +341,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -412,25 +372,19 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - this.filter.doFilter(request, response, filterChain); - ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); - OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() .getAuthorizationResponse(); - String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -445,17 +399,12 @@ public class OAuth2LoginAuthenticationFilterTests { request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, state); - WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class); given(this.authenticationDetailsSource.buildDetails(any())).willReturn(webAuthenticationDetails); - MockHttpServletResponse response = new MockHttpServletResponse(); - this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); - Authentication result = this.filter.attemptAuthentication(request, response); - assertThat(result.getDetails()).isEqualTo(webAuthenticationDetails); } @@ -473,12 +422,10 @@ public class OAuth2LoginAuthenticationFilterTests { private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) { String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null) .replacePath(request.getContextPath()).build().toUriString(); - Map uriVariables = new HashMap<>(); uriVariables.put("baseUrl", baseUrl); uriVariables.put("action", "login"); uriVariables.put("registrationId", clientRegistration.getRegistrationId()); - return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables) .toUriString(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java index 04b820fe0c..73cb3d8cff 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java @@ -108,7 +108,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(this.authentication); SecurityContextHolder.setContext(securityContext); - this.registration1 = ClientRegistration.withRegistrationId("client1").clientId("client-1") .clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) @@ -268,24 +267,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests { this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(clientCredentialsAuthorizedClientProvider); this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); given(clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient", OAuth2AuthorizedClient.class); - OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration2); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken()); - verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -301,7 +295,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests { DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(passwordAuthorizedClientProvider); - // Set custom contextAttributesMapper authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -314,28 +307,21 @@ public class OAuth2AuthorizedClientArgumentResolverTests { } return contextAttributes; }); - this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); given(passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("passwordClient", OAuth2AuthorizedClient.class); - this.request.setParameter(OAuth2ParameterNames.USERNAME, "username"); this.request.setParameter(OAuth2ParameterNames.PASSWORD, "password"); - OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); - assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration3); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken()); - verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java index 041a5283d9..4d80f56666 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -92,7 +92,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { final ServerOAuth2AuthorizedClientRepository delegate = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository( new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository)); this.authorizedClientRepository = spy(new ServerOAuth2AuthorizedClientRepository() { - @Override public Mono loadAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { @@ -110,7 +109,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { ServerWebExchange exchange) { return delegate.removeAuthorizedClient(clientRegistrationId, principal, exchange); } - }); this.authorizedClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction( this.clientRegistrationRepository, this.authorizedClientRepository); @@ -135,21 +133,17 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -162,15 +156,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { String accessTokenResponse = "{\n" + " \"access_token\": \"refreshed-access-token\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -180,16 +171,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { this.authentication.getName(), accessToken, refreshToken); doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository).loadAuthorizedClient( eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -205,25 +193,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) .willReturn(Mono.just(clientRegistration1)); - // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) .willReturn(Mono.just(clientRegistration2)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration1.getRegistrationId())) @@ -234,9 +217,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { .retrieve().bodyToMono(String.class)) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.server.getRequestCount()).isEqualTo(4); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -258,12 +239,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value())); this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(Mono.just(clientRegistration)); - OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write"); OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, @@ -271,29 +250,22 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository) .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - Mono requestMono = this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class) .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - // first try should fail, and remove the cached authorized client assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class, (e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED)); - assertThat(this.server.getRequestCount()).isEqualTo(1); - verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any()); verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - // second try should retrieve the authorized client and succeed requestMono.block(); - assertThat(this.server.getRequestCount()).isEqualTo(3); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java index 3896a725ed..4f1905c770 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -209,9 +209,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -222,9 +220,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -237,9 +233,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .header(HttpHeaders.AUTHORIZATION, "Existing") .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } @@ -250,7 +244,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.just(accessTokenResponse)); - ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -258,20 +251,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", accessToken, null); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -285,19 +273,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenClientCredentialsTokenNotExpiredThenUseCurrentToken() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", this.accessToken, null); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -312,7 +296,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -320,27 +303,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(authentication), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -354,26 +331,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); - Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -388,12 +359,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -409,12 +377,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -425,27 +390,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenUnauthorizedThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -461,31 +419,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenUnauthorizedWithWebClientExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -501,27 +451,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenForbiddenThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -537,31 +480,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenForbiddenWithWebClientExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -577,18 +512,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenWWWAuthenticateHeaderIncludesErrorThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; @@ -596,14 +528,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE))) .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -622,31 +550,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizationExceptionThenInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) .willReturn(publisherProbe.mono()); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null)); - ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction) .subscriberContext(serverWebExchange()).block()).isEqualTo(exception); - assertThat(publisherProbe.wasSubscribed()).isTrue(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()).isSameAs(exception); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) @@ -656,18 +576,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenOtherHttpStatusShouldNotInvokeFailureHandler() { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any()); } @@ -675,16 +591,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); ClientRegistration registration = TestClientRegistrations.password().build(); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); - given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(Mono.just(registration)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), eq(authentication), any())).willReturn(Mono.empty()); - // Set custom contextAttributesMapper capable of mapping the form parameters this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName()); @@ -699,23 +612,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { return contextAttributes; }); }); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) .build(); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -736,12 +644,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(this.registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -758,12 +663,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -774,14 +676,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenClientRegistrationIdFromAuthenticationThenAuthorizedClientResolved() { this.function.setDefaultOAuth2AuthorizedClient(true); - OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), @@ -789,10 +689,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) .subscriberContext(serverWebExchange()).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -803,18 +701,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenDefaultOAuth2AuthorizedClientFalseThenEmpty() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), "client-id"); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - verifyZeroInteractions(this.clientRegistrationRepository, this.authorizedClientRepository); } @@ -829,9 +723,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(this.registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); - verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(), eq(this.serverWebExchange)); } @@ -846,27 +738,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.clientRegistrationRepository, unauthenticatedAuthorizedClientRepository); this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) .willReturn(Mono.just(accessTokenResponse)); - ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(Mono.just(registration)); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) .build(); - this.function.filter(request, this.exchange).block(); - verify(unauthenticatedAuthorizedClientRepository).loadAuthorizedClient(any(), any(), any()); verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); verify(unauthenticatedAuthorizedClientRepository).saveAuthorizedClient(any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -891,7 +777,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { messageWriters.add(new FormHttpMessageWriter()); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes())); messageWriters.add(new MultipartHttpMessageWriter(messageWriters)); - BodyInserter.Context context = new BodyInserter.Context() { @Override public List> messageWriters() { @@ -908,7 +793,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { return new HashMap<>(); } }; - MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/"); request.body().insert(body, context).block(); return body.getBodyAsString().block(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java index 7bd2bab3ae..06d676acaa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -152,22 +152,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(clientRegistration); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -180,15 +175,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { String accessTokenResponse = "{\n" + " \"access_token\": \"refreshed-access-token\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) .willReturn(clientRegistration); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -198,14 +190,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { this.authentication.getName(), accessToken, refreshToken); doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient( eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request)); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration.getRegistrationId())) .retrieve().bodyToMono(String.class).block(); - assertThat(this.server.getRequestCount()).isEqualTo(2); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), @@ -221,25 +210,20 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\",\n" + " \"scope\": \"read write\"\n" + "}\n"; String clientResponse = "{\n" + " \"attribute1\": \"value1\",\n" + " \"attribute2\": \"value2\"\n" + "}\n"; - // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) .willReturn(clientRegistration1); - // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") .tokenUri(this.serverUrl).build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) .willReturn(clientRegistration2); - this.webClient.get().uri(this.serverUrl) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(clientRegistration1.getRegistrationId())) @@ -249,9 +233,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { .clientRegistrationId(clientRegistration2.getRegistrationId())) .retrieve().bodyToMono(String.class)) .subscriberContext(context()).block(); - assertThat(this.server.getRequestCount()).isEqualTo(4); - ArgumentCaptor authorizedClientCaptor = ArgumentCaptor .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java index c486b01ec4..1cdd07b662 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -265,18 +265,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { private Map getDefaultRequestAttributes() { this.function.defaultRequest().accept(this.spec); verify(this.spec).attributes(this.attrs.capture()); - this.attrs.getValue().accept(this.result); - return this.result; } @Test public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -284,7 +280,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenAuthorizedClientThenAuthorizationHeader() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -293,9 +288,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -304,7 +297,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing") .attributes( @@ -314,9 +306,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } @@ -326,7 +316,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -334,7 +323,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -344,20 +332,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -371,20 +354,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600) // .refreshToken(xxx) // No refreshToken in response .build(); - RestOperations refreshTokenClient = mock(RestOperations.class); given(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class))) .willReturn(new ResponseEntity(response, HttpStatus.OK)); DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient(); refreshTokenTokenResponseClient.setRestOperations(refreshTokenClient); - RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider(); authorizedClientProvider.setAccessTokenResponseClient(refreshTokenTokenResponseClient); DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -392,7 +372,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -402,20 +381,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(refreshTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any()); - OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue(); assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken()); assertThat(newAuthorizedClient.getRefreshToken().getTokenValue()).isEqualTo(refreshToken.getTokenValue()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -428,7 +402,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.registration = TestClientRegistrations.clientCredentials().build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -438,17 +411,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request1 = requests.get(0); assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com"); @@ -459,18 +427,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() { this.registration = TestClientRegistrations.clientCredentials().build(); - OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -480,16 +444,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request1 = requests.get(0); assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token"); assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com"); @@ -502,11 +461,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); - ClientRegistration registration = TestClientRegistrations.password().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) .willReturn(registration); - // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -519,12 +476,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { } return contextAttributes; }); - MockHttpServletRequest servletRequest = new MockHttpServletRequest(); servletRequest.setParameter(OAuth2ParameterNames.USERNAME, "username"); servletRequest.setParameter(OAuth2ParameterNames.PASSWORD, "password"); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction .clientRegistrationId(registration.getRegistrationId())) @@ -532,12 +487,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request1 = requests.get(0); @@ -552,7 +504,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); - Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(), @@ -560,7 +511,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -569,15 +519,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any()); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -589,7 +535,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshTokenNullThenShouldRefreshFalse() { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -598,12 +543,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -616,7 +558,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); - ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes( ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) @@ -625,12 +566,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction .httpServletResponse(new MockHttpServletResponse())) .build(); - this.function.filter(request, this.exchange).block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); - ClientRequest request0 = requests.get(0); assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com"); @@ -642,44 +580,33 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenChainedThenDefaultsStillAvailable() throws Exception { this.function.setDefaultOAuth2AuthorizedClient(true); - MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); - OAuth2User user = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, authorities, this.registration.getRegistrationId()); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); - given(this.authorizedClientRepository.loadAuthorizedClient( eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest))) .willReturn(authorizedClient); - // Default request attributes set final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com")) .attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())).build(); - // Default request attributes NOT set final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build(); - Context context = context(servletRequest, servletResponse, authentication); - this.function.filter(request1, this.exchange) .flatMap((response) -> this.function.filter(request2, this.exchange)).subscriberContext(context) .block(); - List requests = this.exchange.getRequests(); assertThat(requests).hasSize(2); - ClientRequest request = requests.get(0); assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request.url().toASCIIString()).isEqualTo("https://example1.com"); assertThat(request.method()).isEqualTo(HttpMethod.GET); assertThat(getBody(request)).isEmpty(); - request = requests.get(1); assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0"); assertThat(request.url().toASCIIString()).isEqualTo("https://example2.com"); @@ -708,16 +635,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -743,7 +666,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; @@ -752,12 +674,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -788,7 +707,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { private void assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus httpStatus, String expectedErrorCode) { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); MockHttpServletRequest servletRequest = new MockHttpServletRequest(); @@ -799,17 +717,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(), httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> { assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); @@ -835,18 +749,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN)); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()) .isEqualTo(authorizationException); - verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); - assertThat(this.authorizationExceptionCaptor.getValue()) .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> { assertThat(e.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode()); @@ -871,13 +781,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) .build(); - given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); - this.function.filter(request, this.exchange).block(); - verifyNoInteractions(this.authorizationFailureHandler); } @@ -902,7 +809,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { messageWriters.add(new FormHttpMessageWriter()); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes())); messageWriters.add(new MultipartHttpMessageWriter(messageWriters)); - BodyInserter.Context context = new BodyInserter.Context() { @Override public List> messageWriters() { @@ -919,7 +825,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { return new HashMap<>(); } }; - MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/"); request.body().insert(body, context).block(); return body.getBodyAsString().block(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java index a85ef616f4..54967496b5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java @@ -77,19 +77,15 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { @Test public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"), ResponseStatusException.class); - assertThat(expected.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST); } @Test public void resolveWhenClientRegistrationFoundThenWorks() { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration)); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id"); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); @@ -100,9 +96,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration)); ServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com")); - OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block(); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); @@ -113,12 +107,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration() .clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build())); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); - assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER)) .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); - assertThat(request.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" @@ -129,11 +120,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); - assertThat((String) request.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); - assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}"); @@ -144,13 +132,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver.setAuthorizationRequestCustomizer( (customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID); @@ -163,15 +148,12 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver .setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> { uriBuilder.queryParam("param1", "value1"); return uriBuilder.build(); })); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" @@ -182,14 +164,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); - this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> { params.put("appid", params.get("client_id")); params.remove("client_id"); })); - OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java index 6b1369601a..56f527b658 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java @@ -121,9 +121,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/")); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); - verifyNoInteractions(this.authenticationManager); } @@ -131,7 +129,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenMatchThenAuthorizedClientSaved() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -139,18 +136,14 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class), any()); } @@ -163,7 +156,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - // 1) redirect_uri with query parameters Map parameters = new LinkedHashMap<>(); parameters.put("param1", "value1"); @@ -175,15 +167,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); verify(this.authenticationManager, times(1)).authenticate(any()); - // 2) redirect_uri with query parameters AND authorization response additional // parameters Map additionalParameters = new LinkedHashMap<>(); @@ -191,7 +180,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { additionalParameters.put("auth-param2", "value2"); authorizationResponse = createAuthorizationResponse(authorizationRequest, additionalParameters); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verify(this.authenticationManager, times(2)).authenticate(any()); } @@ -209,7 +197,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - // 1) Parameter value Map parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.put("param2", "value8"); @@ -218,26 +205,21 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); - // 2) Parameter order parametersNotMatch = new LinkedHashMap<>(); parametersNotMatch.put("param2", "value2"); parametersNotMatch.put("param1", "value1"); authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch)); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); - // 3) Parameter missing parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.remove("param2"); authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch)); exchange = MockServerWebExchange.from(authorizationResponse); - this.filter.filter(exchange, chain).block(); verifyNoInteractions(this.authenticationManager); } @@ -249,7 +231,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -257,20 +238,15 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - ServerRequestCache requestCache = mock(ServerRequestCache.class); given(requestCache.getRedirectUri(any(ServerWebExchange.class))) .willReturn(Mono.just(URI.create("/saved-request"))); - this.filter.setRequestCache(requestCache); - this.filter.filter(exchange, chain).block(); - verify(requestCache).getRedirectUri(exchange); assertThat(exchange.getResponse().getHeaders().getLocation().toString()).isEqualTo("/saved-request"); } @@ -280,7 +256,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -288,12 +263,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - assertThatThrownBy(() -> this.filter.filter(exchange, chain).block()) .isInstanceOf(OAuth2AuthenticationException.class) .extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode") @@ -306,7 +279,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); - MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); @@ -314,15 +286,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(oauth2AuthorizationRequest)); - given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error")))); - MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); - assertThatThrownBy(() -> this.filter.filter(exchange, chain).block()) .isInstanceOf(OAuth2AuthenticationException.class) .extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode") diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java index b18bd9442b..f5c6f0c5f8 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java @@ -71,7 +71,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { this.filter.setAuthorizationRequestRepository(this.authzRequestRepository); FilteringWebHandler webHandler = new FilteringWebHandler((e) -> e.getResponse().setComplete(), Arrays.asList(this.filter)); - this.client = WebTestClient.bindToWebHandler(webHandler).build(); given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) .willReturn(Mono.just(this.registration)); @@ -88,7 +87,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesNotMatchThenClientRegistrationRepositoryNotSubscribed() { this.client.get().exchange().expectStatus().isOk(); - verifyZeroInteractions(this.clientRepository, this.authzRequestRepository); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java index b08e068cfa..aed902381d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java @@ -85,7 +85,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { @Test public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() { given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.empty()); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class); } @@ -94,7 +93,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { this.authorizationRequest.attributes(Map::clear); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(this.authorizationRequest.build())); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); @@ -105,7 +103,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); - assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining( ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); @@ -118,7 +115,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(this.clientRegistration)); - assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode()) .isEqualTo("error"); } @@ -130,9 +126,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) .willReturn(Mono.just(this.clientRegistration)); - OAuth2AuthorizationCodeAuthenticationToken result = applyConverter(); - OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse(); assertThat(exchange.getError()).isNull(); assertThat(exchange.getCode()).isEqualTo("code"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java index 0e6ed8a94c..23c526bdf3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java @@ -62,7 +62,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { } // loadAuthorizedClient - @Test public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; @@ -96,7 +95,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenFoundThenFound() { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } @@ -107,10 +105,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { .registrationId("other-client-registration").build(); OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration, "anonymousUser", this.authorizedClient.getAccessToken()); - this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } @@ -119,13 +115,11 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void loadAuthorizedClientWhenAnonymousThenFound() { this.authentication = this.anonymous; this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isEqualTo(this.authorizedClient); } // saveAuthorizedClient - @Test public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() { this.authorizedClient = null; @@ -151,7 +145,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { } // removeAuthorizedClient - @Test public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; @@ -180,7 +173,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void removeAuthorizedClientWhenFoundThenFound() { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block(); - assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) .block()).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java index 4b027dac97..13a50ed5ab 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java @@ -68,7 +68,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { @Test public void loadAuthorizationRequestWhenNoSessionThenEmpty() { StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - assertSessionStartedIs(false); } @@ -77,7 +76,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes) .doOnNext((attrs) -> attrs.put("foo", "bar")) .then(this.repository.loadAuthorizationRequest(this.exchange)); - StepVerifier.create(setAttrThenLoad).verifyComplete(); } @@ -87,7 +85,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndLoad = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.loadAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndLoad).verifyComplete(); } @@ -104,25 +101,19 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - WebSessionManager sessionManager = (e) -> this.exchange.getSession(); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndLoad = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.loadAuthorizationRequest(oldExchange)); - StepVerifier.create(saveAndSaveAndLoad).expectNext(oldAuthorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)) .expectNext(this.authorizationRequest).verifyComplete(); } @@ -133,7 +124,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .isInstanceOf(IllegalArgumentException.class); assertSessionStartedIs(false); - } @Test @@ -141,7 +131,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { this.exchange = null; assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .isInstanceOf(IllegalArgumentException.class); - } @Test @@ -162,9 +151,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndRemove = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.exchange.getSession().map(WebSession::getAttributes).map(Map::isEmpty)) .expectNext(true).verifyComplete(); } @@ -178,7 +165,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { Mono saveAndRemove = this.repository .saveAuthorizationRequest(this.authorizationRequest, this.exchange) .then(this.repository.removeAuthorizationRequest(otherStateExchange)); - StepVerifier.create(saveAndRemove).verifyComplete(); } @@ -187,27 +173,20 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - WebSessionManager sessionManager = (e) -> this.exchange.getSession(); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndRemove = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange)).expectNext(oldAuthorizationRequest) .verifyComplete(); } @@ -218,30 +197,23 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests { String oldState = "state0"; MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/") .queryParam(OAuth2ParameterNames.STATE, oldState).build(); - OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/oauth2/authorize").clientId("client-id") .redirectUri("http://localhost/client-1").state(oldState).build(); - Map sessionAttrs = spy(new HashMap<>()); WebSession session = mock(WebSession.class); given(session.getAttributes()).willReturn(sessionAttrs); WebSessionManager sessionManager = (e) -> Mono.just(session); - this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver()); - Mono saveAndSaveAndRemove = this.repository .saveAuthorizationRequest(oldAuthorizationRequest, oldExchange) .then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .then(this.repository.removeAuthorizationRequest(this.exchange)); - StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete(); - StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete(); - verify(sessionAttrs, times(3)).put(any(), any()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java index 3a683952e2..e24d86bb86 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java @@ -81,7 +81,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block(); - OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); @@ -115,10 +114,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient expected = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(expected, null, this.exchange).block(); - OAuth2AuthorizedClient result = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); - assertThat(result).isEqualTo(expected); } @@ -151,10 +148,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block(); - // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange); - OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient1).isNotNull(); @@ -184,7 +179,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); - WebSession session = this.exchange.getSession().block(); assertThat(session).isNotNull(); assertThat(session.getAttributes()).isEmpty(); @@ -195,13 +189,10 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block(); - OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.exchange).block(); - this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); - OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); assertThat(loadedAuthorizedClient2).isNotNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java index 5f262d97f6..195d8edd7e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java @@ -81,7 +81,6 @@ public class OAuth2LoginAuthenticationWebFilterTests { @Test public void onAuthenticationSuccessWhenOAuth2LoginAuthenticationTokenThenSavesAuthorizedClient() { this.filter.onAuthenticationSuccess(loginToken(), this.webFilterExchange).block(); - verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any()); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java index 272e74c75c..e0c1524dc7 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java @@ -51,7 +51,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "date"; this.claims.put(claimName, Date.from(expectedClaimValue)); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -62,7 +61,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "longSeconds"; this.claims.put(claimName, expectedClaimValue.getEpochSecond()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -72,7 +70,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "instant"; this.claims.put(claimName, expectedClaimValue); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -83,7 +80,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "integerSeconds"; this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).intValue()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -94,7 +90,6 @@ public class ClaimAccessorTests { Instant expectedClaimValue = Instant.now(); String claimName = "doubleSeconds"; this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).doubleValue()); - assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1)); } @@ -104,7 +99,6 @@ public class ClaimAccessorTests { public void getClaimAsStringWhenValueIsNullThenReturnNull() { String claimName = "claim-with-null-value"; this.claims.put(claimName, null); - assertThat(this.claimAccessor.getClaimAsString(claimName)).isNull(); } @@ -120,9 +114,7 @@ public class ClaimAccessorTests { List expectedClaimValue = Arrays.asList("item1", "item2"); String claimName = "list"; this.claims.put(claimName, expectedClaimValue); - List actualClaimValue = this.claimAccessor.getClaim(claimName); - assertThat(actualClaimValue).containsOnlyElementsOf(expectedClaimValue); } @@ -131,9 +123,7 @@ public class ClaimAccessorTests { boolean expectedClaimValue = true; String claimName = "boolean"; this.claims.put(claimName, expectedClaimValue); - boolean actualClaimValue = this.claimAccessor.getClaim(claimName); - assertThat(actualClaimValue).isEqualTo(expectedClaimValue); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java index 012fc99b46..642d1217d0 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java @@ -45,7 +45,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests { public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities)) .isInstanceOf(IllegalArgumentException.class); - assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities)) .isInstanceOf(IllegalArgumentException.class); } @@ -55,7 +54,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests { Collection authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, null).getAuthorities(); assertThat(authorities).isEmpty(); - authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, Collections.emptyList()) .getAuthorities(); assertThat(authorities).isEmpty(); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java index 1eaf4be167..5e23cec5d9 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java @@ -42,7 +42,6 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenNoValidatorsConfiguredThenReturnsSuccessfulResult() { DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>(); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - assertThat(tokenValidator.validate(token).hasErrors()).isFalse(); } @@ -50,16 +49,12 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenAnyValidatorFailsThenReturnsFailureResultContainingDetailFromFailingValidator() { OAuth2TokenValidator success = mock(OAuth2TokenValidator.class); OAuth2TokenValidator failure = mock(OAuth2TokenValidator.class); - given(success.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(failure.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(success, failure)); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isTrue(); assertThat(result.getErrors()).containsExactly(DETAIL); } @@ -68,20 +63,15 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenMultipleValidatorsFailThenReturnsFailureResultContainingAllDetails() { OAuth2TokenValidator firstFailure = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondFailure = mock(OAuth2TokenValidator.class); - OAuth2Error otherDetail = new OAuth2Error("another-error"); - given(firstFailure.validate(any(AbstractOAuth2Token.class))) .willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); given(secondFailure.validate(any(AbstractOAuth2Token.class))) .willReturn(OAuth2TokenValidatorResult.failure(otherDetail)); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( firstFailure, secondFailure); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isTrue(); assertThat(result.getErrors()).containsExactly(DETAIL, otherDetail); } @@ -90,16 +80,12 @@ public class DelegatingOAuth2TokenValidatorTests { public void validateWhenAllValidatorsSucceedThenReturnsSuccessfulResult() { OAuth2TokenValidator firstSuccess = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondSuccess = mock(OAuth2TokenValidator.class); - given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); - DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(firstSuccess, secondSuccess)); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - OAuth2TokenValidatorResult result = tokenValidator.validate(token); - assertThat(result.hasErrors()).isFalse(); assertThat(result.getErrors()).isEmpty(); } @@ -115,20 +101,15 @@ public class DelegatingOAuth2TokenValidatorTests { public void constructorsWhenInvokedWithSameInputsThenResultInSameOutputs() { OAuth2TokenValidator firstSuccess = mock(OAuth2TokenValidator.class); OAuth2TokenValidator secondSuccess = mock(OAuth2TokenValidator.class); - given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success()); - DelegatingOAuth2TokenValidator firstValidator = new DelegatingOAuth2TokenValidator<>( Arrays.asList(firstSuccess, secondSuccess)); DelegatingOAuth2TokenValidator secondValidator = new DelegatingOAuth2TokenValidator<>( firstSuccess, secondSuccess); - AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); - firstValidator.validate(token); secondValidator.validate(token); - verify(firstSuccess, times(2)).validate(token); verify(secondSuccess, times(2)).validate(token); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java index 00486cab70..984c1b7804 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java @@ -72,7 +72,6 @@ public class OAuth2AccessTokenTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES); - assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE); assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE); assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT); @@ -86,7 +85,6 @@ public class OAuth2AccessTokenTests { OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES); byte[] serialized = SerializationUtils.serialize(accessToken); accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized); - assertThat(serialized).isNotNull(); assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE); assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java index 4595dba640..fab4afdc2c 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java @@ -41,7 +41,6 @@ public class OAuth2ErrorTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2Error error = new OAuth2Error(ERROR_CODE, ERROR_DESCRIPTION, ERROR_URI); - assertThat(error.getErrorCode()).isEqualTo(ERROR_CODE); assertThat(error.getDescription()).isEqualTo(ERROR_DESCRIPTION); assertThat(error.getUri()).isEqualTo(ERROR_URI); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java index a029dd1bfe..e1aae08a90 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java @@ -38,7 +38,6 @@ public class OAuth2TokenValidatorResultTests { @Test public void failureWhenInvokedWithDetailReturnsFailureResultIncludingDetail() { OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL); - assertThat(failure.hasErrors()).isTrue(); assertThat(failure.getErrors()).containsExactly(DETAIL); } @@ -46,7 +45,6 @@ public class OAuth2TokenValidatorResultTests { @Test public void failureWhenInvokedWithMultipleDetailsReturnsFailureResultIncludingAll() { OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL, DETAIL); - assertThat(failure.hasErrors()).isTrue(); assertThat(failure.getErrors()).containsExactly(DETAIL, DETAIL); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java index c295fa2694..d09bff9892 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java @@ -70,7 +70,6 @@ public class ClaimTypeConverterTests { TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class))); Converter mapStringObjectConverter = getConverter(TypeDescriptor.map(Map.class, TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class))); - Map> claimTypeConverters = new HashMap<>(); claimTypeConverters.put(STRING_CLAIM, stringConverter); claimTypeConverters.put(BOOLEAN_CLAIM, booleanConverter); @@ -117,7 +116,6 @@ public class ClaimTypeConverterTests { mapIntegerObject.put(1, "value1"); Map mapStringObject = new HashMap<>(); mapStringObject.put("1", "value1"); - Map claims = new HashMap<>(); claims.put(STRING_CLAIM, Boolean.TRUE); claims.put(BOOLEAN_CLAIM, "true"); @@ -126,9 +124,7 @@ public class ClaimTypeConverterTests { claims.put(COLLECTION_STRING_CLAIM, listNumber); claims.put(LIST_STRING_CLAIM, listNumber); claims.put(MAP_STRING_OBJECT_CLAIM, mapIntegerObject); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get(STRING_CLAIM)).isEqualTo("true"); assertThat(claims.get(BOOLEAN_CLAIM)).isEqualTo(Boolean.TRUE); assertThat(claims.get(INSTANT_CLAIM)).isEqualTo(instant); @@ -147,7 +143,6 @@ public class ClaimTypeConverterTests { List listString = Lists.list("1", "2", "3", "4"); Map mapStringObject = new HashMap<>(); mapStringObject.put("1", "value1"); - Map claims = new HashMap<>(); claims.put(STRING_CLAIM, string); claims.put(BOOLEAN_CLAIM, bool); @@ -156,9 +151,7 @@ public class ClaimTypeConverterTests { claims.put(COLLECTION_STRING_CLAIM, listString); claims.put(LIST_STRING_CLAIM, listString); claims.put(MAP_STRING_OBJECT_CLAIM, mapStringObject); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get(STRING_CLAIM)).isSameAs(string); assertThat(claims.get(BOOLEAN_CLAIM)).isSameAs(bool); assertThat(claims.get(INSTANT_CLAIM)).isSameAs(instant); @@ -172,9 +165,7 @@ public class ClaimTypeConverterTests { public void convertWhenConverterNotAvailableThenDoesNotConvert() { Map claims = new HashMap<>(); claims.put("claim1", "value1"); - claims = this.claimTypeConverter.convert(claims); - assertThat(claims.get("claim1")).isSameAs("value1"); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java index 8aa09301b4..715f4efa77 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java @@ -63,11 +63,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Assert.assertTrue(scopes.contains("read")); Assert.assertTrue(scopes.contains("write")); Assert.assertEquals(3600, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNotNull(refreshToken); Assert.assertEquals("refresh-token-1234", refreshToken.getTokenValue()); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(2, additionalParameters.size()); @@ -88,12 +86,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Set scopes = accessToken.getScopes(); Assert.assertNotNull(scopes); Assert.assertEquals(0, scopes.size()); - Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNull(refreshToken); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(0, additionalParameters.size()); @@ -113,12 +108,9 @@ public class MapOAuth2AccessTokenResponseConverterTests { Set scopes = accessToken.getScopes(); Assert.assertNotNull(scopes); Assert.assertEquals(0, scopes.size()); - Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds()); - OAuth2RefreshToken refreshToken = converted.getRefreshToken(); Assert.assertNull(refreshToken); - Map additionalParameters = converted.getAdditionalParameters(); Assert.assertNotNull(additionalParameters); Assert.assertEquals(0, additionalParameters.size()); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java index 7be9dd9717..1fb64a63f6 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java @@ -46,17 +46,14 @@ public class OAuth2AccessTokenResponseMapConverterTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("custom_parameter_1", "custom-value-1"); additionalParameters.put("custom_parameter_2", "custom-value-2"); - Set scopes = new HashSet<>(); scopes.add("read"); scopes.add("write"); - OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699) .additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes) .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); Map result = this.messageConverter.convert(build); Assert.assertEquals(7, result.size()); - Assert.assertEquals("access-token-value-1234", result.get("access_token")); Assert.assertEquals("refresh-token-value-1234", result.get("refresh_token")); Assert.assertEquals("read write", result.get("scope")); @@ -72,7 +69,6 @@ public class OAuth2AccessTokenResponseMapConverterTests { .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); Map result = this.messageConverter.convert(build); Assert.assertEquals(3, result.size()); - Assert.assertEquals("access-token-value-1234", result.get("access_token")); Assert.assertEquals("Bearer", result.get("token_type")); Assert.assertNotNull(result.get("expires_in")); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java index 047dcc4c18..a9934d43b1 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java @@ -77,11 +77,9 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build(); - assertThat(tokenResponse.getAccessToken()).isNotNull(); assertThat(tokenResponse.getAccessToken().getTokenValue()).isEqualTo(TOKEN_VALUE); assertThat(tokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); @@ -99,13 +97,10 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build(); - OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build(); - assertThat(withResponse.getAccessToken().getTokenValue()) .isEqualTo(tokenResponse.getAccessToken().getTokenValue()); assertThat(withResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); @@ -125,13 +120,10 @@ public class OAuth2AccessTokenResponseTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .additionalParameters(additionalParameters).build(); - OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build(); - assertThat(withResponse.getRefreshToken()).isNull(); } @@ -139,11 +131,9 @@ public class OAuth2AccessTokenResponseTests { public void buildWhenResponseAndExpiresInThenExpiresAtEqualToIssuedAtPlusExpiresIn() { OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE) .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); - long expiresIn = 30; OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse) .expiresIn(expiresIn).build(); - assertThat(withResponse.getAccessToken().getExpiresAt()) .isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn)); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java index e6c64edd15..3855e1eae8 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java @@ -120,16 +120,13 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - Map attributes = new HashMap<>(); attributes.put("attribute1", "value1"); attributes.put("attribute2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).attributes(attributes) .authorizationRequestUri(AUTHORIZATION_URI).build(); - assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI); assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); @@ -147,7 +144,6 @@ public class OAuth2AuthorizationRequestTests { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&" + "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com"); @@ -174,11 +170,9 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=code&client_id=client-id&" + "scope=scope1%20scope2&state=state&" @@ -189,7 +183,6 @@ public class OAuth2AuthorizationRequestTests { public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesRequiredParametersOnly() { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()) .isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id"); } @@ -204,18 +197,14 @@ public class OAuth2AuthorizationRequestTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); - Map attributes = new HashMap<>(); attributes.put("attribute1", "value1"); attributes.put("attribute2", "value2"); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) .state(STATE).additionalParameters(additionalParameters).attributes(attributes).build(); - OAuth2AuthorizationRequest authorizationRequestCopy = OAuth2AuthorizationRequest.from(authorizationRequest) .build(); - assertThat(authorizationRequestCopy.getAuthorizationUri()) .isEqualTo(authorizationRequest.getAuthorizationUri()); assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType()); @@ -235,7 +224,6 @@ public class OAuth2AuthorizationRequestTests { public void buildWhenAuthorizationUriIncludesQueryParameterThenAuthorizationRequestUrlIncludesIt() { OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .authorizationUri(AUTHORIZATION_URI + "?param1=value1¶m2=value2").build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "param1=value1¶m2=value2&" + "response_type=code&client_id=client-id&state=state&" @@ -248,7 +236,6 @@ public class OAuth2AuthorizationRequestTests { .authorizationUri(AUTHORIZATION_URI + "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D") .build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&" @@ -264,7 +251,6 @@ public class OAuth2AuthorizationRequestTests { additionalParameters.put('\u00e2' + "ge", "4" + '\u00bd'); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() .additionalParameters(additionalParameters).build(); - assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo( "https://example.com/login/oauth/authorize?" + "response_type=code&client_id=client-id&state=state&" diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java index 2359547241..3a6f98a92f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java @@ -80,12 +80,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { + " \"scope\": \"read write\",\n" + " \"refresh_token\": \"refresh-token-1234\",\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -94,7 +91,6 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234"); assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly( entry("custom_parameter_1", "custom-value-1"), entry("custom_parameter_2", "custom-value-2")); - } // gh-6463 @@ -107,12 +103,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { + " \"custom_object_2\": [\"value1\", \"value2\"],\n" + " \"custom_parameter_1\": \"custom-value-1\",\n" + " \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -130,12 +123,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { String tokenResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 3600,\n" + " \"scope\": null,\n" + " \"refresh_token\": \"refresh-token-1234\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter .readInternal(OAuth2AccessTokenResponse.class, response); - assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) @@ -149,11 +139,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Converter tokenResponseConverter = mock(Converter.class); given(tokenResponseConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setTokenResponseConverter(tokenResponseConverter); - String tokenResponse = "{}"; - MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); - assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response)) .isInstanceOf(HttpMessageNotReadableException.class) .hasMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response"); @@ -166,15 +153,12 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Map additionalParameters = new HashMap<>(); additionalParameters.put("custom_parameter_1", "custom-value-1"); additionalParameters.put("custom_parameter_2", "custom-value-2"); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes) .refreshToken("refresh-token-1234").additionalParameters(additionalParameters).build(); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); this.messageConverter.writeInternal(accessTokenResponse, outputMessage); String tokenResponse = outputMessage.getBodyAsString(); - assertThat(tokenResponse).contains("\"access_token\":\"access-token-1234\""); assertThat(tokenResponse).contains("\"token_type\":\"Bearer\""); assertThat(tokenResponse).contains("\"expires_in\""); @@ -189,13 +173,10 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { Converter tokenResponseParametersConverter = mock(Converter.class); given(tokenResponseParametersConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter); - OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli()) .build(); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); - assertThatThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage)) .isInstanceOf(HttpMessageNotWritableException.class) .hasMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response"); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java index 783f2f4de3..0e9dc1ad14 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java @@ -69,9 +69,7 @@ public class OAuth2ErrorHttpMessageConverterTests { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\",\n" + " \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response); assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client"); assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized"); @@ -84,9 +82,7 @@ public class OAuth2ErrorHttpMessageConverterTests { String errorResponse = "{\n" + " \"error\": \"unauthorized_client\",\n" + " \"error_description\": \"The client is not authorized\",\n" + " \"error_codes\": [65001],\n" + " \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response); assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client"); assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized"); @@ -98,11 +94,8 @@ public class OAuth2ErrorHttpMessageConverterTests { Converter errorConverter = mock(Converter.class); given(errorConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setErrorConverter(errorConverter); - String errorResponse = "{}"; - MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); - assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response)) .isInstanceOf(HttpMessageNotReadableException.class) .hasMessageContaining("An error occurred reading the OAuth 2.0 Error"); @@ -112,11 +105,9 @@ public class OAuth2ErrorHttpMessageConverterTests { public void writeInternalWhenOAuth2ErrorThenWriteErrorResponse() throws Exception { OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2"); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); this.messageConverter.writeInternal(oauth2Error, outputMessage); String errorResponse = outputMessage.getBodyAsString(); - assertThat(errorResponse).contains("\"error\":\"unauthorized_client\""); assertThat(errorResponse).contains("\"error_description\":\"The client is not authorized\""); assertThat(errorResponse).contains("\"error_uri\":\"https://tools.ietf.org/html/rfc6749#section-5.2\""); @@ -127,12 +118,9 @@ public class OAuth2ErrorHttpMessageConverterTests { Converter errorParametersConverter = mock(Converter.class); given(errorParametersConverter.convert(any())).willThrow(RuntimeException.class); this.messageConverter.setErrorParametersConverter(errorParametersConverter); - OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2"); - MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); - assertThatThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage)) .isInstanceOf(HttpMessageNotWritableException.class) .hasMessageContaining("An error occurred writing the OAuth 2.0 Error"); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java index d4f2ae75e0..ebe7aa9919 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java @@ -48,7 +48,6 @@ public class DefaultAddressStandardClaimTests { AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder().formatted(FORMATTED) .streetAddress(STREET_ADDRESS).locality(LOCALITY).region(REGION).postalCode(POSTAL_CODE) .country(COUNTRY).build(); - assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED); assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS); assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY); @@ -66,9 +65,7 @@ public class DefaultAddressStandardClaimTests { addressFields.put(REGION_FIELD_NAME, REGION); addressFields.put(POSTAL_CODE_FIELD_NAME, POSTAL_CODE); addressFields.put(COUNTRY_FIELD_NAME, COUNTRY); - AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder(addressFields).build(); - assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED); assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS); assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java index dc9b96c0cf..adcce05236 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java @@ -31,16 +31,12 @@ public class OidcIdTokenBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoOidcIdTokens() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - OidcIdToken first = idTokenBuilder.tokenValue("V1").claim("TEST_CLAIM_1", "C1").build(); - OidcIdToken second = idTokenBuilder.tokenValue("V2").claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3") .build(); - assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); assertThat(first.getTokenValue()).isEqualTo("V1"); - assertThat(second.getClaims()).hasSize(2); assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2"); assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3"); @@ -50,15 +46,11 @@ public class OidcIdTokenBuilderTests { @Test public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - Instant now = Instant.now(); - OidcIdToken idToken = idTokenBuilder.expiresAt(now).build(); assertThat(idToken.getExpiresAt()).isSameAs(now); - idToken = idTokenBuilder.expiresAt(now).build(); assertThat(idToken.getExpiresAt()).isSameAs(now); - assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -66,15 +58,11 @@ public class OidcIdTokenBuilderTests { @Test public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - Instant now = Instant.now(); - OidcIdToken idToken = idTokenBuilder.issuedAt(now).build(); assertThat(idToken.getIssuedAt()).isSameAs(now); - idToken = idTokenBuilder.issuedAt(now).build(); assertThat(idToken.getIssuedAt()).isSameAs(now); - assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -82,13 +70,10 @@ public class OidcIdTokenBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - String generic = new String("sub"); String named = new String("sub"); - OidcIdToken idToken = idTokenBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build(); assertThat(idToken.getSubject()).isSameAs(generic); - idToken = idTokenBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build(); assertThat(idToken.getSubject()).isSameAs(named); } @@ -96,7 +81,6 @@ public class OidcIdTokenBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim"); - OidcIdToken idToken = idTokenBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB)) .build(); assertThat(idToken.getSubject()).isNull(); @@ -105,11 +89,9 @@ public class OidcIdTokenBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token"); - String name = new String("name"); String value = new String("value"); OidcIdToken idToken = idTokenBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(idToken.getClaims()).hasSize(1); assertThat(idToken.getClaims().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java index 9e43b0449a..4f795c6f95 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java @@ -85,7 +85,6 @@ public class OidcIdTokenTests { private static final Map CLAIMS; private static final String ID_TOKEN_VALUE = "id-token-value"; - static { CLAIMS = new HashMap<>(); CLAIMS.put(ISS_CLAIM, ISS_VALUE); @@ -117,7 +116,6 @@ public class OidcIdTokenTests { public void constructorWhenParametersProvidedAndValidThenCreated() { OidcIdToken idToken = new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), CLAIMS); - assertThat(idToken.getClaims()).isEqualTo(CLAIMS); assertThat(idToken.getTokenValue()).isEqualTo(ID_TOKEN_VALUE); assertThat(idToken.getIssuer().toString()).isEqualTo(ISS_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java index fe5a579734..8877139e0f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java @@ -28,14 +28,10 @@ public class OidcUserInfoBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoOidcUserInfos() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - OidcUserInfo first = userInfoBuilder.claim("TEST_CLAIM_1", "C1").build(); - OidcUserInfo second = userInfoBuilder.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build(); - assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); - assertThat(second.getClaims()).hasSize(2); assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2"); assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3"); @@ -44,13 +40,10 @@ public class OidcUserInfoBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - String generic = new String("sub"); String named = new String("sub"); - OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build(); assertThat(userInfo.getSubject()).isSameAs(generic); - userInfo = userInfoBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build(); assertThat(userInfo.getSubject()).isSameAs(named); } @@ -58,7 +51,6 @@ public class OidcUserInfoBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim"); - OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB)) .build(); assertThat(userInfo.getSubject()).isNull(); @@ -67,11 +59,9 @@ public class OidcUserInfoBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder(); - String name = new String("name"); String value = new String("value"); OidcUserInfo userInfo = userInfoBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(userInfo.getClaims()).hasSize(1); assertThat(userInfo.getClaims().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java index 9146c9760c..53fe17d28d 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java @@ -113,7 +113,6 @@ public class OidcUserInfoTests { private static final long UPDATED_AT_VALUE = Instant.now().minusSeconds(60).toEpochMilli(); private static final Map CLAIMS; - static { CLAIMS = new HashMap<>(); CLAIMS.put(SUB_CLAIM, SUB_VALUE); @@ -134,7 +133,6 @@ public class OidcUserInfoTests { CLAIMS.put(LOCALE_CLAIM, LOCALE_VALUE); CLAIMS.put(PHONE_NUMBER_CLAIM, PHONE_NUMBER_VALUE); CLAIMS.put(PHONE_NUMBER_VERIFIED_CLAIM, PHONE_NUMBER_VERIFIED_VALUE); - ADDRESS_VALUE = new HashMap<>(); ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME, DefaultAddressStandardClaimTests.FORMATTED); @@ -148,7 +146,6 @@ public class OidcUserInfoTests { ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME, DefaultAddressStandardClaimTests.COUNTRY); CLAIMS.put(ADDRESS_CLAIM, ADDRESS_VALUE); - CLAIMS.put(UPDATED_AT_CLAIM, UPDATED_AT_VALUE); } @@ -160,7 +157,6 @@ public class OidcUserInfoTests { @Test public void constructorWhenParametersProvidedAndValidThenCreated() { OidcUserInfo userInfo = new OidcUserInfo(CLAIMS); - assertThat(userInfo.getClaims()).isEqualTo(CLAIMS); assertThat(userInfo.getSubject()).isEqualTo(SUB_VALUE); assertThat(userInfo.getFullName()).isEqualTo(NAME_VALUE); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java index ef8501ead2..78dd8b494f 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java @@ -54,14 +54,12 @@ public class DefaultOidcUserTests { private static final Map ID_TOKEN_CLAIMS = new HashMap<>(); private static final Map USER_INFO_CLAIMS = new HashMap<>(); - static { ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com"); ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT); USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME); USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL); } - private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS); @@ -85,7 +83,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); assertThat(user.getName()).isEqualTo(SUBJECT); @@ -97,7 +94,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenNameAttributeKeyProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, IdTokenClaimNames.SUB); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); assertThat(user.getName()).isEqualTo(SUBJECT); @@ -109,7 +105,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAuthoritiesIdTokenUserInfoProvidedThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); @@ -124,7 +119,6 @@ public class DefaultOidcUserTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO, StandardClaimNames.EMAIL); - assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL); assertThat(user.getIdToken()).isEqualTo(ID_TOKEN); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java index 4f83847331..d086c3eb99 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java @@ -48,14 +48,12 @@ public class OidcUserAuthorityTests { private static final Map ID_TOKEN_CLAIMS = new HashMap<>(); private static final Map USER_INFO_CLAIMS = new HashMap<>(); - static { ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com"); ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT); USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME); USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL); } - private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS); @@ -79,7 +77,6 @@ public class OidcUserAuthorityTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OidcUserAuthority userAuthority = new OidcUserAuthority(AUTHORITY, ID_TOKEN, USER_INFO); - assertThat(userAuthority.getIdToken()).isEqualTo(ID_TOKEN); assertThat(userAuthority.getUserInfo()).isEqualTo(USER_INFO); assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java index 88f20d81c1..c1643e86d5 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java @@ -79,7 +79,6 @@ public class DefaultOAuth2UserTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY); - assertThat(user.getName()).isEqualTo(USERNAME); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(AUTHORITY); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java index 83d68e921e..b7b22d5541 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java @@ -52,7 +52,6 @@ public class OAuth2UserAuthorityTests { @Test public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2UserAuthority userAuthority = new OAuth2UserAuthority(AUTHORITY, ATTRIBUTES); - assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY); assertThat(userAuthority.getAttributes()).isEqualTo(ATTRIBUTES); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java index bfdd17de31..abe976ecc8 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java @@ -63,7 +63,6 @@ public class OAuth2BodyExtractorsTests { messageReaders.add(new DecoderHttpMessageReader<>(StringDecoder.allMimeTypes())); messageReaders.add(new DecoderHttpMessageReader<>(new Jackson2JsonDecoder())); messageReaders.add(new FormHttpMessageReader()); - this.hints = new HashMap<>(); this.context = new BodyExtractor.Context() { @Override @@ -87,13 +86,10 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenInvalidJsonThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody("{"); - Mono result = extractor.extract(response, this.context); - assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("An error occurred parsing the Access Token response"); } @@ -102,11 +98,8 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenEmptyThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); - Mono result = extractor.extract(response, this.context); - assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("Empty OAuth 2.0 Access Token Response"); } @@ -115,17 +108,14 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenValidThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody( "{\n" + " \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + " \"token_type\":\"Bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n" + " \"example_parameter\":\"example_value\"\n" + " }"); - Instant now = Instant.now(); OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block(); - assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA"); assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2)); @@ -138,17 +128,14 @@ public class OAuth2BodyExtractorsTests { public void oauth2AccessTokenResponseWhenMultipleAttributeTypesThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors .oauth2AccessTokenResponse(); - MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody( "{\n" + " \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + " \"token_type\":\"Bearer\",\n" + " \"expires_in\":3600,\n" + " \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n" + " \"subjson\":{}, \n" + " \"list\":[] \n" + " }"); - Instant now = Instant.now(); OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block(); - assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA"); assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2)); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java index 6cde34191f..f0dba9b354 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java @@ -43,7 +43,6 @@ public final class TestKeys { throw new IllegalStateException(ex); } } - public static final String DEFAULT_ENCODED_SECRET_KEY = "bCzY/M48bbkwBEWjmNSIEPfwApcvXOnkCxORBEbPr+4="; public static final SecretKey DEFAULT_SECRET_KEY = new SecretKeySpec( @@ -66,7 +65,6 @@ public final class TestKeys { throw new IllegalArgumentException(ex); } } - public static final String DEFAULT_RSA_PRIVATE_KEY = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA" + "iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM" + "g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK" @@ -94,7 +92,6 @@ public final class TestKeys { + "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g=="; public static final RSAPrivateKey DEFAULT_PRIVATE_KEY; - static { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY)); try { diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java index d91c78a928..efac7719f7 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java @@ -34,18 +34,14 @@ public class JwtBuilderTests { @Test public void buildWhenCalledTwiceThenGeneratesTwoJwts() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token"); - Jwt first = jwtBuilder.tokenValue("V1").header("TEST_HEADER_1", "H1").claim("TEST_CLAIM_1", "C1").build(); - Jwt second = jwtBuilder.tokenValue("V2").header("TEST_HEADER_1", "H2").header("TEST_HEADER_2", "H3") .claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build(); - assertThat(first.getHeaders()).hasSize(1); assertThat(first.getHeaders().get("TEST_HEADER_1")).isEqualTo("H1"); assertThat(first.getClaims()).hasSize(1); assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1"); assertThat(first.getTokenValue()).isEqualTo("V1"); - assertThat(second.getHeaders()).hasSize(2); assertThat(second.getHeaders().get("TEST_HEADER_1")).isEqualTo("H2"); assertThat(second.getHeaders().get("TEST_HEADER_2")).isEqualTo("H3"); @@ -58,15 +54,11 @@ public class JwtBuilderTests { @Test public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - Instant now = Instant.now(); - Jwt jwt = jwtBuilder.expiresAt(now).build(); assertThat(jwt.getExpiresAt()).isSameAs(now); - jwt = jwtBuilder.expiresAt(now).build(); assertThat(jwt.getExpiresAt()).isSameAs(now); - assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -74,15 +66,11 @@ public class JwtBuilderTests { @Test public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - Instant now = Instant.now(); - Jwt jwt = jwtBuilder.issuedAt(now).build(); assertThat(jwt.getIssuedAt()).isSameAs(now); - jwt = jwtBuilder.issuedAt(now).build(); assertThat(jwt.getIssuedAt()).isSameAs(now); - assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build()) .isInstanceOf(IllegalArgumentException.class); } @@ -90,13 +78,10 @@ public class JwtBuilderTests { @Test public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - String generic = new String("sub"); String named = new String("sub"); - Jwt jwt = jwtBuilder.subject(named).claim(JwtClaimNames.SUB, generic).build(); assertThat(jwt.getSubject()).isSameAs(generic); - jwt = jwtBuilder.claim(JwtClaimNames.SUB, generic).subject(named).build(); assertThat(jwt.getSubject()).isSameAs(named); } @@ -104,7 +89,6 @@ public class JwtBuilderTests { @Test public void claimsWhenRemovingAClaimThenIsNotPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header"); - Jwt jwt = jwtBuilder.subject("sub").claims((claims) -> claims.remove(JwtClaimNames.SUB)).build(); assertThat(jwt.getSubject()).isNull(); } @@ -112,11 +96,9 @@ public class JwtBuilderTests { @Test public void claimsWhenAddingAClaimThenIsPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header"); - String name = new String("name"); String value = new String("value"); Jwt jwt = jwtBuilder.claims((claims) -> claims.put(name, value)).build(); - assertThat(jwt.getClaims()).hasSize(1); assertThat(jwt.getClaims().get(name)).isSameAs(value); } @@ -124,7 +106,6 @@ public class JwtBuilderTests { @Test public void headersWhenRemovingAClaimThenIsNotPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header"); - Jwt jwt = jwtBuilder.header("alg", "none").headers((headers) -> headers.remove("alg")).build(); assertThat(jwt.getHeaders().get("alg")).isNull(); } @@ -132,11 +113,9 @@ public class JwtBuilderTests { @Test public void headersWhenAddingAClaimThenIsPresent() { Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim"); - String name = new String("name"); String value = new String("value"); Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value)).build(); - assertThat(jwt.getHeaders()).hasSize(1); assertThat(jwt.getHeaders().get(name)).isSameAs(value); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java index 8f1be78bb3..c3206a37f3 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java @@ -219,7 +219,6 @@ public class JwtDecodersTests { @Test public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); @@ -228,7 +227,6 @@ public class JwtDecodersTests { @Test public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> JwtDecoders.fromIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java index c8f73f387a..501beb5fb9 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java @@ -36,23 +36,19 @@ public class JwtIssuerValidatorTests { @Test public void validateWhenIssuerMatchesThenReturnsSuccess() { Jwt jwt = TestJwts.jwt().claim("iss", ISSUER).build(); - assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success()); } @Test public void validateWhenIssuerMismatchesThenReturnsError() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "https://other").build(); - OAuth2TokenValidatorResult result = this.validator.validate(jwt); - assertThat(result.getErrors()).isNotEmpty(); } @Test public void validateWhenJwtHasNoIssuerThenReturnsError() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.AUD, "https://aud").build(); - OAuth2TokenValidatorResult result = this.validator.validate(jwt); assertThat(result.getErrors()).isNotEmpty(); } @@ -62,7 +58,6 @@ public class JwtIssuerValidatorTests { public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() { Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "issuer").build(); JwtIssuerValidator validator = new JwtIssuerValidator("issuer"); - assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success()); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java index 924c5f85ca..cc2e99e373 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java @@ -69,11 +69,9 @@ public class JwtTests { private static final Map CLAIMS; private static final String JWT_TOKEN_VALUE = "jwt-token-value"; - static { HEADERS = new HashMap<>(); HEADERS.put("alg", JwsAlgorithms.RS256); - CLAIMS = new HashMap<>(); CLAIMS.put(ISS_CLAIM, ISS_VALUE); CLAIMS.put(SUB_CLAIM, SUB_VALUE); @@ -105,7 +103,6 @@ public class JwtTests { public void constructorWhenParametersProvidedAndValidThenCreated() { Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS); - assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE); assertThat(jwt.getHeaders()).isEqualTo(HEADERS); assertThat(jwt.getClaims()).isEqualTo(CLAIMS); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java index cba1158652..8cac7c007c 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java @@ -54,28 +54,20 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime() { Instant oneHourAgo = Instant.now().minusSeconds(3600); - Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - Collection details = jwtValidator.validate(jwt).getErrors(); Collection messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(messages).contains("Jwt expired at " + oneHourAgo); } @Test public void validateWhenJwtIsTooEarlyThenErrorMessageIndicatesNotBeforeTime() { Instant oneHourFromNow = Instant.now().plusSeconds(3600); - Jwt jwt = TestJwts.jwt().notBefore(oneHourFromNow).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - Collection details = jwtValidator.validate(jwt).getErrors(); Collection messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(messages).contains("Jwt used before " + oneHourFromNow); } @@ -83,54 +75,39 @@ public class JwtTimestampValidatorTests { public void validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew() { Duration oneDayOff = Duration.ofDays(1); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(oneDayOff); - Instant now = Instant.now(); Instant almostOneDayAgo = now.minus(oneDayOff).plusSeconds(10); Instant almostOneDayFromNow = now.plus(oneDayOff).minusSeconds(10); Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10); Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10); - Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build(); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); - jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build(); - OAuth2TokenValidatorResult result = jwtValidator.validate(jwt); Collection messages = result.getErrors().stream().map(OAuth2Error::getDescription) .collect(Collectors.toList()); - assertThat(result.hasErrors()).isTrue(); assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo); - jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build(); - result = jwtValidator.validate(jwt); messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList()); - assertThat(result.hasErrors()).isTrue(); assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow); - } @Test public void validateWhenConfiguredWithFixedClockThenValidatesUsingFixedTime() { Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0)); jwtValidator.setClock(MOCK_NOW); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); - jwt = TestJwts.jwt().notBefore(Instant.now(MOCK_NOW)).build(); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @Test public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -138,7 +115,6 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -146,7 +122,6 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenExpiryIsValidAndNotBeforeIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @@ -154,17 +129,14 @@ public class JwtTimestampValidatorTests { @Test public void validateWhenBothExpiryAndNotBeforeAreValidThenReturnsSuccessfulResult() { Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build(); - JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0)); jwtValidator.setClock(MOCK_NOW); - assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); } @Test public void setClockWhenInvokedWithNullThenThrowsIllegalArgumentException() { JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); - assertThatCode(() -> jwtValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java index 540f668e5e..d27b08df2a 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java @@ -48,23 +48,18 @@ public class MappedJwtClaimSetConverterTests { Instant at = Instant.ofEpochMilli(1000000000000L); Converter expiresAtConverter = mock(Converter.class); given(expiresAtConverter.convert(any())).willReturn(at); - MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter)); - Map source = new HashMap<>(); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1)); } @Test public void convertWhenUsingDefaultsThenBasesIssuedAtOffOfExpiration() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.EXP, 1000000000L); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(1000000000L)); assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1000000000L).minusSeconds(1)); } @@ -72,16 +67,12 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenCoercesAudienceAccordingToJwtSpec() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.AUD, "audience"); Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); - source = Collections.singletonMap(JwtClaimNames.AUD, Arrays.asList("one", "two")); target = converter.convert(source); - assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("one", "two")); } @@ -89,7 +80,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenCoercesAllAttributesInJwtSpec() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, 1); source.put(JwtClaimNames.AUD, "audience"); @@ -98,9 +88,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, "https://any.url"); source.put(JwtClaimNames.NBF, 1000000000); source.put(JwtClaimNames.SUB, 1234); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1"); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L)); @@ -116,7 +104,6 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); given(claimConverter.convert(any(Object.class))).willReturn("1234"); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, 1); source.put(JwtClaimNames.AUD, "audience"); @@ -125,9 +112,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, URI.create("https://any.url")); source.put(JwtClaimNames.NBF, "1000000000"); source.put(JwtClaimNames.SUB, 2345); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1"); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience")); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L)); @@ -140,10 +125,8 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenConverterReturnsNullThenClaimIsRemoved() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map source = Collections.singletonMap(JwtClaimNames.ISS, null); Map target = converter.convert(source); - assertThat(target).doesNotContainKey(JwtClaimNames.ISS); } @@ -153,10 +136,8 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap("custom-claim", claimConverter)); given(claimConverter.convert(any())).willReturn("custom-value"); - Map source = new HashMap<>(); Map target = converter.convert(source); - assertThat(target.get("custom-claim")).isEqualTo("custom-value"); } @@ -166,7 +147,6 @@ public class MappedJwtClaimSetConverterTests { MappedJwtClaimSetConverter converter = new MappedJwtClaimSetConverter( Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); given(claimConverter.convert(any(Object.class))).willReturn("1234"); - Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, new Object()); source.put(JwtClaimNames.AUD, new Object()); @@ -175,9 +155,7 @@ public class MappedJwtClaimSetConverterTests { source.put(JwtClaimNames.ISS, new Object()); source.put(JwtClaimNames.NBF, new Object()); source.put(JwtClaimNames.SUB, new Object()); - Map target = converter.convert(source); - assertThat(target.get(JwtClaimNames.JTI)).isEqualTo(source.get(JwtClaimNames.JTI)); assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(source.get(JwtClaimNames.AUD)); assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(source.get(JwtClaimNames.EXP)); @@ -190,16 +168,12 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenUsingDefaultsThenFailedConversionThrowsIllegalStateException() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map badIssuer = Collections.singletonMap(JwtClaimNames.ISS, "https://badly formed iss"); assertThatCode(() -> converter.convert(badIssuer)).isInstanceOf(IllegalStateException.class); - Map badIssuedAt = Collections.singletonMap(JwtClaimNames.IAT, "badly-formed-iat"); assertThatCode(() -> converter.convert(badIssuedAt)).isInstanceOf(IllegalStateException.class); - Map badExpiresAt = Collections.singletonMap(JwtClaimNames.EXP, "badly-formed-exp"); assertThatCode(() -> converter.convert(badExpiresAt)).isInstanceOf(IllegalStateException.class); - Map badNotBefore = Collections.singletonMap(JwtClaimNames.NBF, "badly-formed-nbf"); assertThatCode(() -> converter.convert(badNotBefore)).isInstanceOf(IllegalStateException.class); } @@ -208,7 +182,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenIssuerIsNotAUriThenConvertsToString() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map nonUriIssuer = Collections.singletonMap(JwtClaimNames.ISS, "issuer"); Map target = converter.convert(nonUriIssuer); assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("issuer"); @@ -218,7 +191,6 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenIssuerIsOfTypeURLThenConvertsToString() throws Exception { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()); - Map issuer = Collections.singletonMap(JwtClaimNames.ISS, new URL("https://issuer")); Map target = converter.convert(issuer); assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("https://issuer"); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java index 18a4a00aa2..b0b848f875 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java @@ -175,15 +175,11 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure)); decoder.setJwtValidator(jwtValidator); - assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -194,17 +190,13 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); decoder.setJwtValidator(jwtValidator); - assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description") .hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)); @@ -216,13 +208,10 @@ public class NimbusJwtDecoderJwkSupportTests { try (MockWebServer server = new MockWebServer()) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); - NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); - Converter, Map> claimSetConverter = mock(Converter.class); given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); decoder.setClaimSetConverter(claimSetConverter); - Jwt jwt = decoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java index 32b04cc858..fcdd0e2c84 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java @@ -174,11 +174,9 @@ public class NimbusJwtDecoderTests { @Test public void decodeWhenJwtFailsValidationThenReturnsCorrespondingErrorMessage() { OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure)); this.jwtDecoder.setJwtValidator(jwtValidator); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -188,11 +186,9 @@ public class NimbusJwtDecoderTests { OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure); - OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); this.jwtDecoder.setJwtValidator(jwtValidator); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description") .hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)); @@ -202,13 +198,11 @@ public class NimbusJwtDecoderTests { public void decodeWhenReadingErrorPickTheFirstErrorMessage() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.jwtDecoder.setJwtValidator(jwtValidator); - OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri"); OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } @@ -218,7 +212,6 @@ public class NimbusJwtDecoderTests { Converter, Map> claimSetConverter = mock(Converter.class); given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); this.jwtDecoder.setClaimSetConverter(claimSetConverter); - Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); @@ -229,9 +222,7 @@ public class NimbusJwtDecoderTests { public void decodeWhenClaimSetConverterFailsThenBadJwtException() { Converter, Map> claimSetConverter = mock(Converter.class); this.jwtDecoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion")); - assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class); } @@ -255,7 +246,6 @@ public class NimbusJwtDecoderTests { try (MockWebServer server = new MockWebServer()) { String jwkSetUri = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build(); - server.shutdown(); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) @@ -269,12 +259,10 @@ public class NimbusJwtDecoderTests { Cache cache = new ConcurrentMapCache("test-jwk-set-cache"); String jwkSetUri = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build(); - server.shutdown(); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) .hasMessageContaining("An error occurred while attempting to decode the Jwt"); - } } @@ -530,7 +518,6 @@ public class NimbusJwtDecoderTests { assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class) .isNotInstanceOf(BadJwtException.class) .hasMessageContaining("An error occurred while attempting to decode the Jwt"); - } // gh-8730 @@ -595,7 +582,6 @@ public class NimbusJwtDecoderTests { @Override public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException { - try { return signedJWT.getJWTClaimsSet(); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java index fb9906cffc..237e3ba2c4 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java @@ -126,16 +126,13 @@ public class NimbusReactiveJwtDecoderTests { @Test public void decodeWhenInvalidUrl() { this.decoder = new NimbusReactiveJwtDecoder("https://s"); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(IllegalStateException.class).hasCauseInstanceOf(UnknownHostException.class); - } @Test public void decodeWhenMessageReadScopeThenSuccess() { Jwt jwt = this.decoder.decode(this.messageReadToken).block(); - assertThat(jwt.getClaims().get("scope")).isEqualTo("message:read"); } @@ -147,16 +144,13 @@ public class NimbusReactiveJwtDecoderTests { .generatePublic(new X509EncodedKeySpec(bytes)); this.decoder = new NimbusReactiveJwtDecoder(publicKey); String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ"; - assertThatCode(() -> this.decoder.decode(noKeyId).block()).doesNotThrowAnyException(); } @Test public void decodeWhenIssuedAtThenSuccess() { String withIssuedAt = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NSwiaWF0IjoxNTI5OTQyNDQ4fQ.LBzAJO-FR-uJDHST61oX4kimuQjz6QMJPW_mvEXRB6A-fMQWpfTQ089eboipAqsb33XnwWth9ELju9HMWLk0FjlWVVzwObh9FcoKelmPNR8mZIlFG-pAYGgSwi8HufyLabXHntFavBiFtqwp_z9clSOFK1RxWvt3lywEbGgtCKve0BXOjfKWiH1qe4QKGixH-NFxidvz8Qd5WbJwyb9tChC6ZKoKPv7Jp-N5KpxkY-O2iUtINvn4xOSactUsvKHgF8ZzZjvJGzG57r606OZXaNtoElQzjAPU5xDGg5liuEJzfBhvqiWCLRmSuZ33qwp3aoBnFgEw0B85gsNe3ggABg"; - Jwt jwt = this.decoder.decode(withIssuedAt).block(); - assertThat(jwt.getClaims().get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1529942448L)); } @@ -207,11 +201,9 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenUsingCustomValidatorThenValidatorIsInvoked() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.decoder.setJwtValidator(jwtValidator); - OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description"); } @@ -220,13 +212,11 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenReadingErrorPickTheFirstErrorMessage() { OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class); this.decoder.setJwtValidator(jwtValidator); - OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri"); OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2); given(jwtValidator.validate(any(Jwt.class))).willReturn(result); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) .isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description"); } @@ -235,9 +225,7 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() { Converter, Map> claimSetConverter = mock(Converter.class); this.decoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value")); - Jwt jwt = this.decoder.decode(this.messageReadToken).block(); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); @@ -249,9 +237,7 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenClaimSetConverterFailsThenBadJwtException() { Converter, Map> claimSetConverter = mock(Converter.class); this.decoder.setClaimSetConverter(claimSetConverter); - given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion")); - assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class); } @@ -359,7 +345,6 @@ public class NimbusReactiveJwtDecoderTests { .jwtProcessorCustomizer( (p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))) .build(); - AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block()) .isInstanceOf(BadJwtException.class) .hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing"); @@ -381,7 +366,6 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenCustomJwkSourceResolutionThenDecodes() { NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder .withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build(); - assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull(); } @@ -392,7 +376,6 @@ public class NimbusReactiveJwtDecoderTests { .jwtProcessorCustomizer( (p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))) .build(); - assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class) .hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing"); } @@ -424,7 +407,6 @@ public class NimbusReactiveJwtDecoderTests { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject") .expirationTime(Date.from(Instant.now().plusSeconds(60))).build(); SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet); - this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build(); Jwt jwt = this.decoder.decode(signedJWT.serialize()).block(); assertThat(jwt.getSubject()).isEqualTo("test-subject"); @@ -449,7 +431,6 @@ public class NimbusReactiveJwtDecoderTests { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject") .expirationTime(Date.from(Instant.now().plusSeconds(60))).build(); SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet); - this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build(); assertThatThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block()) .isInstanceOf(BadJwtException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java index 99b9d516c7..bd106ef99a 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java @@ -90,9 +90,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponse(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -100,9 +98,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponseOidc(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -110,9 +106,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() { prepareConfigurationResponseOAuth2(); - ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer); - assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class) .hasMessageContaining("The iss claim is not valid"); } @@ -120,7 +114,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() { prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }"); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(RuntimeException.class); } @@ -167,7 +160,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() { prepareConfigurationResponse("malformed"); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(RuntimeException.class); } @@ -187,7 +179,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() { prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer)); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer)) .isInstanceOf(IllegalStateException.class); } @@ -209,9 +200,7 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); - assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); } @@ -219,7 +208,6 @@ public class ReactiveJwtDecodersTests { @Test public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception { - this.server.shutdown(); assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer")) .isInstanceOf(IllegalArgumentException.class); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java index 6a2960afee..312d5bdc9c 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java @@ -74,7 +74,6 @@ public class ReactiveRemoteJWKSourceTests { public void setup() { this.server = new MockWebServer(); this.source = new ReactiveRemoteJWKSource(this.server.url("/").toString()); - this.server.enqueue(new MockResponse().setBody(this.keys)); this.selector = new JWKSelector(this.matcher); } @@ -82,17 +81,14 @@ public class ReactiveRemoteJWKSourceTests { @Test public void getWhenMultipleRequestThenCached() { given(this.matcher.matches(any())).willReturn(true); - this.source.get(this.selector).block(); this.source.get(this.selector).block(); - assertThat(this.server.getRequestCount()).isEqualTo(1); } @Test public void getWhenMatchThenCreatesKeys() { given(this.matcher.matches(any())).willReturn(true); - List keys = this.source.get(this.selector).block(); assertThat(keys).hasSize(2); JWK key1 = keys.get(0); @@ -100,7 +96,6 @@ public class ReactiveRemoteJWKSourceTests { assertThat(key1.getAlgorithm().getName()).isEqualTo("RS256"); assertThat(key1.getKeyType()).isEqualTo(KeyType.RSA); assertThat(key1.getKeyUse()).isEqualTo(KeyUse.SIGNATURE); - JWK key2 = keys.get(1); assertThat(key2.getKeyID()).isEqualTo("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77"); assertThat(key2.getAlgorithm().getName()).isEqualTo("RS256"); @@ -112,7 +107,6 @@ public class ReactiveRemoteJWKSourceTests { public void getWhenNoMatchAndNoKeyIdThenEmpty() { given(this.matcher.matches(any())).willReturn(false); given(this.matcher.getKeyIDs()).willReturn(Collections.emptySet()); - assertThat(this.source.get(this.selector).block()).isEmpty(); } @@ -121,9 +115,7 @@ public class ReactiveRemoteJWKSourceTests { this.server.enqueue(new MockResponse().setBody(this.keys2)); given(this.matcher.matches(any())).willReturn(false, false, true); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated")); - List keys = this.source.get(this.selector).block(); - assertThat(keys).hasSize(1); assertThat(keys.get(0).getKeyID()).isEqualTo("rotated"); } @@ -133,9 +125,7 @@ public class ReactiveRemoteJWKSourceTests { this.server.enqueue(new MockResponse().setBody(this.keys2)); given(this.matcher.matches(any())).willReturn(false, false, false); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated")); - List keys = this.source.get(this.selector).block(); - assertThat(keys).isEmpty(); } @@ -143,7 +133,6 @@ public class ReactiveRemoteJWKSourceTests { public void getWhenNoMatchAndKeyIdMatchThenEmpty() { given(this.matcher.matches(any())).willReturn(false); given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77")); - assertThat(this.source.get(this.selector).block()).isEmpty(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java index 3a7e07471c..11cfb3bcc7 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java @@ -58,7 +58,6 @@ public final class TestOAuth2AuthenticatedPrincipals { attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis"); attributes.put(OAuth2IntrospectionClaimNames.USERNAME, "jdoe"); attributesConsumer.accept(attributes); - Collection authorities = Arrays.asList(new SimpleGrantedAuthority("SCOPE_read"), new SimpleGrantedAuthority("SCOPE_write"), new SimpleGrantedAuthority("SCOPE_dolphin")); return new OAuth2IntrospectionAuthenticatedPrincipal(attributes, authorities); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java index a85e43d25b..e8c520ed09 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java @@ -43,7 +43,6 @@ public class BearerTokenAuthenticationTokenTests { @Test public void constructorWhenTokenHasValueThenConstructedCorrectly() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token"); - assertThat(token.getToken()).isEqualTo("token"); assertThat(token.getPrincipal()).isEqualTo("token"); assertThat(token.getCredentials()).isEqualTo("token"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java index ca7c70e5b3..b095788d94 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java @@ -44,7 +44,6 @@ public class BearerTokenErrorTests { @Test public void constructorWithErrorCodeWhenErrorCodeIsValidThenCreated() { BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, null, null); - assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE); assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS); assertThat(error.getDescription()).isNull(); @@ -74,7 +73,6 @@ public class BearerTokenErrorTests { public void constructorWithAllParametersWhenAllParametersAreValidThenCreated() { BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE); - assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE); assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS); assertThat(error.getDescription()).isEqualTo(TEST_DESCRIPTION); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java index 64e14fd6e2..f4fb711430 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java @@ -44,10 +44,8 @@ public class JwtAuthenticationConverterTests { @Test public void convertWhenDefaultGrantedAuthoritiesConverterSet() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -62,15 +60,11 @@ public class JwtAuthenticationConverterTests { @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Arrays .asList(new SimpleGrantedAuthority("blah")); - this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } @@ -97,10 +91,8 @@ public class JwtAuthenticationConverterTests { @Test public void convertWhenPrincipalClaimNameSet() { this.jwtAuthenticationConverter.setPrincipalClaimName("user_id"); - Jwt jwt = TestJwts.jwt().claim("user_id", "100").build(); AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); - assertThat(authentication.getName()).isEqualTo("100"); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java index abbb3be03b..2501d67a4a 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java @@ -65,23 +65,17 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt() { BearerTokenAuthenticationToken token = this.authentication(); - Jwt jwt = TestJwts.jwt().claim("name", "value").build(); - given(this.jwtDecoder.decode("token")).willReturn(jwt); given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt)); - JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token); - assertThat(authentication.getTokenAttributes()).containsEntry("name", "value"); } @Test public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class); - assertThatCode(() -> this.provider.authenticate(token)) .matches((failed) -> failed instanceof OAuth2AuthenticationException) .matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN)); @@ -90,9 +84,7 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars")); - assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class) .hasFieldOrPropertyWithValue("error.description", "Invalid token"); } @@ -101,9 +93,7 @@ public class JwtAuthenticationProviderTests { @Test public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() { BearerTokenAuthenticationToken token = this.authentication(); - given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set")); - assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class) .isNotInstanceOf(OAuth2AuthenticationException.class); } @@ -113,13 +103,10 @@ public class JwtAuthenticationProviderTests { BearerTokenAuthenticationToken token = this.authentication(); Object details = mock(Object.class); token.setDetails(details); - Jwt jwt = TestJwts.jwt().build(); JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt); - given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt); given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication); - assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details", details); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java index b47ae58732..417c2354b3 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java @@ -42,7 +42,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenJwtHasSubjectThenReturnsSubject() { Jwt jwt = builder().subject("Carl").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isEqualTo("Carl"); } @@ -50,7 +49,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenJwtHasNoSubjectThenReturnsNull() { Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isNull(); } @@ -65,7 +63,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities); - assertThat(token.getAuthorities()).isEqualTo(authorities); assertThat(token.getPrincipal()).isEqualTo(jwt); assertThat(token.getCredentials()).isEqualTo(jwt); @@ -78,7 +75,6 @@ public class JwtAuthenticationTokenTests { public void constructorWhenUsingOnlyJwtThenConstructedCorrectly() { Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getAuthorities()).isEmpty(); assertThat(token.getPrincipal()).isEqualTo(jwt); assertThat(token.getCredentials()).isEqualTo(jwt); @@ -91,7 +87,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenConstructedWithJwtThenReturnsSubject() { Jwt jwt = builder().subject("Hayden").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -100,7 +95,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().subject("Hayden").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -109,7 +103,6 @@ public class JwtAuthenticationTokenTests { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities, "Hayden"); - assertThat(token.getName()).isEqualTo("Hayden"); } @@ -117,7 +110,6 @@ public class JwtAuthenticationTokenTests { public void getNameWhenConstructedWithNoSubjectThenReturnsNull() { Collection authorities = AuthorityUtils.createAuthorityList("test"); Jwt jwt = builder().claim("claim", "value").build(); - assertThat(new JwtAuthenticationToken(jwt, authorities, null).getName()).isNull(); assertThat(new JwtAuthenticationToken(jwt, authorities).getName()).isNull(); assertThat(new JwtAuthenticationToken(jwt).getName()).isNull(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java index db485936f7..4d24f499e1 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java @@ -38,9 +38,7 @@ public class JwtBearerTokenAuthenticationConverterTests { @Test public void convertWhenJwtThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getToken().getTokenValue()).isEqualTo("token-value"); @@ -52,9 +50,7 @@ public class JwtBearerTokenAuthenticationConverterTests { public void convertWhenJwtWithScopeAttributeThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("scope", "message:read message:write") .header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), @@ -65,9 +61,7 @@ public class JwtBearerTokenAuthenticationConverterTests { public void convertWhenJwtWithScpAttributeThenBearerTokenAuthentication() { Jwt jwt = Jwt.withTokenValue("token-value").claim("scp", Arrays.asList("message:read", "message:write")) .header("header", "value").build(); - AbstractAuthenticationToken token = this.converter.convert(jwt); - assertThat(token).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token; assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java index f304c0dc67..e3a2ed91ca 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java @@ -46,10 +46,8 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -57,11 +55,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"), new SimpleGrantedAuthority("ROLE_message:write")); } @@ -69,11 +65,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix(""); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"), new SimpleGrantedAuthority("message:write")); } @@ -81,20 +75,16 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -102,11 +92,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"), new SimpleGrantedAuthority("ROLE_message:write")); } @@ -114,11 +102,9 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", "message:read message:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthorityPrefix(""); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"), new SimpleGrantedAuthority("message:write")); } @@ -126,10 +112,8 @@ public class JwtGrantedAuthoritiesConverterTests { @Test public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @@ -137,10 +121,8 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"), new SimpleGrantedAuthority("SCOPE_missive:write")); } @@ -149,40 +131,32 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "") .build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasNoScopeAndNoScpAttributeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @@ -190,11 +164,9 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -203,22 +175,18 @@ public class JwtGrantedAuthoritiesConverterTests { public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write") .build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } @Test public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build(); - JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles"); Collection authorities = jwtGrantedAuthoritiesConverter.convert(jwt); - assertThat(authorities).isEmpty(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java index 8a4e57e1b4..bd793b0f14 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java @@ -68,15 +68,12 @@ public class JwtIssuerAuthenticationManagerResolverTests { JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer)))); jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY)); - JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( issuer); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + jws.serialize()); - AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(request); assertThat(authenticationManager).isNotNull(); - AuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(request); assertThat(authenticationManager).isSameAs(cachedAuthenticationManager); } @@ -88,7 +85,6 @@ public class JwtIssuerAuthenticationManagerResolverTests { "other", "issuers"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); } @@ -100,7 +96,6 @@ public class JwtIssuerAuthenticationManagerResolverTests { (issuer) -> authenticationManager); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager); } @@ -108,17 +103,14 @@ public class JwtIssuerAuthenticationManagerResolverTests { public void resolveWhenUsingExternalSourceThenRespondsToChanges() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + this.jwt); - Map authenticationManagers = new HashMap<>(); JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( authenticationManagers::get); assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); - AuthenticationManager authenticationManager = mock(AuthenticationManager.class); authenticationManagers.put("trusted", authenticationManager); assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager); - authenticationManagers.clear(); assertThatCode(() -> authenticationManagerResolver.resolve(request)) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java index d0dc716d5c..12df1edc95 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java @@ -69,15 +69,12 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer)))); jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY)); - JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( issuer); MockServerWebExchange exchange = withBearerToken(jws.serialize()); - ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(exchange) .block(); assertThat(authenticationManager).isNotNull(); - ReactiveAuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(exchange) .block(); assertThat(authenticationManager).isSameAs(cachedAuthenticationManager); @@ -89,7 +86,6 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( "other", "issuers"); MockServerWebExchange exchange = withBearerToken(this.jwt); - assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); } @@ -100,24 +96,20 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( (issuer) -> Mono.just(authenticationManager)); MockServerWebExchange exchange = withBearerToken(this.jwt); - assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager); } @Test public void resolveWhenUsingExternalSourceThenRespondsToChanges() { MockServerWebExchange exchange = withBearerToken(this.jwt); - Map authenticationManagers = new HashMap<>(); JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( (issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer))); assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); - ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class); authenticationManagers.put("trusted", authenticationManager); assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager); - authenticationManagers.clear(); assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block()) .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer"); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java index e0e34f1cc3..cb1dddb456 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java @@ -70,7 +70,6 @@ public class JwtReactiveAuthenticationManagerTests { @Test public void authenticateWhenWrongTypeThenEmpty() { TestingAuthenticationToken token = new TestingAuthenticationToken("foo", "bar"); - assertThat(this.manager.authenticate(token).block()).isNull(); } @@ -78,7 +77,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenEmptyJwtThenEmpty() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.empty()); - assertThat(this.manager.authenticate(token).block()).isNull(); } @@ -86,7 +84,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops"))); - assertThatCode(() -> this.manager.authenticate(token).block()) .isInstanceOf(OAuth2AuthenticationException.class); } @@ -96,7 +93,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars")); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class) .hasFieldOrPropertyWithValue("error.description", "Invalid token"); } @@ -106,7 +102,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set")); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class) .isNotInstanceOf(OAuth2AuthenticationException.class); } @@ -115,7 +110,6 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenNotJwtExceptionThenPropagates() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops"))); - assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class); } @@ -123,9 +117,7 @@ public class JwtReactiveAuthenticationManagerTests { public void authenticateWhenJwtThenSuccess() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.just(this.jwt)); - Authentication authentication = this.manager.authenticate(token).block(); - assertThat(authentication).isNotNull(); assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority) diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java index dc4cb4bf45..85ec86bdb5 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java @@ -54,11 +54,8 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(principal); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); - assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -71,7 +68,6 @@ public class OpaqueTokenAuthenticationProviderTests { .containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis") .containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe") .containsEntry("extension_field", "twenty-seven"); - assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin"); } @@ -83,13 +79,10 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(principal); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE); - assertThat(result.getAuthorities()).isEmpty(); } @@ -98,7 +91,6 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars")); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); - assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token"))) .isInstanceOf(AuthenticationServiceException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java index 2e1782bfd0..a0fb423835 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java @@ -55,11 +55,8 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(Mono.just(authority)); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); - assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -72,7 +69,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { .containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis") .containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe") .containsEntry("extension_field", "twenty-seven"); - assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin"); } @@ -84,13 +80,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(Mono.just(authority)); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class); - Map attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes(); assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE); - assertThat(result.getAuthorities()).isEmpty(); } @@ -100,7 +93,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { given(introspector.introspect(any())) .willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars"))); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); - assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block()) .isInstanceOf(AuthenticationServiceException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java index fdb39984ca..5a33768ea7 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java @@ -45,10 +45,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -56,22 +54,16 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scope", "").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } @Test public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -79,11 +71,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList()).build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } @@ -91,11 +80,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")) .claim("scope", "missive:read missive:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"), new SimpleGrantedAuthority("SCOPE_missive:write")); } @@ -104,11 +90,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() { Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "") .build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); - Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java index 0c7b24be76..7022bb254c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java @@ -44,10 +44,8 @@ public class ReactiveJwtAuthenticationConverterTests { @Test public void convertWhenDefaultGrantedAuthoritiesConverterSet() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write")); } @@ -62,15 +60,11 @@ public class ReactiveJwtAuthenticationConverterTests { @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Flux .just(new SimpleGrantedAuthority("blah")); - this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); - AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java index bfda0ea627..dd151e6774 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java @@ -42,13 +42,10 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests { @Test public void convertWithGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); - Converter> grantedAuthoritiesConverter = (token) -> Arrays .asList(new SimpleGrantedAuthority("blah")); - Collection authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter( grantedAuthoritiesConverter).convert(jwt).toStream().collect(Collectors.toList()); - assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java index 01d1dec49c..2ef4b005a6 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java @@ -44,7 +44,6 @@ public final class TestBearerTokenAuthentications { Collections.singletonMap("sub", "user"), authorities); OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER"))); - return new BearerTokenAuthentication(principal, token, authorities); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java index 1e3a601581..4e858e8c7d 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java @@ -102,11 +102,9 @@ public class NimbusOpaqueTokenIntrospectorTests { public void introspectWhenActiveTokenThenOk() throws Exception { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, CLIENT_SECRET); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -125,11 +123,9 @@ public class NimbusOpaqueTokenIntrospectorTests { public void introspectWhenBadClientCredentialsThenError() throws IOException { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong"); - assertThatCode(() -> introspectionClient.introspect("token")) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -141,7 +137,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class) .extracting("message").isEqualTo("Provided token isn't active"); } @@ -152,13 +147,11 @@ public class NimbusOpaqueTokenIntrospectorTests { introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true); introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")); introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L); - RestOperations restOperations = mock(RestOperations.class); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) .willReturn(response(new JSONObject(introspectedValues).toJSONString())); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")) @@ -174,7 +167,6 @@ public class NimbusOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) .willThrow(new IllegalStateException("server was unresponsive")); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class) .extracting("message").isEqualTo("server was unresponsive"); } @@ -185,7 +177,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed")); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -195,7 +186,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -205,7 +195,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER); - assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class); } @@ -216,7 +205,6 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_SCOPE); - OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token"); assertThat(principal.getAuthorities()).isEmpty(); JSONArray scope = principal.getAttribute("scope"); @@ -250,10 +238,8 @@ public class NimbusOpaqueTokenIntrospectorTests { @Test public void setRequestEntityConverterWhenConverterIsNullThenExceptionIsThrown() { RestOperations restOperations = mock(RestOperations.class); - NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); - assertThatExceptionOfType(IllegalArgumentException.class) .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); } @@ -270,9 +256,7 @@ public class NimbusOpaqueTokenIntrospectorTests { NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); introspectionClient.setRequestEntityConverter(requestEntityConverter); - introspectionClient.introspect(tokenToIntrospect); - verify(requestEntityConverter).convert(tokenToIntrospect); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java index 51ffbbf947..8d452e608c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java @@ -80,11 +80,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { public void authenticateWhenActiveTokenThenOk() throws Exception { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, CLIENT_SECRET); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block(); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, @@ -103,11 +101,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { public void authenticateWhenBadClientCredentialsThenAuthenticationException() throws IOException { try (MockWebServer server = new MockWebServer()) { server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE)); - String introspectUri = server.url("/introspect").toString(); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, "wrong"); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -118,7 +114,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(INACTIVE_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(BadOpaqueTokenException.class).extracting("message") .isEqualTo("Provided token isn't active"); @@ -130,11 +125,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true); introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")); introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L); - WebClient webClient = mockResponse(new JSONObject(introspectedValues).toJSONString()); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block(); assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true) .containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud")) @@ -148,7 +141,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive")); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class).extracting("message") .isEqualTo("server was unresponsive"); @@ -159,7 +151,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse("malformed"); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -169,7 +160,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(INVALID_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } @@ -179,7 +169,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { WebClient webClient = mockResponse(MALFORMED_ISSUER_RESPONSE); NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); - assertThatCode(() -> introspectionClient.introspect("token").block()) .isInstanceOf(OAuth2IntrospectionException.class); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java index 0a49e6691a..705683350d 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java @@ -91,7 +91,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { private static final String JTI_VALUE = "jwt-id-1"; private static final Map CLAIMS; - static { CLAIMS = new HashMap<>(); CLAIMS.put(ACTIVE_CLAIM, ACTIVE_VALUE); @@ -111,7 +110,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES)) .isInstanceOf(IllegalArgumentException.class); - assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES)) .isInstanceOf(IllegalArgumentException.class); } @@ -121,7 +119,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { Collection authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null) .getAuthorities(); assertThat(authorities).isEmpty(); - authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, Collections.emptyList()).getAuthorities(); assertThat(authorities).isEmpty(); } @@ -137,7 +134,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAttributesAuthoritiesProvidedThenCreated() { OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES); - assertThat(principal.getName()).isEqualTo(CLAIMS.get(SUB_CLAIM)); assertThat(principal.getAttributes()).isEqualTo(CLAIMS); assertThat(principal.getClaims()).isEqualTo(CLAIMS); @@ -160,7 +156,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { public void constructorWhenAllParametersProvidedAndValidThenCreated() { OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(SUBJECT, CLAIMS, AUTHORITIES); - assertThat(principal.getName()).isEqualTo(SUBJECT); assertThat(principal.getAttributes()).isEqualTo(CLAIMS); assertThat(principal.getClaims()).isEqualTo(CLAIMS); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java index 1dbe257e5e..9b7d1b474b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java @@ -47,53 +47,41 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenNoBearerTokenErrorThenStatus401AndAuthHeader() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer"); } @Test public void commenceWhenNoBearerTokenErrorAndRealmSetThenStatus401AndAuthHeaderWithRealm() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - this.authenticationEntryPoint.setRealmName("test"); this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\""); } @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\""); } @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "The access token expired", null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\""); @@ -101,14 +89,11 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, null, "https://example.com", null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\""); @@ -116,42 +101,33 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_token\""); } @Test public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, null, null); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\""); } @Test public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithErrorAndScope() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, null, null, "test.read test.write"); - this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Bearer error=\"insufficient_scope\", scope=\"test.read test.write\""); @@ -160,15 +136,12 @@ public class BearerTokenAuthenticationEntryPointTests { @Test public void commenceWhenInsufficientScopeAndRealmSetThenStatus403AndHeaderWithErrorAndAllDetails() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, "Insufficient scope", "https://example.com", "test.read test.write"); - this.authenticationEntryPoint.setRealmName("test"); this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo( "Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java index 1eff735717..8607a3b41f 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java @@ -87,16 +87,12 @@ public class BearerTokenAuthenticationFilterTests { @Test public void doFilterWhenBearerTokenPresentThenAuthenticates() throws ServletException, IOException { given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - ArgumentCaptor captor = ArgumentCaptor .forClass(BearerTokenAuthenticationToken.class); - verify(this.authenticationManager).authenticate(captor.capture()); - assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @@ -104,25 +100,18 @@ public class BearerTokenAuthenticationFilterTests { public void doFilterWhenUsingAuthenticationManagerResolverThenAuthenticates() throws Exception { BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManagerResolver)); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager); - filter.doFilter(this.request, this.response, this.filterChain); - ArgumentCaptor captor = ArgumentCaptor .forClass(BearerTokenAuthenticationToken.class); - verify(this.authenticationManager).authenticate(captor.capture()); - assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @Test public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate() throws ServletException, IOException { - given(this.bearerTokenResolver.resolve(this.request)).willReturn(null); - dontAuthenticate(); } @@ -130,13 +119,9 @@ public class BearerTokenAuthenticationFilterTests { public void doFilterWhenMalformedBearerTokenThenPropagatesError() throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willThrow(exception); - dontAuthenticate(); - verify(this.authenticationEntryPoint).commence(this.request, this.response, exception); } @@ -145,16 +130,12 @@ public class BearerTokenAuthenticationFilterTests { throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - verify(this.authenticationEntryPoint).commence(this.request, this.response, exception); } @@ -163,17 +144,13 @@ public class BearerTokenAuthenticationFilterTests { throws ServletException, IOException { BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, "description", "uri"); - OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error); - given(this.bearerTokenResolver.resolve(this.request)).willReturn("token"); given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception); - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.setAuthenticationFailureHandler(this.authenticationFailureHandler); filter.doFilter(this.request, this.response, this.filterChain); - verify(this.authenticationFailureHandler).onAuthenticationFailure(this.request, this.response, exception); } @@ -213,11 +190,9 @@ public class BearerTokenAuthenticationFilterTests { } private void dontAuthenticate() throws ServletException, IOException { - BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); - verifyNoMoreInteractions(this.authenticationManager); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java index 568df3dd14..f1e0d6621f 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java @@ -49,7 +49,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -59,7 +58,6 @@ public class DefaultBearerTokenResolverTests { String token = TEST_TOKEN + "=="; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + token); - assertThat(this.resolver.resolve(request)).isEqualTo(token); } @@ -68,7 +66,6 @@ public class DefaultBearerTokenResolverTests { this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader(CUSTOM_HEADER, "Bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -76,14 +73,12 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("authorization", "bearer " + TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(this.resolver.resolve(request)).isNull(); } @@ -91,7 +86,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes())); - assertThat(this.resolver.resolve(request)).isNull(); } @@ -99,7 +93,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer "); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -108,7 +101,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer an\"invalid\"token"); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -120,7 +112,6 @@ public class DefaultBearerTokenResolverTests { request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -131,7 +122,6 @@ public class DefaultBearerTokenResolverTests { request.addHeader("Authorization", "Bearer " + TEST_TOKEN); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -140,7 +130,6 @@ public class DefaultBearerTokenResolverTests { public void resolveWhenRequestContainsTwoAccessTokenParametersThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter("access_token", "token1", "token2"); - assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -148,12 +137,10 @@ public class DefaultBearerTokenResolverTests { @Test public void resolveWhenFormParameterIsPresentAndSupportedThenTokenIsResolved() { this.resolver.setAllowFormEncodedBodyParameter(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -163,18 +150,15 @@ public class DefaultBearerTokenResolverTests { request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isNull(); } @Test public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() { this.resolver.setAllowUriQueryParameter(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @@ -183,7 +167,6 @@ public class DefaultBearerTokenResolverTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java index 5be30212f0..69365fb879 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java @@ -52,14 +52,12 @@ public class HeaderBearerTokenResolverTests { public void resolveWhenTokenPresentThenTokenIsResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader(CORRECT_HEADER, TEST_TOKEN); - assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenTokenNotPresentThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(this.resolver.resolve(request)).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java index 6e8c63769d..cbfc5e942b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java @@ -48,31 +48,23 @@ public class BearerTokenAccessDeniedHandlerTests { @Test public void handleWhenNotOAuth2AuthenticatedThenStatus403() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); - this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer"); } @Test public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); - this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\""); } @@ -80,15 +72,11 @@ public class BearerTokenAccessDeniedHandlerTests { @Test public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap()); request.setUserPrincipal(token); - this.accessDeniedHandler.handle(request, response, null); - assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java index 272d7b9bbc..79980fb63c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java @@ -48,29 +48,23 @@ public class BearerTokenServerAccessDeniedHandlerTests { @Test public void handleWhenNotOAuth2AuthenticatedThenStatus403() { - Authentication token = new TestingAuthenticationToken("user", "pass"); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(Arrays.asList("Bearer")); } @Test public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() { - Authentication token = new TestingAuthenticationToken("user", "pass"); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")) .isEqualTo(Arrays.asList("Bearer realm=\"test\"")); @@ -78,14 +72,11 @@ public class BearerTokenServerAccessDeniedHandlerTests { @Test public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute() { - Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap()); ServerWebExchange exchange = mock(ServerWebExchange.class); given(exchange.getPrincipal()).willReturn(Mono.just(token)); given(exchange.getResponse()).willReturn(new MockServerHttpResponse()); - this.accessDeniedHandler.handle(exchange, null).block(); - assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")) .isEqualTo(Arrays.asList("Bearer error=\"insufficient_scope\", " diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java index 788598a31f..bafa9ed4c8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java @@ -61,19 +61,15 @@ public class ServerBearerExchangeFilterFunctionTests { @Test public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @Test public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -82,11 +78,9 @@ public class ServerBearerExchangeFilterFunctionTests { @Test public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() throws Exception { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass"); this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -94,10 +88,8 @@ public class ServerBearerExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing").build(); - this.function.filter(request, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java index 645173d860..54b4f164d8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java @@ -65,9 +65,7 @@ public class ServletBearerExchangeFilterFunctionTests { @Test public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @@ -76,18 +74,14 @@ public class ServletBearerExchangeFilterFunctionTests { public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() { TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass"); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(context(token)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @Test public void filterWhenAuthenticatedThenAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); - this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); - assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @@ -96,9 +90,7 @@ public class ServletBearerExchangeFilterFunctionTests { public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing").build(); - this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); - HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java index 9b93b9236e..b3d76dca21 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java @@ -44,7 +44,6 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenNotOAuth2AuthenticationExceptionThenBearer() { this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer"); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } @@ -52,9 +51,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenRealmNameThenHasRealmName() { this.entryPoint.setRealmName("Realm"); - this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) .isEqualTo("Bearer realm=\"Realm\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -64,9 +61,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { public void commenceWhenOAuth2AuthenticationExceptionThenContainsErrorInformation() { OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) .isEqualTo("Bearer error=\"invalid_request\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -76,9 +71,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { public void commenceWhenOAuth2ErrorCompleteThenContainsErrorInformation() { OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, "Oops", "https://example.com"); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo( "Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); @@ -89,9 +82,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { OAuth2Error oauthError = new BearerTokenError(OAuth2ErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "Oops", "https://example.com"); OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); - this.entryPoint.commence(this.exchange, exception).block(); - assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo( "Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST); @@ -100,7 +91,6 @@ public class BearerTokenServerAuthenticationEntryPointTests { @Test public void commenceWhenNoSubscriberThenNothingHappens() { this.entryPoint.commence(this.exchange, new BadCredentialsException("")); - assertThat(getResponse().getHeaders()).isEmpty(); assertThat(getResponse().getStatusCode()).isNull(); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java index 939c418daa..21e6bbd4dd 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java @@ -55,7 +55,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -65,7 +64,6 @@ public class ServerBearerTokenAuthenticationConverterTests { String token = TEST_TOKEN + "=="; MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer " + token); - assertThat(convertToToken(request).getToken()).isEqualTo(token); } @@ -74,7 +72,6 @@ public class ServerBearerTokenAuthenticationConverterTests { this.converter.setBearerTokenHeaderName(CUSTOM_HEADER); MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(CUSTOM_HEADER, "Bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -83,7 +80,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer "); - OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request), OAuth2AuthenticationException.class); BearerTokenError error = (BearerTokenError) expected.getError(); @@ -96,14 +92,12 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "bearer " + TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @Test public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/"); - assertThat(convertToToken(request)).isNull(); } @@ -111,7 +105,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes())); - assertThat(convertToToken(request)).isNull(); } @@ -119,7 +112,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer "); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -128,7 +120,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token"); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining(("Bearer token is malformed")); } @@ -138,7 +129,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token"); - assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request))).doesNotThrowAnyException(); } @@ -146,7 +136,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/") .queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN); - assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); } @@ -154,10 +143,8 @@ public class ServerBearerTokenAuthenticationConverterTests { @Test public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() { this.converter.setAllowUriQueryParameter(true); - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", TEST_TOKEN); - assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN); } @@ -165,9 +152,7 @@ public class ServerBearerTokenAuthenticationConverterTests { @Test public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() { this.converter.setAllowUriQueryParameter(true); - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", ""); - OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request), OAuth2AuthenticationException.class); BearerTokenError error = (BearerTokenError) expected.getError(); @@ -180,7 +165,6 @@ public class ServerBearerTokenAuthenticationConverterTests { public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() { MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", TEST_TOKEN); - assertThat(convertToToken(request)).isNull(); } diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java index 96bc08cfee..2b9887d8e7 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java @@ -62,22 +62,16 @@ public class OpenID4JavaConsumerTests { ConsumerManager mgr = mock(ConsumerManager.class); AuthRequest authReq = mock(AuthRequest.class); DiscoveryInformation di = mock(DiscoveryInformation.class); - given(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(authReq); given(mgr.associate(any())).willReturn(di); - OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory()); - MockHttpServletRequest request = new MockHttpServletRequest(); consumer.beginConsumption(request, "", "", ""); - assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST")) .isEqualTo(this.attributes); assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di); - // Check with empty attribute fetch list consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - request = new MockHttpServletRequest(); consumer.beginConsumption(request, "", "", ""); } @@ -94,7 +88,6 @@ public class OpenID4JavaConsumerTests { public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException() throws Exception { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - given(mgr.authenticate(ArgumentMatchers.any(), any(), any())) .willThrow(new MessageException("msg"), new ConsumerException("msg")); try { @@ -103,7 +96,6 @@ public class OpenID4JavaConsumerTests { } catch (OpenIDConsumerException expected) { } - try { consumer.beginConsumption(new MockHttpServletRequest(), "", "", ""); fail("OpenIDConsumerException was not thrown"); @@ -118,15 +110,10 @@ public class OpenID4JavaConsumerTests { OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); VerificationResult vr = mock(VerificationResult.class); DiscoveryInformation di = mock(DiscoveryInformation.class); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute(DiscoveryInformation.class.getName(), di); - OpenIDAuthenticationToken auth = consumer.endConsumption(request); - assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.FAILURE); } @@ -134,34 +121,28 @@ public class OpenID4JavaConsumerTests { public void verificationExceptionsRaiseOpenIDException() throws Exception { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))) .willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException("")); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("x=5"); - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - try { consumer.endConsumption(request); fail("OpenIDConsumerException was not thrown"); } catch (OpenIDConsumerException expected) { } - } @SuppressWarnings("serial") @@ -173,18 +154,13 @@ public class OpenID4JavaConsumerTests { DiscoveryInformation di = mock(DiscoveryInformation.class); Identifier id = (Identifier) () -> "id"; Message msg = mock(Message.class); - given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr); given(vr.getVerifiedId()).willReturn(id); given(vr.getAuthResponse()).willReturn(msg); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute(DiscoveryInformation.class.getName(), di); request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", this.attributes); - OpenIDAuthenticationToken auth = consumer.endConsumption(request); - assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.SUCCESS); } @@ -196,9 +172,7 @@ public class OpenID4JavaConsumerTests { given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true); given(msg.getExtension(AxMessage.OPENID_NS_AX)).willReturn(fr); given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y")); - List fetched = consumer.fetchAxAttributes(msg, this.attributes); - assertThat(fetched).hasSize(1); assertThat(fetched.get(0).getValues()).hasSize(2); } @@ -211,7 +185,6 @@ public class OpenID4JavaConsumerTests { given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true); given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException("")); given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y")); - consumer.fetchAxAttributes(msg, this.attributes); } diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java index d114122f43..546bb81a4e 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java @@ -75,10 +75,8 @@ public class OpenIDAuthenticationFilterTests { req.setRequestURI(REQUEST_PATH); req.setServerPort(8080); MockHttpServletResponse response = new MockHttpServletResponse(); - req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL); req.setRemoteHost("www.example.com"); - this.filter.setConsumer(new MockOpenIDConsumer() { @Override public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, @@ -89,7 +87,6 @@ public class OpenIDAuthenticationFilterTests { return REDIRECT_URL; } }); - FilterChain fc = mock(FilterChain.class); this.filter.doFilter(req, response, fc); assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL); @@ -108,7 +105,6 @@ public class OpenIDAuthenticationFilterTests { MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH); req.addParameter(paramName, paramValue); this.filter.setReturnToUrlParameters(Collections.singleton(paramName)); - URI returnTo = new URI(this.filter.buildReturnToUrl(req)); String query = returnTo.getRawQuery(); assertThat(count(query, '=')).isEqualTo(1); diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java index aac025770f..65ad76bf72 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java @@ -57,12 +57,9 @@ public class OpenIDAuthenticationProviderTests { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); provider.setAuthoritiesMapper(new NullAuthoritiesMapper()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -81,11 +78,8 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateError() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -105,11 +99,8 @@ public class OpenIDAuthenticationProviderTests { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setAuthenticationUserDetailsService( new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService())); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -128,12 +119,9 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateSetupNeeded() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - try { provider.authenticate(preAuth); fail("Should throw an AuthenticationException"); @@ -153,13 +141,9 @@ public class OpenIDAuthenticationProviderTests { public void testAuthenticateSuccess() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null); - assertThat(preAuth.isAuthenticated()).isFalse(); - Authentication postAuth = provider.authenticate(preAuth); - assertThat(postAuth).isNotNull(); assertThat(postAuth instanceof OpenIDAuthenticationToken).isTrue(); assertThat(postAuth.isAuthenticated()).isTrue(); @@ -174,7 +158,6 @@ public class OpenIDAuthenticationProviderTests { @Test public void testDetectsMissingAuthoritiesPopulator() throws Exception { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); - try { provider.afterPropertiesSet(); fail("Should have thrown Exception"); @@ -193,7 +176,6 @@ public class OpenIDAuthenticationProviderTests { public void testDoesntSupport() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse(); } @@ -206,7 +188,6 @@ public class OpenIDAuthenticationProviderTests { public void testIgnoresUserPassAuthToken() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password"); assertThat(provider.authenticate(token)).isNull(); } @@ -220,7 +201,6 @@ public class OpenIDAuthenticationProviderTests { public void testSupports() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); - assertThat(provider.supports(OpenIDAuthenticationToken.class)).isTrue(); } @@ -234,7 +214,6 @@ public class OpenIDAuthenticationProviderTests { catch (IllegalArgumentException ex) { // expected } - provider = new OpenIDAuthenticationProvider(); provider.setUserDetailsService(new MockUserDetailsService()); provider.afterPropertiesSet(); diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java index 470429ec38..9dc14e37e9 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java @@ -55,9 +55,7 @@ public class JndiDnsResolverTests { @Test public void testResolveIpAddress() throws Exception { Attributes records = new BasicAttributes("A", "63.246.7.80"); - given(this.context.getAttributes("www.springsource.com", new String[] { "A" })).willReturn(records); - String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); } @@ -66,16 +64,13 @@ public class JndiDnsResolverTests { public void testResolveIpAddressNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) .willThrow(new NameNotFoundException("not found")); - this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo"); } @Test public void testResolveServiceEntry() throws Exception { BasicAttributes records = createSrvRecords(); - given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(records); - String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com"); assertThat(hostname).isEqualTo("kdc.springsource.com"); } @@ -84,7 +79,6 @@ public class JndiDnsResolverTests { public void testResolveServiceEntryNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) .willThrow(new NameNotFoundException("not found")); - this.dnsResolver.resolveServiceEntry("wrong", "secpod.de"); } @@ -94,7 +88,6 @@ public class JndiDnsResolverTests { BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80"); given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords); given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords); - String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); } diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java index e6b75ac958..4bc006bcd9 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java @@ -50,13 +50,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin", "open sesame"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties // See https://tools.ietf.org/html/rfc1945 section 11.1 for example // we are comparing against @@ -66,13 +64,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { @Test public void testNullContextHolderIsNull() throws Exception { SecurityContextHolder.getContext().setAuthentication(null); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties (shouldn't be an Authorization header) assertThat(conn.getRequestProperty("Authorization")).isNull(); } @@ -83,13 +79,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "principal", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); SecurityContextHolder.getContext().setAuthentication(anonymous); - // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); - // Check connection properties (shouldn't be an Authorization header) assertThat(conn.getRequestProperty("Authorization")).isNull(); } diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java index bfb1143fe6..b7512c245e 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java @@ -49,9 +49,7 @@ public class ContextPropagatingRemoteInvocationTests { Class clazz = TargetObject.class; Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class }); MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING"); - ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory(); - return (ContextPropagatingRemoteInvocation) factory.createRemoteInvocation(mi); } @@ -60,9 +58,7 @@ public class ContextPropagatingRemoteInvocationTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); - try { // Set up the wrong arguments. remoteInvocation.setArguments(new Object[] {}); @@ -72,7 +68,6 @@ public class ContextPropagatingRemoteInvocationTests { catch (IllegalArgumentException ex) { // expected } - assertThat(SecurityContextHolder.getContext().getAuthentication()) .withFailMessage("Authentication must be null").isNull(); } @@ -82,14 +77,11 @@ public class ContextPropagatingRemoteInvocationTests { // Setup client-side context Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala"); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); - // Set to null, as ContextPropagatingRemoteInvocation already obtained // a copy and nulling is necessary to ensure the Context delivered by // ContextPropagatingRemoteInvocation is used on server-side SecurityContextHolder.clearContext(); - // The result from invoking the TargetObject should contain the // Authentication class delivered via the SecurityContextHolder assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo( @@ -99,11 +91,9 @@ public class ContextPropagatingRemoteInvocationTests { @Test public void testNullContextHolderDoesNotCauseInvocationProblems() throws Exception { SecurityContextHolder.clearContext(); // just to be explicit - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); SecurityContextHolder.clearContext(); // unnecessary, but for // explicitness - assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo("some_string Authentication empty"); } @@ -112,7 +102,6 @@ public class ContextPropagatingRemoteInvocationTests { public void testNullCredentials() throws Exception { Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", null); SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication); - ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation(); assertThat(ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull(); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java index 5c6c5f8d14..d6a5dbe45d 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java @@ -81,11 +81,8 @@ public class AnonymousPayloadInterceptorTests { @Test public void interceptWhenNoAuthenticationThenAnonymousAuthentication() { AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain(); - this.interceptor.intercept(this.exchange, chain).block(); - Authentication authentication = chain.getAuthentication(); - assertThat(authentication).isInstanceOf(AnonymousAuthenticationToken.class); } @@ -93,12 +90,9 @@ public class AnonymousPayloadInterceptorTests { public void interceptWhenAuthenticationThenOriginalAuthentication() { AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain(); TestingAuthenticationToken expected = new TestingAuthenticationToken("test", "password"); - this.interceptor.intercept(this.exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)).block(); - Authentication authentication = chain.getAuthentication(); - assertThat(authentication).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java index 061d590faf..684b3442be 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java @@ -85,12 +85,9 @@ public class AuthenticationPayloadInterceptorTests { PayloadExchange exchange = createExchange(); TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password"); given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication)); - AuthenticationPayloadInterceptorChain authenticationPayloadChain = new AuthenticationPayloadInterceptorChain(); interceptor.intercept(exchange, authenticationPayloadChain).block(); - Authentication authentication = authenticationPayloadChain.getAuthentication(); - verify(this.authenticationManager).authenticate(this.authenticationArg.capture()); assertThat(this.authenticationArg.getValue()) .isEqualToComparingFieldByField(new UsernamePasswordAuthenticationToken("user", "password")); @@ -100,21 +97,17 @@ public class AuthenticationPayloadInterceptorTests { @Test public void interceptWhenAuthenticationSuccessThenChainSubscribedOnce() { AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager); - PayloadExchange exchange = createExchange(); TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password"); given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication)); - PublisherProbe voidResult = PublisherProbe.empty(); PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class); given(chain.next(any())).willReturn(voidResult.mono()); - StepVerifier.create(interceptor.intercept(exchange, chain)) .then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete(); } private Payload createRequestPayload() { - UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password"); BasicAuthenticationEncoder encoder = new BasicAuthenticationEncoder(); DefaultDataBufferFactory factory = new DefaultDataBufferFactory(); @@ -122,12 +115,10 @@ public class AuthenticationPayloadInterceptorTests { MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE; Map hints = null; DataBuffer dataBuffer = encoder.encodeValue(credentials, factory, elementType, mimeType, hints); - ByteBufAllocator allocator = ByteBufAllocator.DEFAULT; CompositeByteBuf metadata = allocator.compositeBuffer(); CompositeMetadataCodec.encodeAndAddMetadata(metadata, allocator, mimeType.toString(), NettyDataBufferFactory.toByteBuf(dataBuffer)); - return DefaultPayload.create(allocator.buffer(), metadata); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java index edaac04759..a4bbd99bd9 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java @@ -60,10 +60,8 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenAuthenticationEmptyAndSubscribedThenException() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); - StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) .then(() -> this.chainResult.assertWasNotSubscribed()) .verifyError(AuthenticationCredentialsNotFoundException.class); @@ -73,9 +71,7 @@ public class AuthorizationPayloadInterceptorTests { public void interceptWhenAuthenticationNotSubscribedAndEmptyThenCompletes() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); given(this.authorizationManager.verify(any(), any())).willReturn(this.managerResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager); - StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) .then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); } @@ -83,14 +79,11 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenNotAuthorizedThenException() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthorityReactiveAuthorizationManager.hasRole("USER")); Context userContext = ReactiveSecurityContextHolder .withAuthentication(new TestingAuthenticationToken("user", "password")); - Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); - StepVerifier.create(intercept).then(() -> this.chainResult.assertWasNotSubscribed()) .verifyError(AccessDeniedException.class); } @@ -98,14 +91,11 @@ public class AuthorizationPayloadInterceptorTests { @Test public void interceptWhenAuthorizedThenContinues() { given(this.chain.next(any())).willReturn(this.chainResult.mono()); - AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); Context userContext = ReactiveSecurityContextHolder .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); - StepVerifier.create(intercept).then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java index ba65b66254..395c528108 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java @@ -56,7 +56,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -67,7 +66,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -80,7 +78,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -93,7 +90,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz)) .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java index d41d5b2541..bae021271c 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java @@ -113,18 +113,14 @@ public class PayloadInterceptorRSocketTests { } // single interceptor - @Test public void fireAndForgetWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) .verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -133,14 +129,11 @@ public class PayloadInterceptorRSocketTests { public void fireAndForgetWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.fireAndForget(this.payload)) .then(() -> this.voidResult.assertWasNotSubscribed()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -150,7 +143,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.fireAndForget(any())).willReturn(Mono.empty()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono fireAndForget(Payload payload) { @@ -159,9 +151,7 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).fireAndForget(this.payload); @@ -171,14 +161,11 @@ public class PayloadInterceptorRSocketTests { public void requestResponseWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestResponse(this.payload)) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -188,12 +175,9 @@ public class PayloadInterceptorRSocketTests { public void requestResponseWhenInterceptorErrorsThenDelegateNotInvoked() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyZeroInteractions(this.delegate); @@ -204,7 +188,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono requestResponse(Payload payload) { @@ -213,11 +196,9 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestResponse(this.payload)) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -227,13 +208,10 @@ public class PayloadInterceptorRSocketTests { public void requestStreamWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -242,14 +220,11 @@ public class PayloadInterceptorRSocketTests { public void requestStreamWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)) .then(() -> this.payloadResult.assertNoSubscribers()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -259,7 +234,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Flux requestStream(Payload payload) { @@ -268,10 +242,8 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestStream(this.payload); @@ -281,14 +253,11 @@ public class PayloadInterceptorRSocketTests { public void requestChannelWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) .expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -298,14 +267,11 @@ public class PayloadInterceptorRSocketTests { public void requestChannelWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) .then(() -> this.payloadResult.assertNoSubscribers()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -316,7 +282,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Flux requestChannel(Publisher payload) { @@ -325,10 +290,8 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers()) .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -338,13 +301,10 @@ public class PayloadInterceptorRSocketTests { public void metadataPushWhenInterceptorCompletesThenDelegateSubscribed() { given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) .verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -353,13 +313,10 @@ public class PayloadInterceptorRSocketTests { public void metadataPushWhenInterceptorErrorsThenDelegateNotSubscribed() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed()) .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -369,7 +326,6 @@ public class PayloadInterceptorRSocketTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication)); given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono()); - RSocket assertAuthentication = new RSocketProxy(this.delegate) { @Override public Mono metadataPush(Payload payload) { @@ -378,9 +334,7 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).verifyComplete(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).metadataPush(this.payload); @@ -388,18 +342,14 @@ public class PayloadInterceptorRSocketTests { } // multiple interceptors - @Test public void fireAndForgetWhenInterceptorsCompleteThenDelegateInvoked() { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); this.voidResult.assertWasSubscribed(); @@ -410,12 +360,9 @@ public class PayloadInterceptorRSocketTests { given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext()); given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - interceptor.fireAndForget(this.payload).block(); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.interceptor2).intercept(any(), any()); @@ -427,12 +374,9 @@ public class PayloadInterceptorRSocketTests { public void fireAndForgetWhenInterceptor1ErrorsThenInterceptor2AndDelegateNotInvoked() { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyZeroInteractions(this.interceptor2); @@ -444,12 +388,9 @@ public class PayloadInterceptorRSocketTests { RuntimeException expected = new RuntimeException("Oops"); given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext()); given(this.interceptor2.intercept(any(), any())).willReturn(Mono.error(expected)); - PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); - assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); - verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.interceptor2).intercept(any(), any()); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java index a20686ba3e..1727033cee 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java @@ -76,9 +76,7 @@ public class PayloadSocketAcceptorInterceptorTests { @Test public void applyWhenDefaultMetadataMimeTypeThenDefaulted() { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -88,9 +86,7 @@ public class PayloadSocketAcceptorInterceptorTests { public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() { this.acceptorInterceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -98,9 +94,7 @@ public class PayloadSocketAcceptorInterceptorTests { @Test public void acceptWhenDefaultDataMimeTypeThenDefaulted() { this.acceptorInterceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -109,16 +103,11 @@ public class PayloadSocketAcceptorInterceptorTests { private PayloadExchange captureExchange() { given(this.socketAcceptor.accept(any(), any())).willReturn(Mono.just(this.rSocket)); given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); - SocketAcceptor wrappedAcceptor = this.acceptorInterceptor.apply(this.socketAcceptor); RSocket result = wrappedAcceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class); - given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty()); - result.fireAndForget(this.payload).block(); - ArgumentCaptor exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class); verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any()); return exchangeArg.getValue(); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java index 0f61bf4853..13a2e87b02 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java @@ -107,9 +107,7 @@ public class PayloadSocketAcceptorTests { @Test public void acceptWhenDefaultMetadataMimeTypeThenDefaulted() { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -119,9 +117,7 @@ public class PayloadSocketAcceptorTests { public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() { this.acceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -129,9 +125,7 @@ public class PayloadSocketAcceptorTests { @Test public void acceptWhenDefaultDataMimeTypeThenDefaulted() { this.acceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType().toString()) .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); @@ -141,9 +135,7 @@ public class PayloadSocketAcceptorTests { public void acceptWhenExplicitMimeTypeThenThenOverrideDefault() { given(this.setupPayload.metadataMimeType()).willReturn(MediaType.TEXT_PLAIN_VALUE); given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); - PayloadExchange exchange = captureExchange(); - assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.TEXT_PLAIN); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -164,24 +156,17 @@ public class PayloadSocketAcceptorTests { }; List interceptors = Arrays.asList(authenticateInterceptor); this.acceptor = new PayloadSocketAcceptor(captureSecurityContext, interceptors); - this.acceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(captureSecurityContext.getSecurityContext()).isEqualTo(expectedSecurityContext); } private PayloadExchange captureExchange() { given(this.delegate.accept(any(), any())).willReturn(Mono.just(this.rSocket)); given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()); - RSocket result = this.acceptor.accept(this.setupPayload, this.rSocket).block(); - assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class); - given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty()); - result.fireAndForget(this.payload).block(); - ArgumentCaptor exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class); verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any()); return exchangeArg.getValue(); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java index 844747152d..df8aa2c1be 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java @@ -42,11 +42,9 @@ public class BasicAuthenticationDecoderTests { ResolvableType elementType = ResolvableType.forClass(UsernamePasswordMetadata.class); MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE; Map hints = null; - DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory, elementType, mimeType, hints); UsernamePasswordMetadata actualCredentials = decoder .decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints).block(); - assertThat(actualCredentials).isEqualToComparingFieldByField(expectedCredentials); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java index 9f77a72e41..55cd6b53b9 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java @@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials { } private static X509Certificate spCertificate() { - return certificate( "-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" + "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java index e4991ef64b..87c8c2a57d 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java @@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials { } private static X509Certificate spCertificate() { - return certificate( "-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" + "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java index 73d1bee9db..8cd0297599 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java @@ -73,14 +73,10 @@ public class DefaultSaml2AuthenticatedPrincipalTests { public void getAttributeWhenDistinctValuesThenReturnsValues() { final Boolean registered = true; final Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis()); - Map> attributes = new LinkedHashMap<>(); attributes.put("registration", Arrays.asList(registered, registeredDate)); - DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", attributes); - List registrationInfo = principal.getAttribute("registration"); - assertThat(registrationInfo).isNotNull(); assertThat((Boolean) registrationInfo.get(0)).isEqualTo(registered); assertThat((Instant) registrationInfo.get(1)).isEqualTo(registeredDate); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java index 02a3be00ad..a0095ca7a9 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java @@ -97,7 +97,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void supportsWhenSaml2AuthenticationTokenThenReturnTrue() { - assertThat(this.provider.supports(Saml2AuthenticationToken.class)) .withFailMessage( OpenSamlAuthenticationProvider.class + "should support " + Saml2AuthenticationToken.class) @@ -114,7 +113,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenUnknownDataClassThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA)); - Assertion assertion = (Assertion) XMLObjectProviderRegistrySupport.getBuilderFactory() .getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME); this.provider @@ -124,7 +122,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenXmlErrorThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA)); - Saml2AuthenticationToken token = token("invalid xml", TestSaml2X509Credentials.relyingPartyVerifyingCredential()); this.provider.authenticate(token); @@ -133,7 +130,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_DESTINATION)); - Response response = TestOpenSamlObjects.response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID); response.getAssertions().add(TestOpenSamlObjects.assertion()); TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), @@ -146,7 +142,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() { this.exception.expect( authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.")); - Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(), TestSaml2X509Credentials.assertingPartySigningCredential()); this.provider.authenticate(token); @@ -155,7 +150,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); - Response response = TestOpenSamlObjects.response(); response.getAssertions().add(TestOpenSamlObjects.assertion()); Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); @@ -165,7 +159,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_ASSERTION)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData() @@ -180,7 +173,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenMissingSubjectThenThrowAuthenticationException() { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.setSubject(null); @@ -194,7 +186,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND)); - Response response = TestOpenSamlObjects.response(); Assertion assertion = TestOpenSamlObjects.assertion(); assertion.getSubject().getNameID().setValue(null); @@ -230,7 +221,6 @@ public class OpenSamlAuthenticationProviderTests { Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); Authentication authentication = this.provider.authenticate(token); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal(); - Map expected = new LinkedHashMap<>(); expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com")); expected.put("name", Collections.singletonList("John Doe")); @@ -239,7 +229,6 @@ public class OpenSamlAuthenticationProviderTests { expected.put("registered", Collections.singletonList(true)); Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis()); expected.put("registeredDate", Collections.singletonList(registeredDate)); - assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe"); assertThat(principal.getAttributes()).isEqualTo(expected); } @@ -254,11 +243,9 @@ public class OpenSamlAuthenticationProviderTests { RELYING_PARTY_ENTITY_ID); response.getAssertions().add(assertion); Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential()); - Element attributeElement = element("value"); Marshaller marshaller = mock(Marshaller.class); given(marshaller.marshall(any(XMLObject.class))).willReturn(attributeElement); - try { XMLObjectProviderRegistrySupport.getMarshallerFactory() .registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller); @@ -274,7 +261,6 @@ public class OpenSamlAuthenticationProviderTests { @Test public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -330,7 +316,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception { this.exception .expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -344,7 +329,6 @@ public class OpenSamlAuthenticationProviderTests { public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception { this.exception .expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")); - Response response = TestOpenSamlObjects.response(); EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential()); @@ -365,7 +349,6 @@ public class OpenSamlAuthenticationProviderTests { Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(), TestSaml2X509Credentials.relyingPartyDecryptingCredential()); Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token); - // the following code will throw an exception if authentication isn't serializable ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024); ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream); @@ -468,7 +451,6 @@ public class OpenSamlAuthenticationProviderTests { public void describeTo(Description desc) { String excepting = "Saml2AuthenticationException[code=" + code + "; description=" + description + "]"; desc.appendText(excepting); - } }; } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java index 1d17a31016..7884be64e3 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java @@ -103,7 +103,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { @Test public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() { - this.context = this.contextBuilder.relayState("Relay State Value") .relyingPartyRegistration( RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration) @@ -173,7 +172,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> { }); this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver); - this.factory.createPostAuthenticationRequest(this.context); verify(authnRequestConsumerResolver).apply(this.context); } @@ -185,7 +183,6 @@ public class OpenSamlAuthenticationRequestFactoryTests { given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> { }); this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver); - this.factory.createRedirectAuthenticationRequest(this.context); verify(authnRequestConsumerResolver).apply(this.context); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java index ac309a7547..4fbd188559 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java @@ -85,7 +85,6 @@ final class TestOpenSamlObjects { static { OpenSamlInitializationService.initialize(); } - private static String USERNAME = "test@saml.user"; private static String DESTINATION = "https://localhost/login/saml2/sso/idp-alias"; @@ -128,7 +127,6 @@ final class TestOpenSamlObjects { assertion.setIssuer(issuer(issuerEntityId)); assertion.setSubject(subject(username)); assertion.setConditions(conditions()); - SubjectConfirmation subjectConfirmation = subjectConfirmation(); subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId); @@ -146,11 +144,9 @@ final class TestOpenSamlObjects { static Subject subject(String principalName) { Subject subject = build(Subject.DEFAULT_ELEMENT_NAME); - if (principalName != null) { subject.setNameID(nameId(principalName)); } - return subject; } @@ -216,7 +212,6 @@ final class TestOpenSamlObjects { catch (MarshallingException | SignatureException | SecurityException ex) { throw new Saml2Exception(ex); } - return signable; } @@ -234,7 +229,6 @@ final class TestOpenSamlObjects { catch (MarshallingException | SignatureException | SecurityException ex) { throw new Saml2Exception(ex); } - return signable; } @@ -287,32 +281,25 @@ final class TestOpenSamlObjects { private static Encrypter getEncrypter(X509Certificate certificate) { String dataAlgorithm = XMLCipherParameters.AES_256; String keyAlgorithm = XMLCipherParameters.RSA_1_5; - BasicCredential dataCredential = new BasicCredential(SECRET_KEY); DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters(); dataEncryptionParameters.setEncryptionCredential(dataCredential); dataEncryptionParameters.setAlgorithm(dataAlgorithm); - Credential credential = CredentialSupport.getSimpleCredential(certificate, null); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setEncryptionCredential(credential); keyEncryptionParameters.setAlgorithm(keyAlgorithm); - Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters); Encrypter.KeyPlacement keyPlacement = Encrypter.KeyPlacement.valueOf("PEER"); encrypter.setKeyPlacement(keyPlacement); - return encrypter; } static List attributeStatements() { List attributeStatements = new ArrayList<>(); - AttributeStatementBuilder attributeStatementBuilder = new AttributeStatementBuilder(); AttributeBuilder attributeBuilder = new AttributeBuilder(); - AttributeStatement attrStmt1 = attributeStatementBuilder.buildObject(); - Attribute emailAttr = attributeBuilder.buildObject(); emailAttr.setName("email"); XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME); @@ -322,32 +309,26 @@ final class TestOpenSamlObjects { email2.setTextContent("doe.john@example.com"); emailAttr.getAttributeValues().add(email2); attrStmt1.getAttributes().add(emailAttr); - Attribute nameAttr = attributeBuilder.buildObject(); nameAttr.setName("name"); XSString name = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); name.setValue("John Doe"); nameAttr.getAttributeValues().add(name); attrStmt1.getAttributes().add(nameAttr); - Attribute ageAttr = attributeBuilder.buildObject(); ageAttr.setName("age"); XSInteger age = new XSIntegerBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); age.setValue(21); ageAttr.getAttributeValues().add(age); attrStmt1.getAttributes().add(ageAttr); - attributeStatements.add(attrStmt1); - AttributeStatement attrStmt2 = attributeStatementBuilder.buildObject(); - Attribute websiteAttr = attributeBuilder.buildObject(); websiteAttr.setName("website"); XSURI uri = new XSURIBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSURI.TYPE_NAME); uri.setValue("https://johndoe.com/"); websiteAttr.getAttributeValues().add(uri); attrStmt2.getAttributes().add(websiteAttr); - Attribute registeredAttr = attributeBuilder.buildObject(); registeredAttr.setName("registered"); XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, @@ -355,7 +336,6 @@ final class TestOpenSamlObjects { registered.setValue(new XSBooleanValue(true, false)); registeredAttr.getAttributeValues().add(registered); attrStmt2.getAttributes().add(registeredAttr); - Attribute registeredDateAttr = attributeBuilder.buildObject(); registeredDateAttr.setName("registeredDate"); XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, @@ -363,9 +343,7 @@ final class TestOpenSamlObjects { registeredDate.setValue(DateTime.parse("1970-01-01T00:00:00Z")); registeredDateAttr.getAttributeValues().add(registeredDate); attrStmt2.getAttributes().add(registeredDateAttr); - attributeStatements.add(attrStmt2); - return attributeStatements; } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java index 3d7344705d..2613e452b3 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java @@ -32,15 +32,10 @@ public class OpenSamlMetadataResolverTests { @Test public void resolveWhenRelyingPartyThenMetadataMatches() { - // given RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full() .assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build(); OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver(); - - // when String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration); - - // then assertThat(metadata).contains("") .contains("") @@ -51,17 +46,12 @@ public class OpenSamlMetadataResolverTests { @Test public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() { - // given RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() .assertingPartyDetails((party) -> party.verificationX509Credentials( (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .build(); OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver(); - - // when String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration); - - // then assertThat(metadata).contains("") .doesNotContain("") diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java index 2c6fd22f4d..8f6c444913 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java @@ -80,7 +80,6 @@ public class RelyingPartyRegistrationTests { .assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id") .singleSignOnServiceLocation("location")) .credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build(); - assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java index 4a1b693f49..a0e6aa8a0c 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java @@ -30,16 +30,13 @@ public final class TestRelyingPartyRegistrations { public static RelyingPartyRegistration.Builder relyingPartyRegistration() { String registrationId = "simplesamlphp"; - String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential(); String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; - String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php"; Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential(); String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php"; - return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId) .assertionConsumerServiceLocation(assertionConsumerServiceLocation) .credentials((c) -> c.add(signingCredential)) diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java index c88a00b68b..6ebb014b51 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java @@ -82,12 +82,9 @@ public class Saml2WebSsoAuthenticationFilterTests { @Test public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() { given(this.repository.findByRegistrationId("non-existent-id")).willReturn(null); - this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}"); - this.request.setPathInfo("/some/other/path/non-existent-id"); this.request.setParameter("SAMLResponse", "response"); - try { this.filter.attemptAuthentication(this.request, this.response); failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java index fa3c2774de..a5eac420d2 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java @@ -72,9 +72,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); this.request.setPathInfo("/saml2/authenticate/registration-id"); - this.filterChain = new MockFilterChain(); - this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id") .providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL)) .assertionConsumerServiceUrlTemplate("template") @@ -155,7 +153,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(authenticationRequest.getSamlRequest()).willReturn("saml"); given(this.repository.findByRegistrationId("registration-id")).willReturn(relyingParty); given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest); - Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository); filter.setAuthenticationRequestFactory(this.factory); filter.doFilterInternal(this.request, this.response, this.filterChain); @@ -176,7 +173,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(this.resolver.resolve(this.request)).willReturn(TestSaml2AuthenticationRequestContexts .authenticationRequestContext().relyingPartyRegistration(relyingParty).build()); given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest); - Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver, this.factory); filter.doFilterInternal(this.request, this.response, this.filterChain); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java index dbd7eecadc..f39b50ff4e 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java @@ -68,7 +68,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenRequestAndRelyingPartyNotNullThenCreateSaml2AuthenticationRequestContext() { this.request.addParameter("RelayState", "relay-state"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context).isNotNull(); assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo(RELYING_PARTY_SSO_URL); assertThat(context.getRelayState()).isEqualTo("relay-state"); @@ -82,7 +81,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenAssertionConsumerServiceUrlTemplateContainsRegistrationIdThenResolves() { this.relyingPartyBuilder.assertionConsumerServiceLocation("/saml2/authenticate/{registrationId}"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo("/saml2/authenticate/registration-id"); } @@ -90,7 +88,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests { public void resolveWhenAssertionConsumerServiceUrlTemplateContainsBaseUrlThenResolves() { this.relyingPartyBuilder.assertionConsumerServiceLocation("{baseUrl}/saml2/authenticate/{registrationId}"); Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request); - assertThat(context.getAssertionConsumerServiceUrl()) .isEqualTo("http://localhost/saml2/authenticate/registration-id"); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java index 3cb5214a36..602e3dba48 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java @@ -67,61 +67,39 @@ public class Saml2MetadataFilterTests { @Test public void doFilterWhenMatcherSucceedsThenResolverInvoked() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/registration-id"); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); verify(this.repository).findByRegistrationId("registration-id"); } @Test public void doFilterWhenMatcherFailsThenProcessesFilterChain() throws Exception { - // given this.request.setPathInfo("/saml2/authenticate/registration-id"); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verify(this.chain).doFilter(this.request, this.response); } @Test public void doFilterWhenNoRelyingPartyRegistrationThenUnauthorized() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/invalidRegistration"); given(this.repository.findByRegistrationId("invalidRegistration")).willReturn(null); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); assertThat(this.response.getStatus()).isEqualTo(401); } @Test public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception { - // given this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration"); RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials() .assertingPartyDetails((party) -> party.verificationX509Credentials( (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .build(); - String generatedMetadata = "test"; given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata); - this.filter = new Saml2MetadataFilter((request) -> validRegistration, this.resolver); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); assertThat(this.response.getStatus()).isEqualTo(200); assertThat(this.response.getContentAsString()).isEqualTo(generatedMetadata); @@ -130,14 +108,9 @@ public class Saml2MetadataFilterTests { @Test public void doFilterWhenCustomRequestMatcherThenUses() throws Exception { - // given this.request.setPathInfo("/path"); this.filter.setRequestMatcher(new AntPathRequestMatcher("/path")); - - // when this.filter.doFilter(this.request, this.response, this.chain); - - // then verifyNoInteractions(this.chain); verify(this.repository).findByRegistrationId("path"); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java index 038907f71f..37fad7c6c3 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java @@ -32,17 +32,12 @@ public class TldTests { @Test public void testTldVersionIsCorrect() throws Exception { String SPRING_SECURITY_VERSION = "springSecurityVersion"; - String version = System.getProperty(SPRING_SECURITY_VERSION); - File securityTld = new File("src/main/resources/META-INF/security.tld"); - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.parse(securityTld); - String tlibVersion = document.getElementsByTagName("tlib-version").item(0).getTextContent(); - assertThat(version).startsWith(tlibVersion); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java index 8e6750d31e..d203c3b017 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java @@ -78,9 +78,7 @@ public class AbstractAuthorizeTagTests { WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class); this.tag.setUrl(uri); this.request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected); - this.tag.authorizeUsingUrlCheck(); - verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any()); } @@ -93,9 +91,7 @@ public class AbstractAuthorizeTagTests { given(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)) .willReturn(Collections.singletonMap("wipe", expected)); this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - this.tag.authorizeUsingUrlCheck(); - verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any()); } @@ -109,7 +105,6 @@ public class AbstractAuthorizeTagTests { given(wac.getBeansOfType(SecurityExpressionHandler.class)) .willReturn(Collections.singletonMap("wipe", expected)); this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - assertThat(this.tag.authorize()).isTrue(); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java index cc52e670d1..84d562ddb9 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java @@ -64,13 +64,10 @@ public class AccessControlListTagTests { SecurityContextHolder.getContext().setAuthentication(this.bob); this.tag = new AccessControlListTag(); WebApplicationContext ctx = mock(WebApplicationContext.class); - this.pe = mock(PermissionEvaluator.class); - Map beanMap = new HashMap(); beanMap.put("pe", this.pe); given(ctx.getBeansOfType(PermissionEvaluator.class)).willReturn(beanMap); - MockServletContext servletCtx = new MockServletContext(); servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx); this.pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse()); @@ -86,13 +83,11 @@ public class AccessControlListTagTests { public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); } @@ -104,16 +99,13 @@ public class AccessControlListTagTests { .getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac); - Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); } @@ -124,13 +116,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ,WRITE"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("READ,WRITE"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, "READ"); @@ -144,13 +134,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, 2)).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("1,2"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("1,2"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, 1); @@ -163,13 +151,11 @@ public class AccessControlListTagTests { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true); given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("1,WRITE"); this.tag.setVar("allowed"); assertThat(this.tag.getDomainObject()).isSameAs(domainObject); assertThat(this.tag.getHasPermission()).isEqualTo("1,WRITE"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue(); verify(this.pe).hasPermission(this.bob, domainObject, 1); @@ -181,11 +167,9 @@ public class AccessControlListTagTests { public void bodyIsSkippedIfAclDeniesAccess() throws Exception { Object domainObject = new Object(); given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(false); - this.tag.setDomainObject(domainObject); this.tag.setHasPermission("READ"); this.tag.setVar("allowed"); - assertThat(this.tag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat((Boolean) this.pageContext.getAttribute("allowed")).isFalse(); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java index 779d9e340e..555052ff36 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java @@ -52,7 +52,6 @@ public class AuthenticationTagTests { @Test public void testOperationWhenPrincipalIsAUserDetailsInstance() throws JspException { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.authenticationTag.setProperty("name"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -63,7 +62,6 @@ public class AuthenticationTagTests { public void testOperationWhenPrincipalIsAString() throws JspException { SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES)); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -73,7 +71,6 @@ public class AuthenticationTagTests { @Test public void testNestedPropertyIsReadCorrectly() throws JspException { SecurityContextHolder.getContext().setAuthentication(this.auth); - this.authenticationTag.setProperty("principal.username"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -84,7 +81,6 @@ public class AuthenticationTagTests { public void testOperationWhenPrincipalIsNull() throws JspException { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES)); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -93,7 +89,6 @@ public class AuthenticationTagTests { @Test public void testOperationWhenSecurityContextIsNull() throws Exception { SecurityContextHolder.getContext().setAuthentication(null); - this.authenticationTag.setProperty("principal"); assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE); @@ -111,7 +106,6 @@ public class AuthenticationTagTests { public void testThrowsExceptionForUnrecognisedProperty() { SecurityContextHolder.getContext().setAuthentication(this.auth); this.authenticationTag.setProperty("qsq"); - try { this.authenticationTag.doStartTag(); this.authenticationTag.doEndTag(); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java index 7f7f54ee36..5111ff448b 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java @@ -66,11 +66,9 @@ public class AuthorizeTagTests { public void setUp() { SecurityContextHolder.getContext().setAuthentication(this.currentUser); StaticWebApplicationContext ctx = new StaticWebApplicationContext(); - BeanDefinitionBuilder webExpressionHandler = BeanDefinitionBuilder .rootBeanDefinition(DefaultWebSecurityExpressionHandler.class); webExpressionHandler.addPropertyValue("permissionEvaluator", this.permissionEvaluator); - ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition()); ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class); MockServletContext servletCtx = new MockServletContext(); @@ -85,14 +83,12 @@ public class AuthorizeTagTests { } // access attribute tests - @Test public void taglibsDocumentationHasPermissionOr() throws Exception { Object domain = new Object(); this.request.setAttribute("domain", domain); this.authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')"); given(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).willReturn(true); - assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java index ecc26b9987..51727e71dd 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java @@ -56,11 +56,8 @@ public class AbstractCsrfTagTests { @Test public void noCsrfDoesNotRender() throws JspException, UnsupportedEncodingException { - this.tag.handleReturn = "shouldNotBeRendered"; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo(""); @@ -68,14 +65,10 @@ public class AbstractCsrfTagTests { @Test public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException { - CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); - this.tag.handleReturn = "fooBarBazQux"; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo("fooBarBazQux"); @@ -84,14 +77,10 @@ public class AbstractCsrfTagTests { @Test public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException { - CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); this.request.setAttribute(CsrfToken.class.getName(), token); - this.tag.handleReturn = ""; - int returned = this.tag.doEndTag(); - assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE); assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.") .isEqualTo(""); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java index ff28f7631a..aa9b84251a 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java @@ -39,9 +39,7 @@ public class CsrfInputTagTests { @Test public void handleTokenReturnsHiddenInput() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo(""); @@ -50,9 +48,7 @@ public class CsrfInputTagTests { @Test public void handleTokenReturnsHiddenInputDifferentTokenValue() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo(""); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java index bc19a1dc98..6e07a33e72 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java @@ -39,9 +39,7 @@ public class CsrfMetaTagsTagTests { @Test public void handleTokenRendersTags() { CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo("" @@ -52,9 +50,7 @@ public class CsrfMetaTagsTagTests { @Test public void handleTokenRendersTagsDifferentToken() { CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux"); - String value = this.tag.handleToken(token); - assertThat(value).as("The returned value should not be null.").isNotNull(); assertThat(value).withFailMessage("The output is not correct.") .isEqualTo("" diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java index 580ae98979..28362616aa 100644 --- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java +++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java @@ -45,9 +45,7 @@ public class TestSecurityContextHolderTests { public void clearContextClearsBoth() { SecurityContextHolder.setContext(this.context); TestSecurityContextHolder.setContext(this.context); - TestSecurityContextHolder.clearContext(); - assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.context); assertThat(TestSecurityContextHolder.getContext()).isNotSameAs(this.context); } @@ -61,7 +59,6 @@ public class TestSecurityContextHolderTests { @Test public void setContextSetsBoth() { TestSecurityContextHolder.setContext(this.context); - assertThat(TestSecurityContextHolder.getContext()).isSameAs(this.context); assertThat(SecurityContextHolder.getContext()).isSameAs(this.context); } @@ -69,9 +66,7 @@ public class TestSecurityContextHolderTests { @Test public void setContextWithAuthentication() { Authentication authentication = mock(Authentication.class); - TestSecurityContextHolder.setAuthentication(authentication); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication); } diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java index ee400999be..5bd5b512b8 100644 --- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java @@ -46,7 +46,6 @@ public class SecurityTestExecutionListenerTests { public void reactorContextTestSecurityContextHolderExecutionListenerTestIsRegistered() { Mono name = ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) .map(Principal::getName); - StepVerifier.create(name).expectNext("user").verifyComplete(); } diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java index b3c8737b4c..d174584cb1 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java @@ -30,7 +30,6 @@ public class WithMockCustomUserSecurityContextFactory implements WithSecurityCon @Override public SecurityContext createSecurityContext(WithMockCustomUser customUser) { SecurityContext context = SecurityContextHolder.createEmptyContext(); - CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username()); Authentication auth = new UsernamePasswordAuthenticationToken(principal, "password", principal.getAuthorities()); diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java index f4655f8718..b14a95a33f 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java @@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat; /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = WithMockUserTests.Config.class) public class WithMockUserTests { diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java index d279434416..cfd2a040c7 100644 --- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java @@ -40,7 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat; /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = WithUserDetailsTests.Config.class) public class WithUserDetailsTests { diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java index cb5f960882..b9e88381ad 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java @@ -20,7 +20,6 @@ package org.springframework.security.test.context.support; * @author Rob Winch * @since 5.0 */ - import java.util.concurrent.ForkJoinPool; import org.junit.After; @@ -60,20 +59,15 @@ public class ReactorContextTestExecutionListenerTests { @Test public void beforeTestMethodWhenSecurityContextEmptyThenReactorContextNull() throws Exception { this.listener.beforeTestMethod(this.testContext); - Mono result = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(result).verifyComplete(); } @Test public void beforeTestMethodWhenNullAuthenticationThenReactorContextNull() throws Exception { TestSecurityContextHolder.setContext(new SecurityContextImpl()); - this.listener.beforeTestMethod(this.testContext); - Mono result = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(result).verifyComplete(); } @@ -82,9 +76,7 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(expectedAuthentication); - this.listener.beforeTestMethod(this.testContext); - assertAuthentication(expectedAuthentication); } @@ -94,9 +86,7 @@ public class ReactorContextTestExecutionListenerTests { "ROLE_USER"); SecurityContext context = new CustomContext(expectedAuthentication); TestSecurityContextHolder.setContext(context); - this.listener.beforeTestMethod(this.testContext); - assertSecurityContext(context); } @@ -108,13 +98,10 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - Mono authentication = Mono.just("any") .flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication)); - StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete(); } @@ -125,39 +112,31 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - Mono authentication = Mono.just("any") .flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)) .subscriberContext(ReactiveSecurityContextHolder.clearContext()); - StepVerifier.create(authentication).verifyComplete(); } @Test public void afterTestMethodWhenSecurityContextEmptyThenNoError() throws Exception { this.listener.beforeTestMethod(this.testContext); - this.listener.afterTestMethod(this.testContext); } @Test public void afterTestMethodWhenSetupThenReactorContextNull() throws Exception { beforeTestMethodWhenAuthenticationThenReactorContextHasAuthentication(); - this.listener.afterTestMethod(this.testContext); - assertThat(Mono.subscriberContext().block().isEmpty()).isTrue(); } @Test public void afterTestMethodWhenDifferentHookIsRegistered() throws Exception { Object obj = new Object(); - Hooks.onLastOperator("CUSTOM_HOOK", (p) -> Mono.just(obj)); this.listener.afterTestMethod(this.testContext); - Object result = Mono.subscriberContext().block(); assertThat(result).isEqualTo(obj); } @@ -176,22 +155,18 @@ public class ReactorContextTestExecutionListenerTests { TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER"); TestSecurityContextHolder.setAuthentication(contextHolder); - this.listener.beforeTestMethod(this.testContext); - ForkJoinPool.commonPool().submit(() -> assertAuthentication(contextHolder)).join(); } public void assertAuthentication(Authentication expected) { Mono authentication = ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication); - StepVerifier.create(authentication).expectNext(expected).verifyComplete(); } private void assertSecurityContext(SecurityContext expected) { Mono securityContext = ReactiveSecurityContextHolder.getContext(); - StepVerifier.create(securityContext).expectNext(expected).verifyComplete(); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java index 451d0be461..94780c93db 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java @@ -32,7 +32,6 @@ public class WithAnonymousUserTests { public void defaults() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -40,7 +39,6 @@ public class WithAnonymousUserTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -48,7 +46,6 @@ public class WithAnonymousUserTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java index d1750ba6ca..56b90ca9fe 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java @@ -49,7 +49,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName()) .isEqualTo(this.withUser.value()); } @@ -60,7 +59,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName()) .isEqualTo(this.withUser.username()); } @@ -71,7 +69,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER", "CUSTOM" }); given(this.withUser.authorities()).willReturn(new String[] {}); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities()) .extracting("authority").containsOnly("ROLE_USER", "ROLE_CUSTOM"); } @@ -82,7 +79,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.password()).willReturn("password"); given(this.withUser.roles()).willReturn(new String[] { "USER" }); given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" }); - assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities()) .extracting("authority").containsOnly("USER", "CUSTOM"); } @@ -92,7 +88,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.value()).willReturn("valueUser"); given(this.withUser.roles()).willReturn(new String[] { "CUSTOM" }); given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" }); - this.factory.createSecurityContext(this.withUser); } @@ -101,7 +96,6 @@ public class WithMockUserSecurityContextFactoryTests { given(this.withUser.value()).willReturn("valueUser"); given(this.withUser.roles()).willReturn(new String[] { "ROLE_FAIL" }); given(this.withUser.authorities()).willReturn(new String[] {}); - this.factory.createSecurityContext(this.withUser); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java index b64c85ef7a..763cfdf9b2 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java @@ -32,10 +32,8 @@ public class WithMockUserTests { assertThat(mockUser.password()).isEqualTo("password"); assertThat(mockUser.roles()).containsOnly("USER"); assertThat(mockUser.setupBefore()).isEqualByComparingTo(TestExecutionEvent.TEST_METHOD); - WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -43,7 +41,6 @@ public class WithMockUserTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -51,7 +48,6 @@ public class WithMockUserTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java index 975b8b1ba2..e4849015f3 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java @@ -79,7 +79,6 @@ public class WithSecurityContextTestExcecutionListenerTests { Class testClass = FakeTest.class; given(this.testContext.getTestClass()).willReturn(testClass); given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation")); - this.listener.beforeTestMethod(this.testContext); } @@ -89,9 +88,7 @@ public class WithSecurityContextTestExcecutionListenerTests { Class testClass = FakeTest.class; given(this.testContext.getApplicationContext()).willThrow(new IllegalStateException()); given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser")); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user"); } @@ -100,11 +97,8 @@ public class WithSecurityContextTestExcecutionListenerTests { public void withSecurityContextAfterSqlScripts() { SqlScriptsTestExecutionListener sql = new SqlScriptsTestExecutionListener(); WithSecurityContextTestExecutionListener security = new WithSecurityContextTestExecutionListener(); - List listeners = Arrays.asList(security, sql); - AnnotationAwareOrderComparator.sort(listeners); - assertThat(listeners).containsExactly(sql, security); } @@ -113,13 +107,10 @@ public class WithSecurityContextTestExcecutionListenerTests { public void orderOverridden() { AbstractTestExecutionListener otherListener = new AbstractTestExecutionListener() { }; - List listeners = new ArrayList<>(); listeners.add(otherListener); listeners.add(this.listener); - AnnotationAwareOrderComparator.sort(listeners); - assertThat(listeners).containsSequence(this.listener, otherListener); } @@ -131,9 +122,7 @@ public class WithSecurityContextTestExcecutionListenerTests { TestContext testContext = mock(TestContext.class); given(testContext.getTestMethod()).willReturn(method); given(testContext.getApplicationContext()).willThrow(new IllegalStateException("")); - this.listener.beforeTestMethod(testContext); - assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal()) .isInstanceOf(WithSuperClassWithSecurityContext.class); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java index 10bc6fd566..64186a5b96 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java @@ -80,9 +80,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserDefault"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull(); verify(this.testContext, never()).setAttribute( eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class)); @@ -93,9 +91,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestMethod"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull(); verify(this.testContext, never()).setAttribute( eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class)); @@ -106,9 +102,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestExecution"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull(); verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), ArgumentMatchers.>any()); @@ -120,9 +114,7 @@ public class WithSecurityContextTestExecutionListenerTests { Method testMethod = TheTest.class.getMethod("withMockUserTestExecution"); given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); - ArgumentCaptor> supplierCaptor = ArgumentCaptor.forClass(Supplier.class); verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), supplierCaptor.capture()); @@ -136,7 +128,6 @@ public class WithSecurityContextTestExecutionListenerTests { given(this.testContext.getApplicationContext()).willReturn(this.applicationContext); // do not set a UserDetailsService Bean so it would fail if looked up given(this.testContext.getTestMethod()).willReturn(testMethod); - this.listener.beforeTestMethod(this.testContext); // bean lookup of UserDetailsService would fail if it has already been looked up } @@ -144,7 +135,6 @@ public class WithSecurityContextTestExecutionListenerTests { @Test public void beforeTestExecutionWhenTestContextNullThenSecurityContextNotSet() { this.listener.beforeTestExecution(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -155,9 +145,7 @@ public class WithSecurityContextTestExecutionListenerTests { Supplier supplier = () -> securityContext; given(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME)) .willReturn(supplier); - this.listener.beforeTestExecution(this.testContext); - assertThat(TestSecurityContextHolder.getContext().getAuthentication()) .isEqualTo(securityContext.getAuthentication()); } diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java index 56a4812de6..5a2d710699 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java @@ -68,7 +68,6 @@ public class WithUserDetailsSecurityContextFactoryTests { @Test(expected = IllegalArgumentException.class) public void createSecurityContextEmptyValue() { - given(this.withUserDetails.value()).willReturn(""); this.factory.createSecurityContext(this.withUserDetails); } @@ -80,7 +79,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.beans.getBean(UserDetailsService.class)).willReturn(this.userDetailsService); given(this.withUserDetails.value()).willReturn(username); given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -98,7 +96,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.withUserDetails.userDetailsServiceBeanName()).willReturn(beanName); given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails); given(this.beans.getBean(beanName, UserDetailsService.class)).willReturn(this.userDetailsService); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -111,7 +108,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.withUserDetails.value()).willReturn(username); given(this.beans.getBean(ReactiveUserDetailsService.class)).willReturn(this.reactiveUserDetailsService); given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails)); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); @@ -127,7 +123,6 @@ public class WithUserDetailsSecurityContextFactoryTests { given(this.beans.getBean(beanName, ReactiveUserDetailsService.class)) .willReturn(this.reactiveUserDetailsService); given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails)); - SecurityContext context = this.factory.createSecurityContext(this.withUserDetails); assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails); diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java index abc94bff08..b2d041d980 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java @@ -29,10 +29,8 @@ public class WithUserDetailsTests { public void defaults() { WithUserDetails userDetails = AnnotationUtils.findAnnotation(Annotated.class, WithUserDetails.class); assertThat(userDetails.value()).isEqualTo("user"); - WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -40,7 +38,6 @@ public class WithUserDetailsTests { public void findMergedAnnotationWhenSetupExplicitThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD); } @@ -48,7 +45,6 @@ public class WithUserDetailsTests { public void findMergedAnnotationWhenSetupOverriddenThenOverridden() { WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class, WithSecurityContext.class); - assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java index e984952640..5389b138f2 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java @@ -43,11 +43,9 @@ abstract class AbstractMockServerConfigurersTests { protected void assertPrincipalCreatedFromUserDetails(Principal principal, UserDetails originalUserDetails) { assertThat(principal).isInstanceOf(UsernamePasswordAuthenticationToken.class); - UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken) principal; assertThat(authentication.getCredentials()).isEqualTo(originalUserDetails.getPassword()); assertThat(authentication.getAuthorities()).containsOnlyElementsOf(originalUserDetails.getAuthorities()); - UserDetails userDetails = (UserDetails) authentication.getPrincipal(); assertThat(userDetails.getPassword()).isEqualTo(authentication.getCredentials()); assertThat(authentication.getAuthorities()).containsOnlyElementsOf(userDetails.getAuthorities()); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java index 022a7a7ba0..4ddd34771d 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java @@ -59,7 +59,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe @Test public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()).get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -74,7 +73,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe .mutateWith( SecurityMockServerConfigurers.mockOpaqueToken().authorities(this.authority1, this.authority2)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1, this.authority2); @@ -87,7 +85,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken() .attributes((attributes) -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -99,7 +96,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(); this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); @@ -110,24 +106,20 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() { OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals .active((a) -> a.put("scope", "user")); - this.client .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken() .attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication(); assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()) .getAttribute(OAuth2IntrospectionClaimNames.SUBJECT)) .isEqualTo(principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT)); - this.client .mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal) .attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar"))) .get().exchange().expectStatus().isOk(); - context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class); token = (BearerTokenAuthentication) context.getAuthentication(); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java index f5e4425ec6..97735c1ab9 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java @@ -49,7 +49,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer @WithMockUser public void withMockUserWhenOnMethodThenSuccess() { this.client.get().exchange().expectStatus().isOk(); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -64,9 +63,7 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer .apply(SecurityMockServerConfigurers.springSecurity()) .apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient() .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build(); - this.client.get().exchange().expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -77,7 +74,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer "ROLE_USER"); this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange() .expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -88,11 +84,8 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer "ROLE_USER"); this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange() .expectStatus().isOk(); - this.controller.assertPrincipalIsEqualTo(authentication); - this.client.get().exchange().expectStatus().isOk(); - assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build()); } @@ -101,7 +94,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer public void withMockUserWhenOnMethodAndRequestIsExecutedOnDifferentThreadThenSuccess() { Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join(); - this.controller.assertPrincipalIsEqualTo(authentication); } @@ -110,16 +102,12 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer public void withMockUserAndWithCallOnSeparateThreadWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() { TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER"); - ForkJoinPool.commonPool() .submit(() -> this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)) .get().exchange().expectStatus().isOk()) .join(); - this.controller.assertPrincipalIsEqualTo(authentication); - ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join(); - assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build()); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java index 433f8b3483..a96f00493a 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java @@ -51,7 +51,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo public void wheMockUserWhenClassAnnotatedThenSuccess() { this.client.get().exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((response) -> assertThat(response.getResponseBody()).contains("\"username\":\"user\"")); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -61,7 +60,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() { this.client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith( (response) -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\"")); - Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication(); this.controller.assertPrincipalIsEqualTo(authentication); } @@ -72,7 +70,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo .expectStatus().isOk().expectBody(String.class) .consumeWith((response) -> assertThat(response.getResponseBody()) .contains("\"username\":\"mutateWith-mockUser\"")); - Principal principal = this.controller.removePrincipal(); assertPrincipalCreatedFromUserDetails(principal, this.userBuilder.username("mutateWith-mockUser").build()); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java index f11b965214..7a0aa28c8b 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java @@ -63,7 +63,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon @Test public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()).get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication(); @@ -78,7 +77,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon String name = new String("user"); this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.subject(name))).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication(); @@ -90,7 +88,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon this.client.mutateWith(SecurityMockServerConfigurers.mockJwt() .jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1, this.authority2); @@ -102,7 +99,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon .mutateWith( SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities"))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly( new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities")); @@ -115,7 +111,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")) .authorities((jwt) -> Arrays.asList(this.authority1))) .get().exchange().expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat((List) context.getAuthentication().getAuthorities()).containsOnly(this.authority1); } @@ -125,7 +120,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build(); this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(originalToken)).get().exchange() .expectStatus().isOk(); - SecurityContext context = this.securityContextController.removeSecurityContext(); assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class); JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication(); diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java index 2bdaf7367c..902ea2a0fa 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java @@ -75,7 +75,6 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenUsingDefaultsThenException() throws Exception { - WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler()); assertThatCode(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder)) .isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration"); @@ -83,10 +82,8 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient() throws Exception { - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client") .exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -96,12 +93,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenClientRegistrationThenUses() throws Exception { - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("registration-id").clientId("client-id").build(); this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client().clientRegistration(clientRegistration)) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -111,12 +106,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception { - this.client .mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id") .clientRegistration((c) -> c.clientId("client-id"))) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -136,12 +129,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock @Test public void oauth2ClientWhenAccessTokenThenUses() throws Exception { - OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); this.client .mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id").accessToken(accessToken)) .get().uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id"); @@ -153,11 +144,9 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client") .exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client"); - client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub", TestOAuth2AccessTokens.noScopes()); given(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class), diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java index 8028d88803..0820d65d50 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java @@ -72,7 +72,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token).isNotNull(); assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test"); @@ -86,7 +85,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() { this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/client").exchange() .expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test"); @@ -100,7 +98,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS .mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .authorities(new SimpleGrantedAuthority("SCOPE_admin"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat((Collection) token.getPrincipal().getAuthorities()) .contains(new SimpleGrantedAuthority("SCOPE_admin")); @@ -112,7 +109,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS .mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .attributes((a) -> a.put("iss", "https://idp.example.org"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org"); } @@ -121,16 +117,12 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get() .uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getName()).isEqualTo("test-subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get() .uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client.getPrincipalName()).isEqualTo("test-subject"); } @@ -139,17 +131,13 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("sub", "subject"), "sub"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login() .attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User) .attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk(); - token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar"); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java index 8f7927893f..b9361bfbdd 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java @@ -73,7 +73,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() { this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/token").exchange() .expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token).isNotNull(); assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test"); @@ -88,7 +87,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() { this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/client").exchange() .expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client).isNotNull(); assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test"); @@ -102,7 +100,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer .mutateWith(SecurityMockServerConfigurers.mockOidcLogin() .authorities(new SimpleGrantedAuthority("SCOPE_admin"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat((Collection) token.getPrincipal().getAuthorities()) .contains(new SimpleGrantedAuthority("SCOPE_admin")); @@ -114,7 +111,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer .mutateWith(SecurityMockServerConfigurers.mockOidcLogin() .idToken((i) -> i.issuer("https://idp.example.org"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org"); } @@ -124,7 +120,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer this.client .mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken((u) -> u.email("email@email"))) .get().uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("email", "email@email"); } @@ -134,16 +129,12 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token") .exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getName()).isEqualTo("test-subject"); - this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get() .uri("/client").exchange().expectStatus().isOk(); - OAuth2AuthorizedClient client = this.controller.authorizedClient; assertThat(client.getPrincipalName()).isEqualTo("test-subject"); } @@ -153,18 +144,14 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), TestOidcIdTokens.idToken().build()); - this.client.mutateWith( SecurityMockServerConfigurers.mockOidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)).get() .uri("/token").exchange().expectStatus().isOk(); - OAuth2AuthenticationToken token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject"); - this.client.mutateWith( SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))).get() .uri("/token").exchange().expectStatus().isOk(); - token = this.controller.token; assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar"); } diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java index fd5ccb3699..3b11ff0c73 100644 --- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java @@ -68,9 +68,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig @Test public void mockUserWhenDefaultsThenSuccess() { this.client.mutateWith(SecurityMockServerConfigurers.mockUser()).get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -81,9 +79,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig .apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockUser()) .configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build(); this.client.get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -91,9 +87,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig public void mockUserStringWhenLocalThenSuccess() { this.client.mutateWith(SecurityMockServerConfigurers.mockUser(this.userBuilder.build().getUsername())).get() .exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -103,9 +97,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig this.client .mutateWith(SecurityMockServerConfigurers.mockUser("admin").password("secret").roles("USER", "ADMIN")) .get().exchange().expectStatus().isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -114,9 +106,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig UserDetails userDetails = this.userBuilder.build(); this.client.mutateWith(SecurityMockServerConfigurers.mockUser(userDetails)).get().exchange().expectStatus() .isOk(); - Principal actual = this.controller.removePrincipal(); - assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build()); } @@ -124,9 +114,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig public void csrfWhenMutateWithThenDisablesCsrf() { this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody() .consumeWith((b) -> assertThat(new String(b.getResponseBody())).contains("CSRF")); - this.client.mutateWith(SecurityMockServerConfigurers.csrf()).post().exchange().expectStatus().isOk(); - } @Test @@ -134,9 +122,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig this.client = WebTestClient.bindToController(this.controller).webFilter(new CsrfWebFilter()) .apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.csrf()) .configureClient().build(); - this.client.get().exchange().expectStatus().isOk(); - } } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java index 397f04b404..ebca73b566 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java @@ -45,7 +45,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. /** * @author Rob Winch */ - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration @WebAppConfiguration @@ -66,7 +65,6 @@ public class Sec2935Tests { public void postProcessorUserNoUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated()); } @@ -74,7 +72,6 @@ public class Sec2935Tests { public void postProcessorUserOtherUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("user2")); } @@ -84,7 +81,6 @@ public class Sec2935Tests { public void postProcessorUserWithMockUser() throws Exception { this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("user")); } @@ -94,10 +90,8 @@ public class Sec2935Tests { public void defaultRequest() throws Exception { this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .defaultRequest(get("/").with(user("default"))).build(); - this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("default")); } @@ -108,10 +102,8 @@ public class Sec2935Tests { public void defaultRequestOverridesWithMockUser() throws Exception { this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()) .defaultRequest(get("/").with(user("default"))).build(); - this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound()) .andExpect(authenticated().withUsername("user1")); - this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden()) .andExpect(authenticated().withUsername("default")); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java index 0337afee88..e236a9295f 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java @@ -54,7 +54,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { MockHttpServletRequest request = formLogin().buildRequest(this.servletContext); CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("user"); assertThat(request.getParameter("password")).isEqualTo("password"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -67,10 +66,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void custom() { MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret") .buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("admin"); assertThat(request.getParameter("password")).isEqualTo("secret"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -82,10 +79,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void customWithUriVars() { MockHttpServletRequest request = formLogin().loginProcessingUrl("/uri-login/{var1}/{var2}", "val1", "val2") .user("username", "admin").password("password", "secret").buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getParameter("username")).isEqualTo("admin"); assertThat(request.getParameter("password")).isEqualTo("secret"); assertThat(request.getMethod()).isEqualTo("POST"); @@ -104,7 +99,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0)); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()) .defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build(); - MvcResult mvcResult = mockMvc.perform(formLogin()).andReturn(); assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(mvcResult.getRequest().getHeader("Accept")) @@ -121,7 +115,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests { public void usesAcceptMediaForContentNegotiation() { MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret") .buildRequest(this.servletContext); - assertThat(request.getHeader("Accept")).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java index 438f3d19c3..dfdcd71507 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java @@ -52,10 +52,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { @Test public void defaults() { MockHttpServletRequest request = logout().buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/logout"); @@ -64,10 +62,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { @Test public void custom() { MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/admin/logout"); @@ -77,10 +73,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { public void customWithUriVars() { MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2") .buildRequest(this.servletContext); - CsrfToken token = (CsrfToken) request .getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME); - assertThat(request.getMethod()).isEqualTo("POST"); assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken()); assertThat(request.getRequestURI()).isEqualTo("/uri-logout/val1/val2"); @@ -97,7 +91,6 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests { given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0)); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()) .defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build(); - MvcResult mvcResult = mockMvc.perform(logout()).andReturn(); assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name()); assertThat(mvcResult.getRequest().getHeader("Accept")) diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java index a6aaf08a74..b73620e033 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java @@ -74,7 +74,6 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests { @Test public void userDetails() { authentication(this.authentication).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java index 827bd15101..22b3ccb895 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java @@ -45,20 +45,16 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests { @Test public void x509SingleCertificate() { MockHttpServletRequest postProcessedRequest = x509(this.certificate).postProcessRequest(this.request); - X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest .getAttribute("javax.servlet.request.X509Certificate"); - assertThat(certificates).containsOnly(this.certificate); } @Test public void x509ResourceName() throws Exception { MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(this.request); - X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest .getAttribute("javax.servlet.request.X509Certificate"); - assertThat(certificates).hasSize(1); assertThat(certificates[0].getSubjectDN().getName()) .isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework"); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java index 3c09347f52..7118bf8889 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java @@ -155,12 +155,10 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests { public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception { // @formatter:off this.mockMvc.perform(post("/").with(csrf())); - MockHttpServletRequest request = new MockHttpServletRequest(); HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository(); CsrfToken token = repo.generateToken(request); repo.saveToken(token, request, new MockHttpServletResponse()); - MockHttpServletRequestBuilder requestWithCsrf = post("/") .param(token.getParameterName(), token.getToken()) .session((MockHttpSession) request.getSession()); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java index 9f9653ff25..5c06373a90 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java @@ -55,7 +55,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { public void setup() { this.password = "password"; this.request = new MockHttpServletRequest(); - this.entryPoint = new DigestAuthenticationEntryPoint(); this.entryPoint.setKey("key"); this.entryPoint.setRealmName("Spring Security"); @@ -74,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { @Test public void digestWithFilter() throws Exception { MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo("user"); } @@ -82,7 +80,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { public void digestWithFilterCustomUsername() throws Exception { String username = "admin"; MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -92,7 +89,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { this.password = "secret"; MockHttpServletRequest postProcessedRequest = digest(username).password(this.password) .postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -102,7 +98,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { this.entryPoint.setRealmName("Custom"); MockHttpServletRequest postProcessedRequest = digest(username).realm(this.entryPoint.getRealmName()) .postProcessRequest(this.request); - assertThat(extractUser()).isEqualTo(username); } @@ -111,7 +106,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests { String username = "admin"; MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid") .postProcessRequest(this.request); - assertThat(extractUser()).isNull(); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java index dfa8792001..5b7dd1a042 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java @@ -95,7 +95,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { @Test public void jwtWhenUsingDefaultsThenProducesDefaultJwtAuthentication() { jwt().postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -111,7 +110,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() { String name = new String("user"); jwt().jwt((jwt) -> jwt.subject(name)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -124,7 +122,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2) .postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -135,7 +132,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { @Test public void jwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -147,7 +143,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() { jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")) .authorities((jwt) -> Arrays.asList(this.authority1)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -158,7 +153,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests { public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() { Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build(); jwt().jwt(originalToken).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java index 7e17a95223..3483c3105c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java @@ -93,14 +93,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenUsingDefaultsThenException() throws Exception { - assertThatCode(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest())) .isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration"); } @Test public void oauth2ClientWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/access-token").with(oauth2Client("registration-id"))) .andExpect(content().string("access-token")); this.mvc.perform(get("/client-id").with(oauth2Client("registration-id"))) @@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenClientRegistrationThenUses() throws Exception { - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() .registrationId("registration-id").clientId("client-id").build(); this.mvc.perform(get("/client-id").with(oauth2Client().clientRegistration(clientRegistration))) @@ -118,7 +115,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { @Test public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception { - this.mvc.perform(get("/client-id") .with(oauth2Client("registration-id").clientRegistration((c) -> c.clientId("client-id")))) .andExpect(content().string("client-id")); @@ -141,7 +137,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests { public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception { this.mvc.perform(get("/client-id").with(oauth2Client("registration-id"))) .andExpect(content().string("test-client")); - OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub", TestOAuth2AccessTokens.noScopes()); OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java index d92b97c398..f5307845af 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java @@ -88,14 +88,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { @Test public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(oauth2Login())).andExpect(content().string("user")); this.mvc.perform(get("/admin/id-token/name").with(oauth2Login())).andExpect(status().isForbidden()); } @Test public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/client-id").with(oauth2Login())).andExpect(content().string("test-client")); } @@ -119,10 +117,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute"); this.mvc.perform(get("/attributes/custom-attribute").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/name").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/client-name").with(oauth2Login().oauth2User(oauth2User))) .andExpect(content().string("test-subject")); } @@ -138,7 +134,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("username", "user"), "username"); - this.mvc.perform(get("/attributes/sub") .with(oauth2Login().attributes((a) -> a.put("sub", "bar")).oauth2User(oauth2User))) .andExpect(status().isOk()).andExpect(content().string("no-attribute")); @@ -193,14 +188,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests { @GetMapping("/attributes/{attribute}") String attributes(@AuthenticationPrincipal OAuth2User oauth2User, @PathVariable("attribute") String attribute) { - return Optional.ofNullable((String) oauth2User.getAttribute(attribute)).orElse("no-attribute"); } @GetMapping("/admin/scopes") List scopes( @AuthenticationPrincipal(expression = "authorities") Collection authorities) { - return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java index 7de780a095..91fa711355 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java @@ -94,14 +94,12 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { @Test public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(oidcLogin())).andExpect(content().string("user")); this.mvc.perform(get("/admin/id-token/name").with(oidcLogin())).andExpect(status().isForbidden()); } @Test public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception { - this.mvc.perform(get("/access-token").with(oidcLogin())).andExpect(content().string("access-token")); } @@ -128,12 +126,9 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute"); - this.mvc.perform(get("/id-token/custom-attribute").with(oidcLogin().oidcUser(oidcUser))) .andExpect(content().string("test-subject")); - this.mvc.perform(get("/name").with(oidcLogin().oidcUser(oidcUser))).andExpect(content().string("test-subject")); - this.mvc.perform(get("/client-name").with(oidcLogin().oidcUser(oidcUser))) .andExpect(content().string("test-subject")); } @@ -143,7 +138,6 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests { public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception { OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), TestOidcIdTokens.idToken().build()); - this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser))) .andExpect(status().isOk()).andExpect(content().string("subject")); this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar")))) diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java index 46f9b54f37..764f51ec1c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java @@ -82,7 +82,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { @Test public void opaqueTokenWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception { - this.mvc.perform(get("/name").with(opaqueToken())).andExpect(content().string("user")); this.mvc.perform(get("/admin/scopes").with(opaqueToken())).andExpect(status().isForbidden()); } @@ -100,7 +99,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { OAuth2AuthenticatedPrincipal principal = mock(OAuth2AuthenticatedPrincipal.class); given(principal.getName()).willReturn("ben"); given(principal.getAuthorities()).willReturn(authorities); - this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben")); } @@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception { OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals .active((a) -> a.put("scope", "user")); - this.mvc.perform(get("/opaque-token/sub") .with(opaqueToken().attributes((a) -> a.put("sub", "foo")).principal(principal))) .andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub"))); @@ -147,14 +144,12 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests { @GetMapping("/opaque-token/{attribute}") String tokenAttribute(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal, @PathVariable("attribute") String attribute) { - return principal.getAttribute(attribute); } @GetMapping("/admin/scopes") List scopes( @AuthenticationPrincipal(expression = "authorities") Collection authorities) { - return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java index 8e3e099300..6f2521f37c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java @@ -73,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests { @Test public void userDetails() { securityContext(this.expectedContext).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java index 0472d593aa..0eb7913127 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java @@ -68,9 +68,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests { @Test public void testSecurityContextSaves() { TestSecurityContextHolder.setContext(this.context); - testSecurityContext().postProcessRequest(this.request); - verify(this.repository).saveContext(eq(this.context), eq(this.request), any(HttpServletResponse.class)); } @@ -78,7 +76,6 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests { @Test public void testSecurityContextNoContext() { testSecurityContext().postProcessRequest(this.request); - verify(this.repository, never()).saveContext(any(SecurityContext.class), eq(this.request), any(HttpServletResponse.class)); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java index c471fdc396..0f05f727c9 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java @@ -75,7 +75,6 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests { @Test public void userDetails() { user(this.userDetails).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java index 37c3457c02..1c6fb34678 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java @@ -81,9 +81,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userWithDefaults() { String username = "userabc"; - user(username).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -96,9 +94,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userWithCustom() { String username = "customuser"; - user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -112,9 +108,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userCustomAuthoritiesVarargs() { String username = "customuser"; - user(username).authorities(this.authority1, this.authority2).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); @@ -130,9 +124,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { @Test public void userCustomAuthoritiesList() { String username = "customuser"; - user(username).authorities(Arrays.asList(this.authority1, this.authority2)).postProcessRequest(this.request); - verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class)); SecurityContext context = this.contextCaptor.getValue(); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java index 6e2857091b..a4c3f8869c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java @@ -69,7 +69,6 @@ public class Gh3409Tests { this.mockMvc .perform(get("/public/") .with(securityContext(new SecurityContextImpl()))); - this.mockMvc .perform(get("/public/")) .andExpect(unauthenticated()); @@ -82,7 +81,6 @@ public class Gh3409Tests { this.mockMvc .perform(get("/") .with(securityContext(new SecurityContextImpl()))); - this.mockMvc .perform(get("/")) .andExpect(unauthenticated()); @@ -104,7 +102,6 @@ public class Gh3409Tests { .formLogin().and() .httpBasic(); // @formatter:on - } } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java index 9c27fd80c2..675a57dba2 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java @@ -63,10 +63,8 @@ public class SecurityMockMvcConfigurerTests { public void beforeMockMvcCreatedOverrideBean() throws Exception { returnFilterBean(); SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.filter); verify(this.servletContext).setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, this.filter); } @@ -75,27 +73,22 @@ public class SecurityMockMvcConfigurerTests { public void beforeMockMvcCreatedBean() throws Exception { returnFilterBean(); SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.beanFilter); } @Test public void beforeMockMvcCreatedNoBean() throws Exception { SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); - assertFilterAdded(this.filter); } @Test(expected = IllegalStateException.class) public void beforeMockMvcCreatedNoFilter() { SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(); - configurer.afterConfigurerAdded(this.builder); configurer.beforeMockMvcCreated(this.builder, this.context); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java index 8e62492aa7..089e5dc8b1 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java @@ -59,7 +59,6 @@ public class SecurityMockMvcConfigurersTests { public void applySpringSecurityWhenAddFilterFirstThenFilterFirst() throws Exception { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(this.noOpFilter) .apply(springSecurity()).build(); - mockMvc.perform(get("/")).andExpect(status().isOk()); } @@ -73,7 +72,6 @@ public class SecurityMockMvcConfigurersTests { public void applySpringSecurityWhenAddFilterSecondThenSecurityFirst() throws Exception { MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).apply(springSecurity()) .addFilters(this.noOpFilter).build(); - mockMvc.perform(get("/")).andExpect(status().is4xxClientError()); } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java index ecc20e3f92..d58e832673 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java @@ -115,7 +115,6 @@ public class CustomConfigAuthenticationTests { return new InMemoryUserDetailsManager(user); } // @formatter:on - @Bean SecurityContextRepository securityContextRepository() { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java index a469d38530..874e6c9f1c 100644 --- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java @@ -98,7 +98,6 @@ public class WebTestUtilsTests { } // getSecurityContextRepository - @Test public void getSecurityContextRepositoryNoWac() { assertThat(WebTestUtils.getSecurityContextRepository(this.request)) @@ -131,31 +130,26 @@ public class WebTestUtilsTests { @Test public void findFilterNoMatchingFilters() { loadConfig(PartialSecurityConfig.class); - assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull(); } @Test public void findFilterNoSpringSecurityFilterChainInContext() { loadConfig(NoSecurityConfig.class); - CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository()); FilterChainProxy springSecurityFilterChain = new FilterChainProxy( new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind)); this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain); - assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind); } @Test public void findFilterExplicitWithSecurityFilterInContext() { loadConfig(SecurityConfigWithDefaults.class); - CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository()); FilterChainProxy springSecurityFilterChain = new FilterChainProxy( new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind)); this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain); - assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind); } diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java index c9eedad606..5a2e9b0a32 100644 --- a/web/src/test/java/org/springframework/security/MockFilterConfig.java +++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java @@ -39,7 +39,6 @@ public class MockFilterConfig implements FilterConfig { @Override public String getInitParameter(String arg0) { Object result = this.map.get(arg0); - if (result != null) { return (String) result; } diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java index 32971f6513..ff368d2d49 100644 --- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java @@ -36,9 +36,7 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://context.blah.com/context/remainder"); - assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); } @@ -50,9 +48,7 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://https://context.blah.com/context/remainder"); - assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); } @@ -63,7 +59,6 @@ public class DefaultRedirectStrategyTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - rds.sendRedirect(request, response, "https://redirectme.somewhere.else"); } diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java index 56a21a1dc8..c5586308dc 100644 --- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java @@ -106,7 +106,6 @@ public class FilterChainProxyTests { this.fcp.doFilter(this.request, this.response, this.chain); assertThat(this.fcp.getFilterChains()).hasSize(1); assertThat(this.fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(this.filter); - verifyZeroInteractions(this.filter); // The actual filter chain should be invoked though verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -116,7 +115,6 @@ public class FilterChainProxyTests { public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception { given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); this.fcp.doFilter(this.request, this.response, this.chain); - verify(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -126,10 +124,8 @@ public class FilterChainProxyTests { public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception { List noFilters = Collections.emptyList(); this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, noFilters)); - given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); this.fcp.doFilter(this.request, this.response, this.chain); - verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -197,9 +193,7 @@ public class FilterChainProxyTests { return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, this.chain); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -212,14 +206,12 @@ public class FilterChainProxyTests { throw new ServletException("oops"); }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - try { this.fcp.doFilter(this.request, this.response, this.chain); fail("Expected Exception"); } catch (ServletException success) { } - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -236,15 +228,12 @@ public class FilterChainProxyTests { return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, innerChain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected); return null; }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); - this.fcp.doFilter(this.request, this.response, this.chain); - verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java index 046d52fb7b..bd3bb1f5fa 100644 --- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java @@ -48,7 +48,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld/some/more/segments.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); FilterInvocation fi = new FilterInvocation(request, response, chain); @@ -66,21 +65,18 @@ public class FilterInvocationTests { public void testRejectsNullFilterChain() { MockHttpServletRequest request = new MockHttpServletRequest(null, null); MockHttpServletResponse response = new MockHttpServletResponse(); - new FilterInvocation(request, response, null); } @Test(expected = IllegalArgumentException.class) public void testRejectsNullServletRequest() { MockHttpServletResponse response = new MockHttpServletResponse(); - new FilterInvocation(null, response, mock(FilterChain.class)); } @Test(expected = IllegalArgumentException.class) public void testRejectsNullServletResponse() { MockHttpServletRequest request = new MockHttpServletRequest(null, null); - new FilterInvocation(request, null, mock(FilterChain.class)); } @@ -94,7 +90,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar"); @@ -111,7 +106,6 @@ public class FilterInvocationTests { request.setServerPort(80); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/HelloWorld"); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld"); diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java index 326a889de8..aad10c3947 100644 --- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java +++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java @@ -43,26 +43,22 @@ public class PortMapperImplTests { @Test public void testDetectsEmptyMap() { PortMapperImpl portMapper = new PortMapperImpl(); - try { portMapper.setPortMappings(new HashMap<>()); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testDetectsNullMap() { PortMapperImpl portMapper = new PortMapperImpl(); - try { portMapper.setPortMappings(null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -77,13 +73,11 @@ public class PortMapperImplTests { PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("79", "80559"); - try { portMapper.setPortMappings(map); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -98,9 +92,7 @@ public class PortMapperImplTests { PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("79", "442"); - portMapper.setPortMappings(map); - assertThat(portMapper.lookupHttpPort(442)).isEqualTo(Integer.valueOf(79)); assertThat(Integer.valueOf(442)).isEqualTo(portMapper.lookupHttpsPort(79)); } diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java index 80240082a7..db99268419 100644 --- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java +++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java @@ -33,7 +33,6 @@ public class PortResolverImplTests { @Test public void testDetectsBuggyIeHttpRequest() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(8443); request.setScheme("HTtP"); // proves case insensitive handling @@ -43,7 +42,6 @@ public class PortResolverImplTests { @Test public void testDetectsBuggyIeHttpsRequest() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(8080); request.setScheme("HTtPs"); // proves case insensitive handling @@ -53,13 +51,11 @@ public class PortResolverImplTests { @Test public void testDetectsEmptyPortMapper() { PortResolverImpl pr = new PortResolverImpl(); - try { pr.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -74,7 +70,6 @@ public class PortResolverImplTests { @Test public void testNormalOperation() { PortResolverImpl pr = new PortResolverImpl(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerPort(1021); diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java index 438ece3d85..54dcc2b891 100644 --- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java @@ -101,10 +101,8 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests { public void deniesAccessIfAccessDecisionManagerDoes() { Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX"); DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor); - willThrow(new AccessDeniedException("")).given(this.adm).decide(any(Authentication.class), anyObject(), anyList()); - assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java index 6063aab348..cc97879021 100644 --- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java @@ -67,10 +67,8 @@ public class DelegatingAccessDeniedHandlerTests { public void moreSpecificDoesNotInvokeLessSpecific() throws Exception { this.handlers.put(CsrfException.class, this.handler1); this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3); - AccessDeniedException accessDeniedException = new AccessDeniedException(""); this.handler.handle(this.request, this.response, accessDeniedException); - verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); verify(this.handler3).handle(this.request, this.response, accessDeniedException); @@ -81,10 +79,8 @@ public class DelegatingAccessDeniedHandlerTests { this.handlers.put(InvalidCsrfTokenException.class, this.handler1); this.handlers.put(MissingCsrfTokenException.class, this.handler2); this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3); - AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123"); this.handler.handle(this.request, this.response, accessDeniedException); - verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class)); verify(this.handler2).handle(this.request, this.response, accessDeniedException); diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java index 1506d493ce..62a9a127ff 100644 --- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java @@ -69,14 +69,11 @@ public class ExceptionTranslationFilterTests { private static String getSavedRequestUrl(HttpServletRequest request) { HttpSession session = request.getSession(false); - if (session == null) { return null; } - HttpSessionRequestCache rc = new HttpSessionRequestCache(); SavedRequest sr = rc.getRequest(request, new MockHttpServletResponse()); - return sr.getRedirectUrl(); } @@ -90,22 +87,18 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl()); assertThat(filter.getAuthenticationTrustResolver()).isNotNull(); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp"); @@ -122,18 +115,15 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is remembered SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication( new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); SecurityContextHolder.setContext(securityContext); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -147,24 +137,19 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.clearContext(); - // Setup a new AccessDeniedHandlerImpl that will do a "forward" AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl(); adh.setErrorPage("/error.jsp"); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.setAccessDeniedHandler(adh); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); assertThat(response.getStatus()).isEqualTo(403); @@ -177,23 +162,19 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter( (req, res, ae) -> res.sendError(403, ae.getMessage())); filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl()); assertThat(filter.getAuthenticationTrustResolver()).isNotNull(); - LocaleContextHolder.setDefaultLocale(Locale.GERMAN); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); @@ -211,12 +192,10 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.afterPropertiesSet(); @@ -237,12 +216,10 @@ public class ExceptionTranslationFilterTests { request.setServerName("localhost"); request.setContextPath("/mycontext"); request.setRequestURI("/mycontext/secure/page.html"); - // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - // Test HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache); @@ -269,11 +246,9 @@ public class ExceptionTranslationFilterTests { // Setup our HTTP request MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); assertThat(filter.getAuthenticationEntryPoint()).isSameAs(this.mockEntryPoint); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, mock(FilterChain.class)); } @@ -281,12 +256,10 @@ public class ExceptionTranslationFilterTests { @Test public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception { ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); - filter.afterPropertiesSet(); Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() }; for (Exception e : exceptions) { FilterChain fc = mock(FilterChain.class); - willThrow(e).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); try { filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc); @@ -309,10 +282,8 @@ public class ExceptionTranslationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); - assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class) .hasCauseInstanceOf(AccessDeniedException.class); - verifyZeroInteractions(this.mockEntryPoint); } diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java index f5e160c855..c3bfbd4c7e 100644 --- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java @@ -58,9 +58,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { given(matcher.matches(this.request)).willReturn(false); this.deniedHandlers.put(matcher, handler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(this.accessDeniedHandler).handle(this.request, null, null); verify(handler, never()).handle(this.request, null, null); } @@ -75,9 +73,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { this.deniedHandlers.put(firstMatcher, firstHandler); this.deniedHandlers.put(secondMatcher, secondHandler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(firstHandler).handle(this.request, null, null); verify(secondHandler, never()).handle(this.request, null, null); verify(this.accessDeniedHandler, never()).handle(this.request, null, null); @@ -95,9 +91,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests { this.deniedHandlers.put(firstMatcher, firstHandler); this.deniedHandlers.put(secondMatcher, secondHandler); this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler); - this.delegator.handle(this.request, null, null); - verify(secondHandler).handle(this.request, null, null); verify(firstHandler, never()).handle(this.request, null, null); verify(this.accessDeniedHandler, never()).handle(this.request, null, null); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java index 41d60e69c7..b31987dec3 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java @@ -47,7 +47,6 @@ public class ChannelDecisionManagerImplTests { @Test public void testCannotSetEmptyChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.setChannelProcessors(new Vector()); cdm.afterPropertiesSet(); @@ -63,20 +62,17 @@ public class ChannelDecisionManagerImplTests { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); List list = new Vector(); list.add("THIS IS NOT A CHANNELPROCESSOR"); - try { cdm.setChannelProcessors(list); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @Test public void testCannotSetNullChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.setChannelProcessors(null); cdm.afterPropertiesSet(); @@ -97,13 +93,10 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - List cad = SecurityConfig.createList("xyz"); - cdm.decide(fi, cad); assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -116,11 +109,9 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - cdm.decide(fi, SecurityConfig.createList(new String[] { "abc", "ANY_CHANNEL" })); assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -135,11 +126,9 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT")); assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -154,7 +143,6 @@ public class ChannelDecisionManagerImplTests { list.add(cpAbc); cdm.setChannelProcessors(list); cdm.afterPropertiesSet(); - assertThat(cdm.supports(new SecurityConfig("xyz"))).isTrue(); assertThat(cdm.supports(new SecurityConfig("abc"))).isTrue(); assertThat(cdm.supports(new SecurityConfig("UNSUPPORTED"))).isFalse(); @@ -164,21 +152,18 @@ public class ChannelDecisionManagerImplTests { public void testGettersSetters() { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); assertThat(cdm.getChannelProcessors()).isNull(); - MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false); MockChannelProcessor cpAbc = new MockChannelProcessor("abc", false); List list = new Vector(); list.add(cpXyz); list.add(cpAbc); cdm.setChannelProcessors(list); - assertThat(cdm.getChannelProcessors()).isEqualTo(list); } @Test public void testStartupFailsWithEmptyChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); - try { cdm.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -202,17 +187,13 @@ public class ChannelDecisionManagerImplTests { @Override public void decide(FilterInvocation invocation, Collection config) throws IOException { Iterator iter = config.iterator(); - if (this.failIfCalled) { fail("Should not have called this channel processor: " + this.configAttribute); } - while (iter.hasNext()) { ConfigAttribute attr = (ConfigAttribute) iter.next(); - if (attr.getAttribute().equals(this.configAttribute)) { invocation.getHttpResponse().sendRedirect("/redirected"); - return; } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java index f539e6eafe..76ff193adf 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java @@ -43,10 +43,8 @@ public class ChannelProcessingFilterTests { @Test(expected = IllegalArgumentException.class) public void testDetectsMissingChannelDecisionManager() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK"); filter.setSecurityMetadataSource(fids); - filter.afterPropertiesSet(); } @@ -61,12 +59,9 @@ public class ChannelProcessingFilterTests { public void testDetectsSupportedConfigAttribute() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY"); - filter.setSecurityMetadataSource(fids); - filter.afterPropertiesSet(); } @@ -74,10 +69,8 @@ public class ChannelProcessingFilterTests { public void testDetectsUnsupportedConfigAttribute() { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); filter.afterPropertiesSet(); } @@ -86,17 +79,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenManagerDoesCommitResponse() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -104,17 +92,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenManagerDoesNotCommitResponse() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -122,17 +105,12 @@ public class ChannelProcessingFilterTests { public void testDoFilterWhenNullConfigAttributeReturned() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED")); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "NOT_USED"); - filter.setSecurityMetadataSource(fids); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("info=now"); request.setServletPath("/PATH_NOT_MATCHING_CONFIG_ATTRIBUTE"); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, mock(FilterChain.class)); } @@ -141,12 +119,9 @@ public class ChannelProcessingFilterTests { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK")); assertThat(filter.getChannelDecisionManager() != null).isTrue(); - MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", false, "MOCK"); - filter.setSecurityMetadataSource(fids); assertThat(filter.getSecurityMetadataSource()).isSameAs(fids); - filter.afterPropertiesSet(); } @@ -192,7 +167,6 @@ public class ChannelProcessingFilterTests { @Override public Collection getAttributes(Object object) throws IllegalArgumentException { FilterInvocation fi = (FilterInvocation) object; - if (this.servletPath.equals(fi.getHttpRequest().getServletPath())) { return this.toReturn; } @@ -206,7 +180,6 @@ public class ChannelProcessingFilterTests { if (!this.provideIterator) { return null; } - return this.toReturn; } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java index e9752b8f57..487e1a5cf9 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java @@ -45,13 +45,10 @@ public class InsecureChannelProcessorTests { request.setServletPath("/servlet"); request.setScheme("http"); request.setServerPort(8080); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL")); - assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -65,14 +62,11 @@ public class InsecureChannelProcessorTests { request.setScheme("https"); request.setSecure(true); request.setServerPort(8443); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL" })); - assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -80,13 +74,11 @@ public class InsecureChannelProcessorTests { public void testDecideRejectsNulls() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.afterPropertiesSet(); - try { processor.decide(null, null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -96,7 +88,6 @@ public class InsecureChannelProcessorTests { assertThat(processor.getInsecureKeyword()).isEqualTo("REQUIRES_INSECURE_CHANNEL"); processor.setInsecureKeyword("X"); assertThat(processor.getInsecureKeyword()).isEqualTo("X"); - assertThat(processor.getEntryPoint() != null).isTrue(); processor.setEntryPoint(null); assertThat(processor.getEntryPoint() == null).isTrue(); @@ -106,7 +97,6 @@ public class InsecureChannelProcessorTests { public void testMissingEntryPoint() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setEntryPoint(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -120,7 +110,6 @@ public class InsecureChannelProcessorTests { public void testMissingSecureChannelKeyword() throws Exception { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setInsecureKeyword(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -128,9 +117,7 @@ public class InsecureChannelProcessorTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).isEqualTo("insecureKeyword required"); } - processor.setInsecureKeyword(""); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java index bf67247ff3..f858d11c5b 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java @@ -43,7 +43,6 @@ public class RetryWithHttpEntryPointTests { @Test public void testDetectsMissingPortMapper() { RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); - try { ep.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); @@ -55,7 +54,6 @@ public class RetryWithHttpEntryPointTests { @Test public void testDetectsMissingPortResolver() { RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); - try { ep.setPortResolver(null); fail("Should have thrown IllegalArgumentException"); @@ -85,13 +83,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello/pathInfo.html?open=true"); } @@ -102,13 +97,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello"); } @@ -120,13 +112,10 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("www.example.com"); request.setServerPort(8768); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(8768, 1234)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true"); } @@ -138,18 +127,14 @@ public class RetryWithHttpEntryPointTests { request.setScheme("https"); request.setServerName("localhost"); request.setServerPort(9999); - MockHttpServletResponse response = new MockHttpServletResponse(); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); - RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint(); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.setPortMapper(portMapper); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java index 3fdf255079..29274cb3ea 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java @@ -39,7 +39,6 @@ public class RetryWithHttpsEntryPointTests { @Test public void testDetectsMissingPortMapper() { RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); - try { ep.setPortMapper(null); fail("Should have thrown IllegalArgumentException"); @@ -51,7 +50,6 @@ public class RetryWithHttpsEntryPointTests { @Test public void testDetectsMissingPortResolver() { RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); - try { ep.setPortResolver(null); fail("Should have thrown IllegalArgumentException"); @@ -76,13 +74,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); @@ -94,13 +89,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); } @@ -112,13 +104,10 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(8768); - MockHttpServletResponse response = new MockHttpServletResponse(); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(8768, 1234)); - ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true"); } @@ -130,18 +119,14 @@ public class RetryWithHttpsEntryPointTests { request.setScheme("http"); request.setServerName("www.example.com"); request.setServerPort(8888); - MockHttpServletResponse response = new MockHttpServletResponse(); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); - RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint(); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.setPortMapper(portMapper); - ep.commence(request, response); assertThat(response.getRedirectedUrl()) .isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true"); diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java index 9c472da817..e66b411c55 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java @@ -46,13 +46,10 @@ public class SecureChannelProcessorTests { request.setScheme("https"); request.setSecure(true); request.setServerPort(8443); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - SecureChannelProcessor processor = new SecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL")); - assertThat(fi.getResponse().isCommitted()).isFalse(); } @@ -65,14 +62,11 @@ public class SecureChannelProcessorTests { request.setServletPath("/servlet"); request.setScheme("http"); request.setServerPort(8080); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class)); - SecureChannelProcessor processor = new SecureChannelProcessor(); processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" })); - assertThat(fi.getResponse().isCommitted()).isTrue(); } @@ -80,13 +74,11 @@ public class SecureChannelProcessorTests { public void testDecideRejectsNulls() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.afterPropertiesSet(); - try { processor.decide(null, null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -96,7 +88,6 @@ public class SecureChannelProcessorTests { assertThat(processor.getSecureKeyword()).isEqualTo("REQUIRES_SECURE_CHANNEL"); processor.setSecureKeyword("X"); assertThat(processor.getSecureKeyword()).isEqualTo("X"); - assertThat(processor.getEntryPoint() != null).isTrue(); processor.setEntryPoint(null); assertThat(processor.getEntryPoint() == null).isTrue(); @@ -106,7 +97,6 @@ public class SecureChannelProcessorTests { public void testMissingEntryPoint() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setEntryPoint(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -120,7 +110,6 @@ public class SecureChannelProcessorTests { public void testMissingSecureChannelKeyword() throws Exception { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setSecureKeyword(null); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -128,9 +117,7 @@ public class SecureChannelProcessorTests { catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).isEqualTo("secureKeyword required"); } - processor.setSecureKeyword(""); - try { processor.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java index 0244b48aa6..0e1dec1d1b 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java @@ -65,14 +65,12 @@ public class AbstractVariableEvaluationContextPostProcessorTests { @Test public void extractVariables() { this.context = this.processor.postProcess(this.context, this.invocation); - assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); } @Test public void extractVariablesOnlyUsedOnce() { this.context = this.processor.postProcess(this.context, this.invocation); - assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); this.processor.results = Collections.emptyMap(); assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE); diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java index 16a5f0e164..b23e67c89f 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java @@ -69,7 +69,6 @@ public class DefaultWebSecurityExpressionHandlerTests { bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A"); appContext.registerBeanDefinition("role", bean); this.handler.setApplicationContext(appContext); - EvaluationContext ctx = this.handler.createEvaluationContext(mock(Authentication.class), mock(FilterInvocation.class)); ExpressionParser parser = this.handler.getExpressionParser(); @@ -85,11 +84,9 @@ public class DefaultWebSecurityExpressionHandlerTests { @Test public void createEvaluationContextCustomTrustResolver() { this.handler.setTrustResolver(this.trustResolver); - Expression expression = this.handler.getExpressionParser().parseExpression("anonymous"); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.invocation); assertThat(expression.getValue(context, Boolean.class)).isFalse(); - verify(this.trustResolver).isAnonymous(this.authentication); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java index bb9a8e6734..355dd768df 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java @@ -56,7 +56,6 @@ public class DelegatingEvaluationContextTests { public void getRootObject() { TypedValue expected = mock(TypedValue.class); given(this.delegate.getRootObject()).willReturn(expected); - assertThat(this.context.getRootObject()).isEqualTo(expected); } @@ -64,7 +63,6 @@ public class DelegatingEvaluationContextTests { public void getConstructorResolvers() { List expected = new ArrayList<>(); given(this.delegate.getConstructorResolvers()).willReturn(expected); - assertThat(this.context.getConstructorResolvers()).isEqualTo(expected); } @@ -72,7 +70,6 @@ public class DelegatingEvaluationContextTests { public void getMethodResolvers() { List expected = new ArrayList<>(); given(this.delegate.getMethodResolvers()).willReturn(expected); - assertThat(this.context.getMethodResolvers()).isEqualTo(expected); } @@ -80,16 +77,13 @@ public class DelegatingEvaluationContextTests { public void getPropertyAccessors() { List expected = new ArrayList<>(); given(this.delegate.getPropertyAccessors()).willReturn(expected); - assertThat(this.context.getPropertyAccessors()).isEqualTo(expected); } @Test public void getTypeLocator() { - TypeLocator expected = mock(TypeLocator.class); given(this.delegate.getTypeLocator()).willReturn(expected); - assertThat(this.context.getTypeLocator()).isEqualTo(expected); } @@ -97,7 +91,6 @@ public class DelegatingEvaluationContextTests { public void getTypeConverter() { TypeConverter expected = mock(TypeConverter.class); given(this.delegate.getTypeConverter()).willReturn(expected); - assertThat(this.context.getTypeConverter()).isEqualTo(expected); } @@ -105,7 +98,6 @@ public class DelegatingEvaluationContextTests { public void getTypeComparator() { TypeComparator expected = mock(TypeComparator.class); given(this.delegate.getTypeComparator()).willReturn(expected); - assertThat(this.context.getTypeComparator()).isEqualTo(expected); } @@ -113,7 +105,6 @@ public class DelegatingEvaluationContextTests { public void getOperatorOverloader() { OperatorOverloader expected = mock(OperatorOverloader.class); given(this.delegate.getOperatorOverloader()).willReturn(expected); - assertThat(this.context.getOperatorOverloader()).isEqualTo(expected); } @@ -121,7 +112,6 @@ public class DelegatingEvaluationContextTests { public void getBeanResolver() { BeanResolver expected = mock(BeanResolver.class); given(this.delegate.getBeanResolver()).willReturn(expected); - assertThat(this.context.getBeanResolver()).isEqualTo(expected); } @@ -129,9 +119,7 @@ public class DelegatingEvaluationContextTests { public void setVariable() { String name = "name"; String value = "value"; - this.context.setVariable(name, value); - verify(this.delegate).setVariable(name, value); } @@ -140,7 +128,6 @@ public class DelegatingEvaluationContextTests { String name = "name"; String expected = "expected"; given(this.delegate.lookupVariable(name)).willReturn(expected); - assertThat(this.context.lookupVariable(name)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java index fdca0484e6..8f8a5ab887 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java @@ -55,7 +55,6 @@ public class WebExpressionVoterTests { .isTrue(); assertThat(voter.supports(FilterInvocation.class)).isTrue(); assertThat(voter.supports(MethodInvocation.class)).isFalse(); - } @Test @@ -83,9 +82,7 @@ public class WebExpressionVoterTests { ArrayList attributes = new ArrayList(); attributes.addAll(SecurityConfig.createList("A", "B", "C")); attributes.add(weca); - assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); - // Second time false assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java index 0e973ade90..f6394360fc 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java @@ -44,9 +44,7 @@ public class WebSecurityExpressionRootTests { request.setRemoteAddr("192.168.1.1"); WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class), new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class))); - assertThat(root.hasIpAddress("192.168.1.1")).isTrue(); - // IPv6 Address request.setRemoteAddr("fa:db8:85a3::8a2e:370:7334"); assertThat(root.hasIpAddress("fa:db8:85a3::8a2e:370:7334")).isTrue(); @@ -62,7 +60,6 @@ public class WebSecurityExpressionRootTests { request.setRemoteAddr("192.168.1." + i); assertThat(root.hasIpAddress("192.168.1.0/24")).isTrue(); } - request.setRemoteAddr("192.168.1.127"); // 25 = FF FF FF 80 assertThat(root.hasIpAddress("192.168.1.0/25")).isTrue(); @@ -75,7 +72,6 @@ public class WebSecurityExpressionRootTests { assertThat(root.hasIpAddress("192.168.1.224/27")).isTrue(); assertThat(root.hasIpAddress("192.168.1.240/27")).isTrue(); assertThat(root.hasIpAddress("192.168.1.255/32")).isTrue(); - request.setRemoteAddr("202.24.199.127"); assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue(); request.setRemoteAddr("202.25.179.135"); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java index 5f207669bc..c054e9a483 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java @@ -54,9 +54,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupNotRequiringExactMatchSucceedsIfNotMatching() { createFids("/secure/super/**", null); - FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null, null, null); - assertThat(this.fids.getAttributes(fi)).isEqualTo(this.def); } @@ -67,9 +65,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() { createFids("/secure/super/**", null); - FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -77,9 +73,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupRequiringExactMatchIsSuccessful() { createFids("/SeCurE/super/**", null); - FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -87,9 +81,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() { createFids("/someAdminPage.html**", null); - FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, "a=/test", null); - Collection response = this.fids.getAttributes(fi); assertThat(response); // see SEC-161 (it should truncate after ? // sign).isEqualTo(def) @@ -103,7 +95,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void httpMethodLookupSucceeds() { createFids("/somepage**", "GET"); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(this.def); @@ -112,7 +103,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void generalMatchIsUsedIfNoMethodSpecificMatchExists() { createFids("/somepage**", null); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(this.def); @@ -121,7 +111,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void requestWithDifferentHttpMethodDoesntMatch() { createFids("/somepage**", "GET"); - FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isNull(); @@ -132,11 +121,9 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() { LinkedHashMap> requestMap = new LinkedHashMap<>(); Collection userAttrs = SecurityConfig.createList("A"); - requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs); requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B")); this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap); - FilterInvocation fi = createFilterInvocation("/user", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(userAttrs); @@ -148,14 +135,10 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void extraQuestionMarkStillMatches() { createFids("/someAdminPage.html*", null); - FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null); - Collection response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); - fi = createFilterInvocation("/someAdminPage.html", null, "?", null); - response = this.fids.getAttributes(fi); assertThat(response).isEqualTo(this.def); } @@ -168,7 +151,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { request.setServletPath(servletPath); request.setPathInfo(pathInfo); request.setQueryString(queryString); - return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java index 37199a0c8f..dcd759048a 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java @@ -117,13 +117,9 @@ public class FilterSecurityInterceptorTests { // Setup a Context Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); SecurityContextHolder.getContext().setAuthentication(token); - FilterInvocation fi = createinvocation(); - given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - this.interceptor.invoke(fi); - // SEC-1697 verify(this.publisher, never()).publishEvent(any(AuthorizedEvent.class)); } @@ -132,24 +128,19 @@ public class FilterSecurityInterceptorTests { public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception { Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); SecurityContextHolder.getContext().setAuthentication(token); - FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - try { this.interceptor.invoke(fi); fail("Expected exception"); } catch (RuntimeException expected) { } - verifyZeroInteractions(aim); } @@ -161,29 +152,23 @@ public class FilterSecurityInterceptorTests { Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED"); token.setAuthenticated(true); ctx.setAuthentication(token); - RunAsManager runAsManager = mock(RunAsManager.class); given(runAsManager.buildRunAs(eq(token), any(), anyCollection())) .willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass())); this.interceptor.setRunAsManager(runAsManager); - FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); - AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); - try { this.interceptor.invoke(fi); fail("Expected exception"); } catch (RuntimeException expected) { } - // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); @@ -195,9 +180,7 @@ public class FilterSecurityInterceptorTests { this.interceptor.setObserveOncePerRequest(false); MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest(); - this.interceptor.doFilter(request, response, new MockFilterChain()); - assertThat(request.getAttributeNames().hasMoreElements()).isFalse(); } @@ -205,10 +188,8 @@ public class FilterSecurityInterceptorTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/secure/page.html"); - FilterChain chain = mock(FilterChain.class); FilterInvocation fi = new FilterInvocation(request, response, chain); - return fi; } diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java index 40576c0a41..37211f6fa2 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java @@ -31,7 +31,6 @@ public class RequestKeyTests { public void equalsWorksWithNullHttpMethod() { RequestKey key1 = new RequestKey("/someurl"); RequestKey key2 = new RequestKey("/someurl"); - assertThat(key2).isEqualTo(key1); key1 = new RequestKey("/someurl", "GET"); assertThat(key1.equals(key2)).isFalse(); @@ -42,7 +41,6 @@ public class RequestKeyTests { public void keysWithSameUrlAndHttpMethodAreEqual() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/someurl", "GET"); - assertThat(key2).isEqualTo(key1); } @@ -50,7 +48,6 @@ public class RequestKeyTests { public void keysWithSameUrlAndDifferentHttpMethodAreNotEqual() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/someurl", "POST"); - assertThat(key1.equals(key2)).isFalse(); assertThat(key2.equals(key1)).isFalse(); } @@ -59,7 +56,6 @@ public class RequestKeyTests { public void keysWithDifferentUrlsAreNotEquals() { RequestKey key1 = new RequestKey("/someurl", "GET"); RequestKey key2 = new RequestKey("/anotherurl", "GET"); - assertThat(key1.equals(key2)).isFalse(); assertThat(key2.equals(key1)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index d815881514..0cdee2f548 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -71,13 +71,11 @@ public class AbstractAuthenticationProcessingFilterTests { private MockHttpServletRequest createMockAuthenticationRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/j_mock_post"); request.setScheme("http"); request.setServerName("www.example.com"); request.setRequestURI("/mycontext/j_mock_post"); request.setContextPath("/mycontext"); - return request; } @@ -101,10 +99,8 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockAuthenticationFilter filter = new MockAuthenticationFilter(); filter.setFilterProcessesUrl("/login"); - DefaultHttpFirewall firewall = new DefaultHttpFirewall(); request.setServletPath("/login;jsessionid=I8MIONOSTHOR"); - // the firewall ensures that path parameters are ignored HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request); assertThat(filter.requiresAuthentication(firewallRequest, response)).isTrue(); @@ -116,20 +112,16 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletRequest request = createMockAuthenticationRequest(); request.setServletPath("/j_OTHER_LOCATION"); request.setRequestURI("/mycontext/j_OTHER_LOCATION"); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_OTHER_LOCATION"); filter.setAuthenticationSuccessHandler(this.successHandler); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -143,7 +135,6 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setFilterProcessesUrl("/p"); filter.afterPropertiesSet(); - assertThat(filter.getRememberMeServices()).isNotNull(); filter.setRememberMeServices( new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService())); @@ -157,18 +148,14 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletRequest request = createMockAuthenticationRequest(); request.setServletPath("/some.file.html"); request.setRequestURI("/mycontext/some.file.html"); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will be invoked, as our request is // for a page the filter isn't monitoring MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to deny access MockAuthenticationFilter filter = new MockAuthenticationFilter(false); - // Test filter.doFilter(request, response, chain); } @@ -178,25 +165,20 @@ public class AbstractAuthenticationProcessingFilterTests { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); - filter.setFilterProcessesUrl("/j_mock_post"); filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -211,24 +193,19 @@ public class AbstractAuthenticationProcessingFilterTests { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post", mock(AuthenticationManager.class)); - filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -245,24 +222,19 @@ public class AbstractAuthenticationProcessingFilterTests { request.setServletPath("/j_eradicate_corona_virus"); request.setRequestURI("/mycontext/j_eradicate_corona_virus"); HttpSession sessionPreAuth = request.getSession(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter( new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class)); - filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); filter.afterPropertiesSet(); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); @@ -279,7 +251,6 @@ public class AbstractAuthenticationProcessingFilterTests { this.successHandler.setDefaultTargetUrl("/"); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setFilterProcessesUrl("/login"); - try { filter.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -295,7 +266,6 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationFailureHandler(this.failureHandler); filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationSuccessHandler(this.successHandler); - try { filter.setFilterProcessesUrl(null); fail("Should have thrown IllegalArgumentException"); @@ -309,38 +279,31 @@ public class AbstractAuthenticationProcessingFilterTests { public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationSuccessHandler(this.successHandler); - // Test filter.doFilter(request, response, chain); assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp"); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test"); - // Now try again but this time have filter deny access // Setup our HTTP request // Setup our expectation that the filter chain will not be invoked, as we redirect // to authenticationFailureUrl chain = new MockFilterChain(false); response = new MockHttpServletResponse(); - // Setup our test object, to deny access filter = new MockAuthenticationFilter(false); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationFailureHandler(this.failureHandler); - // Test filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -350,27 +313,21 @@ public class AbstractAuthenticationProcessingFilterTests { public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will be invoked, as we want to go // to the location requested in the session MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class); filter.setAuthenticationSuccessHandler(successHandler); - // Test filter.doFilter(request, response, chain); - verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); } @@ -378,26 +335,20 @@ public class AbstractAuthenticationProcessingFilterTests { public void testFailedAuthenticationInvokesFailureHandler() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); - // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); - // Setup our expectation that the filter chain will not be invoked, as we redirect // to authenticationFailureUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); - // Setup our test object, to deny access MockAuthenticationFilter filter = new MockAuthenticationFilter(false); AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); - // Test filter.doFilter(request, response, chain); - verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -407,18 +358,14 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterConfig config = new MockFilterConfig(null, null); MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - // Reject authentication, so exception would normally be stored in session MockAuthenticationFilter filter = new MockAuthenticationFilter(false); this.failureHandler.setAllowSessionCreation(false); filter.setAuthenticationFailureHandler(this.failureHandler); - filter.doFilter(request, response, chain); - assertThat(request.getSession(false)).isNull(); } @@ -428,17 +375,13 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterConfig config = new MockFilterConfig(null, null); MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - MockAuthenticationFilter filter = new MockAuthenticationFilter(false); this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(this.successHandler); - filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } @@ -448,19 +391,15 @@ public class AbstractAuthenticationProcessingFilterTests { @Test public void loginErrorWithInternAuthenticationServiceExceptionLogsError() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); - MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); - Log logger = mock(Log.class); MockAuthenticationFilter filter = new MockAuthenticationFilter(false); ReflectionTestUtils.setField(filter, "logger", logger); filter.exceptionToThrow = new InternalAuthenticationServiceException("Mock requested to do so"); this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(this.successHandler); - filter.doFilter(request, response, chain); - verify(logger).error(anyString(), eq(filter.exceptionToThrow)); assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java index cf5985a017..e0e18ff2c5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java @@ -74,16 +74,13 @@ public class AnonymousAuthenticationFilterTests { // Put an Authentication object into the SecurityContextHolder Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A"); SecurityContextHolder.getContext().setAuthentication(originalAuth); - AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); - // Test MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("x"); executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(), new MockFilterChain(true)); - // Ensure filter didn't change our original object assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(originalAuth); } @@ -93,12 +90,10 @@ public class AnonymousAuthenticationFilterTests { AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("x"); executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(), new MockFilterChain(true)); - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); assertThat(auth.getPrincipal()).isEqualTo("anonymousUsername"); assertThat(AuthorityUtils.authorityListToSet(auth.getAuthorities())).contains("ROLE_ANONYMOUS"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java index 8a36219287..36a439e57e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java @@ -89,12 +89,10 @@ public class AuthenticationFilterTests { public void filterWhenDefaultsAndNoAuthenticationThenContinues() throws Exception { AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationManager); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -104,12 +102,10 @@ public class AuthenticationFilterTests { public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() throws Exception { AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationManagerResolver); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -122,12 +118,10 @@ public class AuthenticationFilterTests { given(this.authenticationManager.authenticate(any())).willReturn(authentication); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.authenticationManager).authenticate(any(Authentication.class)); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -139,15 +133,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.authenticationManager).authenticate(any(Authentication.class)); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -158,15 +149,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed")); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -177,15 +165,12 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed")); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -195,11 +180,9 @@ public class AuthenticationFilterTests { given(this.authenticationConverter.convert(any())).willReturn(null); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, new MockHttpServletResponse(), chain); - verifyZeroInteractions(this.authenticationManagerResolver); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -210,16 +193,13 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setSuccessHandler(this.successHandler); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verify(this.successHandler).onAuthenticationSuccess(any(), any(), any(), eq(authentication)); verifyZeroInteractions(this.failureHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); @@ -230,11 +210,9 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(null); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setSuccessHandler(this.successHandler); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); @@ -244,7 +222,6 @@ public class AuthenticationFilterTests { catch (ServletException ex) { verifyZeroInteractions(this.successHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); - throw ex; } } @@ -252,16 +229,13 @@ public class AuthenticationFilterTests { @Test public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() throws Exception { given(this.requestMatcher.matches(any())).willReturn(false); - AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter); filter.setRequestMatcher(this.requestMatcher); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - verifyZeroInteractions(this.authenticationConverter, this.authenticationManagerResolver, this.successHandler); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -272,18 +246,15 @@ public class AuthenticationFilterTests { Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER"); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(authentication); - MockHttpSession session = new MockHttpSession(); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = new MockFilterChain(); - String sessionId = session.getId(); AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter); filter.doFilter(request, response, chain); - assertThat(session.getId()).isNotEqualTo(sessionId); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java index 2a3293e94a..825c9ca6b4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java @@ -60,9 +60,7 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -71,10 +69,8 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login"); filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -83,11 +79,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login"); request.setContextPath("/context"); filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -96,9 +90,7 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -107,12 +99,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login"); request.setQueryString("error"); - filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isNotEmpty(); } @@ -136,12 +125,9 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( new UsernamePasswordAuthenticationFilter()); MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login"); request.setQueryString("not"); - filter.doFilter(request, response, this.chain); - assertThat(response.getContentAsString()).isEmpty(); } @@ -162,7 +148,6 @@ public class DefaultLoginPageGeneratingFilterTests { String message = messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA); request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message)); - filter.doFilter(request, new MockHttpServletResponse(), this.chain); } @@ -172,14 +157,11 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(); filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL); filter.setOauth2LoginEnabled(true); - String clientName = "Google < > \" \' &"; filter.setOauth2AuthenticationUrlToClientName( Collections.singletonMap("/oauth2/authorization/google", clientName)); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()) .contains("Google < > " ' &"); } @@ -189,13 +171,10 @@ public class DefaultLoginPageGeneratingFilterTests { DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(); filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL); filter.setSaml2LoginEnabled(true); - String clientName = "Google < > \" \' &"; filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName)); - MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); - assertThat(response.getContentAsString()).contains("Login with SAML 2.0"); assertThat(response.getContentAsString()) .contains("Google < > " ' &"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java index 0033fa13f1..c2abbe1a44 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java @@ -61,7 +61,6 @@ public class DelegatingAuthenticationEntryPointContextTests { verify(this.firstAEP).commence(request, null, null); verify(this.defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - } @Test @@ -73,7 +72,6 @@ public class DelegatingAuthenticationEntryPointContextTests { verify(this.defaultAEP).commence(request, null, null); verify(this.firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java index ff9068b8f6..fa93a45b63 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java @@ -63,9 +63,7 @@ public class DelegatingAuthenticationEntryPointTests { RequestMatcher firstRM = mock(RequestMatcher.class); given(firstRM.matches(this.request)).willReturn(false); this.entryPoints.put(firstRM, firstAEP); - this.daep.commence(this.request, null, null); - verify(this.defaultEntryPoint).commence(this.request, null, null); verify(firstAEP, never()).commence(this.request, null, null); } @@ -79,9 +77,7 @@ public class DelegatingAuthenticationEntryPointTests { given(firstRM.matches(this.request)).willReturn(true); this.entryPoints.put(firstRM, firstAEP); this.entryPoints.put(secondRM, secondAEP); - this.daep.commence(this.request, null, null); - verify(firstAEP).commence(this.request, null, null); verify(secondAEP, never()).commence(this.request, null, null); verify(this.defaultEntryPoint, never()).commence(this.request, null, null); @@ -98,9 +94,7 @@ public class DelegatingAuthenticationEntryPointTests { given(secondRM.matches(this.request)).willReturn(true); this.entryPoints.put(firstRM, firstAEP); this.entryPoints.put(secondRM, secondAEP); - this.daep.commence(this.request, null, null); - verify(secondAEP).commence(this.request, null, null); verify(firstAEP, never()).commence(this.request, null, null); verify(this.defaultEntryPoint, never()).commence(this.request, null, null); diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java index e896523bb6..196028a094 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java @@ -79,10 +79,8 @@ public class DelegatingAuthenticationFailureHandlerTests { public void handleByDefaultHandler() throws Exception { this.handlers.put(BadCredentialsException.class, this.handler1); this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new AccountExpiredException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler1, this.handler2); verify(this.defaultHandler).onAuthenticationFailure(this.request, this.response, exception); } @@ -92,10 +90,8 @@ public class DelegatingAuthenticationFailureHandlerTests { this.handlers.put(BadCredentialsException.class, this.handler1); // same type this.handlers.put(AccountStatusException.class, this.handler2); this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new BadCredentialsException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler2, this.defaultHandler); verify(this.handler1).onAuthenticationFailure(this.request, this.response, exception); } @@ -106,43 +102,32 @@ public class DelegatingAuthenticationFailureHandlerTests { this.handlers.put(AccountStatusException.class, this.handler2); // super type of // CredentialsExpiredException this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - AuthenticationException exception = new CredentialsExpiredException(""); this.handler.onAuthenticationFailure(this.request, this.response, exception); - verifyZeroInteractions(this.handler1, this.defaultHandler); verify(this.handler2).onAuthenticationFailure(this.request, this.response, exception); } @Test public void handlersIsNull() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("handlers cannot be null or empty"); - new DelegatingAuthenticationFailureHandler(null, this.defaultHandler); - } @Test public void handlersIsEmpty() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("handlers cannot be null or empty"); - new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler); - } @Test public void defaultHandlerIsNull() { - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("defaultHandler cannot be null"); - this.handlers.put(BadCredentialsException.class, this.handler1); new DelegatingAuthenticationFailureHandler(this.handlers, null); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java index bbcc57781a..d1bd83afc0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java @@ -37,7 +37,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests { fh.setDefaultFailureUrl("/failed"); MockHttpServletResponse response = new MockHttpServletResponse(); fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException("")); - assertThat(response.getRedirectedUrl()).isEqualTo("/failed"); } @@ -50,7 +49,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests { fh.setDefaultFailureUrl("/failed"); MockHttpServletResponse response = new MockHttpServletResponse(); fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException("")); - assertThat(response.getRedirectedUrl()).isEqualTo("/badcreds"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java index 8102ea6e5f..7fa410ecbb 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java @@ -48,13 +48,10 @@ public class ForwardAuthenticaionSuccessHandlerTests { @Test public void responseIsForwarded() throws Exception { ForwardAuthenticationSuccessHandler fash = new ForwardAuthenticationSuccessHandler("/forwardUrl"); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = mock(Authentication.class); - fash.onAuthenticationSuccess(request, response, authentication); - assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java index 4701fe1ad5..343726228a 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java @@ -48,13 +48,10 @@ public class ForwardAuthenticationFailureHandlerTests { @Test public void responseIsForwarded() throws Exception { ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl"); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); AuthenticationException e = mock(AuthenticationException.class); - fafh.onAuthenticationFailure(request, response, e); - assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java index f3ec882629..150c4e1951 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java @@ -58,7 +58,6 @@ public class HttpStatusEntryPointTests { @Test public void unauthorized() throws Exception { this.entryPoint.commence(this.request, this.response, this.authException); - assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java index 0754b7803c..72d6942ac3 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java @@ -61,7 +61,6 @@ public class LoginUrlAuthenticationEntryPointTests { assertThat(ep.getLoginFormUrl()).isEqualTo("/hello"); assertThat(ep.getPortMapper() != null).isTrue(); assertThat(ep.getPortResolver() != null).isTrue(); - ep.setForceHttps(false); assertThat(ep.isForceHttps()).isFalse(); ep.setForceHttps(true); @@ -79,44 +78,36 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); - request.setServerPort(8080); response = new MockHttpServletResponse(); ep.setPortResolver(new MockPortResolver(8080, 8443)); ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello"); - // Now test an unusual custom HTTP:HTTPS is handled properly request.setServerPort(8888); response = new MockHttpServletResponse(); ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello"); - PortMapperImpl portMapper = new PortMapperImpl(); Map map = new HashMap<>(); map.put("8888", "9999"); portMapper.setPortMappings(map); response = new MockHttpServletResponse(); - ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(portMapper); ep.setPortResolver(new MockPortResolver(8888, 9999)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:9999/bigWebApp/hello"); } @@ -129,19 +120,15 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(443); - MockHttpServletResponse response = new MockHttpServletResponse(); - LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello"); ep.setPortMapper(new PortMapperImpl()); ep.setForceHttps(true); ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello"); - request.setServerPort(8443); response = new MockHttpServletResponse(); ep.setPortResolver(new MockPortResolver(8080, 8443)); @@ -155,7 +142,6 @@ public class LoginUrlAuthenticationEntryPointTests { ep.setPortMapper(new PortMapperImpl()); ep.setPortResolver(new MockPortResolver(80, 443)); ep.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); request.setContextPath("/bigWebApp"); @@ -163,9 +149,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("localhost"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello"); } @@ -176,7 +160,6 @@ public class LoginUrlAuthenticationEntryPointTests { ep.setPortResolver(new MockPortResolver(8888, 1234)); ep.setForceHttps(true); ep.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); request.setContextPath("/bigWebApp"); @@ -184,11 +167,8 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("localhost"); request.setContextPath("/bigWebApp"); request.setServerPort(8888); // NB: Port we can't resolve - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); - // Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port // mapping assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost:8888/bigWebApp/hello"); @@ -207,9 +187,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getForwardedUrl()).isEqualTo("/hello"); } @@ -228,9 +206,7 @@ public class LoginUrlAuthenticationEntryPointTests { request.setServerName("www.example.com"); request.setContextPath("/bigWebApp"); request.setServerPort(80); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.commence(request, response, null); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/some_path"); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java index b8e50844d9..61bfc56446 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java @@ -35,11 +35,9 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests { @Test public void defaultUrlMuststartWithSlashOrHttpScheme() { SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler(); - handler.setDefaultTargetUrl("/acceptableRelativeUrl"); handler.setDefaultTargetUrl("https://some.site.org/index.html"); handler.setDefaultTargetUrl("https://some.site.org/index.html"); - try { handler.setDefaultTargetUrl("missingSlash"); fail("Shouldn't accept default target without leading slash"); @@ -58,12 +56,10 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests { MockHttpServletResponse response = new MockHttpServletResponse(); given(savedRequest.getRedirectUrl()).willReturn(redirectUrl); given(requestCache.getRequest(request, response)).willReturn(savedRequest); - SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler(); handler.setRequestCache(requestCache); handler.setRedirectStrategy(redirectStrategy); handler.onAuthenticationSuccess(request, response, mock(Authentication.class)); - verify(redirectStrategy).sendRedirect(request, response, redirectUrl); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java index ad536450f6..732ecc0f41 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java @@ -40,7 +40,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests { assertThat(afh.getRedirectStrategy()).isSameAs(rs); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class)); assertThat(response.getStatus()).isEqualTo(401); } @@ -51,9 +50,7 @@ public class SimpleUrlAuthenticationFailureHandlerTests { afh.setDefaultFailureUrl("/target"); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - AuthenticationException e = mock(AuthenticationException.class); - afh.onAuthenticationFailure(request, response, e); assertThat(request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isSameAs(e); assertThat(response.getRedirectedUrl()).isEqualTo("/target"); @@ -66,7 +63,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests { assertThat(afh.isAllowSessionCreation()).isFalse(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class)); assertThat(request.getSession(false)).isNull(); } @@ -77,11 +73,9 @@ public class SimpleUrlAuthenticationFailureHandlerTests { SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target"); afh.setUseForward(true); assertThat(afh.isUseForward()).isTrue(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); AuthenticationException e = mock(AuthenticationException.class); - afh.onAuthenticationFailure(request, response, e); assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java index d4e54686d2..1088261612 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java @@ -34,12 +34,9 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { @Test public void defaultTargetUrlIsUsedIfNoOtherInformationSet() throws Exception { SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); - assertThat(response.getRedirectedUrl()).isEqualTo("/"); } @@ -50,7 +47,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); response.setCommitted(true); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isNull(); } @@ -64,10 +60,8 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setParameter("targetUrl", "/target"); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isEqualTo("/defaultTarget"); - // Try with parameter set ash.setTargetUrlParameter("targetUrl"); response = new MockHttpServletResponse(); @@ -82,7 +76,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { MockHttpServletResponse response = new MockHttpServletResponse(); ash.setUseReferer(true); request.addHeader("Referer", "https://www.springsource.com/"); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(response.getRedirectedUrl()).isEqualTo("https://www.springsource.com/"); } @@ -96,9 +89,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { ash.setDefaultTargetUrl("https://monkeymachine.co.uk/"); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); - assertThat(response.getRedirectedUrl()).isEqualTo("https://monkeymachine.co.uk/"); } @@ -113,14 +104,12 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { @Test public void setTargetUrlParameterEmptyTargetUrlParameter() { SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(); - try { ash.setTargetUrlParameter(""); fail("Expected Exception"); } catch (IllegalArgumentException success) { } - try { ash.setTargetUrlParameter(" "); fail("Expected Exception"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java index 157e42fb12..cfc5c35666 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java @@ -44,11 +44,9 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); // filter.init(null); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1"); @@ -59,10 +57,8 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "dokdo"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter( createAuthenticationManager()); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result).isNotNull(); } @@ -71,7 +67,6 @@ public class UsernamePasswordAuthenticationFilterTests { public void testNullPasswordHandledGracefully() { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull(); @@ -81,7 +76,6 @@ public class UsernamePasswordAuthenticationFilterTests { public void testNullUsernameHandledGracefully() { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull(); @@ -93,11 +87,9 @@ public class UsernamePasswordAuthenticationFilterTests { filter.setAuthenticationManager(createAuthenticationManager()); filter.setUsernameParameter("x"); filter.setPasswordParameter("y"); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter("x", "rod"); request.addParameter("y", "koala"); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result).isNotNull(); assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1"); @@ -108,10 +100,8 @@ public class UsernamePasswordAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod "); request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result.getName()).isEqualTo("rod"); } @@ -124,7 +114,6 @@ public class UsernamePasswordAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); filter.setAuthenticationManager(am); - try { filter.attemptAuthentication(request, new MockHttpServletResponse()); fail("Expected AuthenticationException"); @@ -140,13 +129,10 @@ public class UsernamePasswordAuthenticationFilterTests { public void noSessionIsCreatedIfAllowSessionCreationIsFalse() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("POST"); - UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAllowSessionCreation(false); filter.setAuthenticationManager(createAuthenticationManager()); - filter.attemptAuthentication(request, new MockHttpServletResponse()); - assertThat(request.getSession(false)).isNull(); } @@ -154,7 +140,6 @@ public class UsernamePasswordAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java index 5db6228a6d..422311985a 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java @@ -59,11 +59,8 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersSuccessfullyWithArray() { LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class); LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class); - LogoutHandler handler = new CompositeLogoutHandler(securityContextLogoutHandler, csrfLogoutHandler); - handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); - verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), @@ -74,12 +71,9 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersSuccessfully() { LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class); LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class); - List logoutHandlers = Arrays.asList(securityContextLogoutHandler, csrfLogoutHandler); LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers); - handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); - verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), @@ -90,22 +84,17 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersThrowException() { LogoutHandler firstLogoutHandler = mock(LogoutHandler.class); LogoutHandler secondLogoutHandler = mock(LogoutHandler.class); - willThrow(new IllegalArgumentException()).given(firstLogoutHandler).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); - List logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler); LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers); - try { handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class)); fail("Expected Exception"); } catch (IllegalArgumentException success) { } - InOrder logoutHandlersInOrder = inOrder(firstLogoutHandler, secondLogoutHandler); - logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class), diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java index 288edf36de..82e547d356 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java @@ -81,9 +81,7 @@ public class DelegatingLogoutSuccessHandlerTests { public void onLogoutSuccessFirstMatches() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); given(this.matcher.matches(this.request)).willReturn(true); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.handler).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.matcher2, this.handler2, this.defaultHandler); } @@ -92,9 +90,7 @@ public class DelegatingLogoutSuccessHandlerTests { public void onLogoutSuccessSecondMatches() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); given(this.matcher2.matches(this.request)).willReturn(true); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.handler2).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.handler, this.defaultHandler); } @@ -102,18 +98,14 @@ public class DelegatingLogoutSuccessHandlerTests { @Test public void onLogoutSuccessDefault() throws Exception { this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler); - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verify(this.defaultHandler).onLogoutSuccess(this.request, this.response, this.authentication); verifyZeroInteractions(this.handler, this.handler2); } @Test public void onLogoutSuccessNoMatchDefaultNull() throws Exception { - this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication); - verifyZeroInteractions(this.handler, this.handler2, this.defaultHandler); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java index d4a95a3b71..4dfc0d8c73 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java @@ -40,20 +40,16 @@ public class ForwardLogoutSuccessHandlerTests { @Test public void invalidTargetUrl() { String targetUrl = "not.valid"; - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); - new ForwardLogoutSuccessHandler(targetUrl); } @Test public void emptyTargetUrl() { String targetUrl = " "; - this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); - new ForwardLogoutSuccessHandler(targetUrl); } @@ -61,13 +57,10 @@ public class ForwardLogoutSuccessHandlerTests { public void logoutSuccessIsHandled() throws Exception { String targetUrl = "/login?logout"; ForwardLogoutSuccessHandler handler = new ForwardLogoutSuccessHandler(targetUrl); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = mock(Authentication.class); - handler.onLogoutSuccess(request, response, authentication); - assertThat(response.getForwardedUrl()).isEqualTo(targetUrl); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java index 716c164db1..da1211f284 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java @@ -53,7 +53,6 @@ public class HeaderWriterLogoutHandlerTests { public void constructorWhenHeaderWriterIsNullThenThrowsException() { this.thrown.expect(IllegalArgumentException.class); this.thrown.expectMessage("headerWriter cannot be null"); - new HeaderWriterLogoutHandler(null); } @@ -62,7 +61,6 @@ public class HeaderWriterLogoutHandlerTests { HeaderWriter headerWriter = mock(HeaderWriter.class); HeaderWriterLogoutHandler handler = new HeaderWriterLogoutHandler(headerWriter); handler.logout(this.request, this.response, mock(Authentication.class)); - verify(headerWriter).writeHeaders(this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java index d4e399c6b7..2065a83fed 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java @@ -35,12 +35,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { @Test public void testDefaultHttpStatusBeingReturned() throws Exception { final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler(); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - lsh.onLogoutSuccess(request, response, mock(Authentication.class)); - assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); assertThat(response.getForwardedUrl()).isNull(); @@ -51,12 +48,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { public void testCustomHttpStatusBeingReturned() throws Exception { final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler( HttpStatus.NO_CONTENT); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - lsh.onLogoutSuccess(request, response, mock(Authentication.class)); - assertThat(request.getSession(false)).isNull(); assertThat(response.getRedirectedUrl()).isNull(); assertThat(response.getForwardedUrl()).isNull(); @@ -65,7 +59,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { @Test public void testThatSettNullHttpStatusThrowsException() { - try { new HttpStatusReturningLogoutSuccessHandler(null); } @@ -73,7 +66,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { assertThat(ex).hasMessage("The provided HttpStatus must not be null."); return; } - fail("Expected an IllegalArgumentException to be thrown."); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java index cc0067351f..814b009fff 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java @@ -41,11 +41,9 @@ public class LogoutHandlerTests { public void testRequiresLogoutUrlWorksWithPathParams() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setRequestURI("/context/logout;someparam=blah?param=blah"); request.setServletPath("/logout;someparam=blah"); request.setQueryString("otherparam=blah"); - DefaultHttpFirewall fw = new DefaultHttpFirewall(); assertThat(this.filter.requiresLogout(fw.getFirewalledRequest(request), response)).isTrue(); } @@ -55,11 +53,9 @@ public class LogoutHandlerTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setServletPath("/logout"); request.setRequestURI("/context/logout?param=blah"); request.setQueryString("otherparam=blah"); - assertThat(this.filter.requiresLogout(request, response)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java index 31c2b4372d..69ecf1ccf6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java @@ -37,9 +37,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests { LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler(); LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher(); handler.setApplicationEventPublisher(eventPublisher); - handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(Authentication.class)); - assertThat(eventPublisher.flag).isTrue(); } @@ -48,9 +46,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests { LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler(); LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher(); handler.setApplicationEventPublisher(eventPublisher); - handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), null); - assertThat(eventPublisher.flag).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java index 34b73a69bf..c5a0024de5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java @@ -46,9 +46,7 @@ public class SecurityContextLogoutHandlerTests { public void setUp() { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.handler = new SecurityContextLogoutHandler(); - SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication( new TestingAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); @@ -74,7 +72,6 @@ public class SecurityContextLogoutHandlerTests { SecurityContext beforeContext = SecurityContextHolder.getContext(); Authentication beforeAuthentication = beforeContext.getAuthentication(); this.handler.logout(this.request, this.response, SecurityContextHolder.getContext().getAuthentication()); - assertThat(beforeContext.getAuthentication()).isNotNull(); assertThat(beforeContext.getAuthentication()).isSameAs(beforeAuthentication); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java index ec318a9f33..d305e844e5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java @@ -144,9 +144,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.principal = null; filter.setCheckForPrincipalChanges(true); - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -156,9 +154,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { SecurityContextHolder.getContext().setAuthentication(authentication); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.principal = null; - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(authentication); } @@ -170,16 +166,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = principal; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -192,16 +185,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = "newUser"; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -214,7 +204,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setAuthenticationSuccessHandler(new ForwardAuthenticationSuccessHandler("/forwardUrl")); filter.setCheckForPrincipalChanges(true); @@ -222,9 +211,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); } @@ -234,7 +221,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler("/forwardUrl")); filter.setCheckForPrincipalChanges(true); @@ -243,9 +229,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { .willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid")); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isNotNull(); @@ -260,16 +244,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = principal; AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -282,7 +263,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = new User(currentPrincipal.getUsername(), currentPrincipal.getPassword(), @@ -290,9 +270,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -305,16 +283,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setCheckForPrincipalChanges(true); filter.principal = new Object(); AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -326,7 +301,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() { @Override protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) { @@ -338,9 +312,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); } @@ -352,7 +324,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() { @Override protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) { @@ -364,9 +335,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -375,16 +344,12 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/no-matching")); - AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verifyZeroInteractions(am); } @@ -393,18 +358,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); - ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/**")); - AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); - filter.doFilter(request, response, chain); - verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class)); - } private void testDoFilter(boolean grantAccess) throws Exception { @@ -417,7 +377,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); AuthenticationManager am = mock(AuthenticationManager.class); - if (!grantAccess) { given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); } @@ -425,7 +384,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests { given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); } - filter.setAuthenticationManager(am); filter.afterPropertiesSet(); return filter; diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java index cac4b9c717..19d682a852 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java @@ -37,7 +37,6 @@ public class PreAuthenticatedAuthenticationProviderTests { @Test(expected = IllegalArgumentException.class) public final void afterPropertiesSet() { PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); - provider.afterPropertiesSet(); } @@ -120,7 +119,6 @@ public class PreAuthenticatedAuthenticationProviderTests { if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) { return aUserDetails; } - throw new UsernameNotFoundException("notfound"); }; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java index ae98ada53d..36089ccd66 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java @@ -68,12 +68,10 @@ public class PreAuthenticatedAuthenticationTokenTests { assertThat(token.getDetails()).isNull(); assertThat(token.getAuthorities()).isNotNull(); Collection resultColl = token.getAuthorities(); - assertThat( - - gas.containsAll(resultColl) && resultColl.containsAll(gas)).withFailMessage( + assertThat(gas.containsAll(resultColl) && resultColl.containsAll(gas)) + .withFailMessage( "GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas) - .isTrue(); - + .isTrue(); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java index 0faaa7393e..6f66962c71 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java @@ -71,11 +71,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests { assertThat(ud.isCredentialsNonExpired()).isTrue(); assertThat(ud.isEnabled()).isTrue(); assertThat(userName).isEqualTo(ud.getUsername()); - // Password is not saved by // PreAuthenticatedGrantedAuthoritiesUserDetailsService // assertThat(password).isEqualTo(ud.getPassword()); - assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)).withFailMessage( "GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas) .isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java index d5e8c7778f..be8e7da266 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java @@ -50,7 +50,6 @@ public class RequestAttributeAuthenticationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); - filter.doFilter(request, response, chain); } @@ -62,7 +61,6 @@ public class RequestAttributeAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat"); @@ -78,7 +76,6 @@ public class RequestAttributeAuthenticationFilterTests { RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); filter.setPrincipalEnvironmentVariable("myUsernameVariable"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman"); @@ -94,7 +91,6 @@ public class RequestAttributeAuthenticationFilterTests { filter.setCredentialsEnvironmentVariable("myCredentialsVariable"); request.setAttribute("REMOTE_USER", "cat"); request.setAttribute("myCredentialsVariable", "catspassword"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword"); @@ -130,7 +126,6 @@ public class RequestAttributeAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); } @@ -152,7 +147,6 @@ public class RequestAttributeAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java index feff5b00fb..9742f2675b 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java @@ -52,7 +52,6 @@ public class RequestHeaderAuthenticationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); - filter.doFilter(request, response, chain); } @@ -64,7 +63,6 @@ public class RequestHeaderAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat"); @@ -80,7 +78,6 @@ public class RequestHeaderAuthenticationFilterTests { RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); filter.setPrincipalRequestHeader("myUsernameHeader"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman"); @@ -96,7 +93,6 @@ public class RequestHeaderAuthenticationFilterTests { filter.setCredentialsRequestHeader("myCredentialsHeader"); request.addHeader("SM_USER", "cat"); request.addHeader("myCredentialsHeader", "catspassword"); - filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword"); @@ -131,7 +127,6 @@ public class RequestHeaderAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); - filter.doFilter(request, response, chain); } @@ -153,7 +148,6 @@ public class RequestHeaderAuthenticationFilterTests { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java index 13cab85518..694827cc1e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java @@ -125,7 +125,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { List gas = details.getGrantedAuthorities(); assertThat(gas).as("Granted authorities should not be null").isNotNull(); assertThat(gas).hasSize(expectedRoles.length); - Collection expectedRolesColl = Arrays.asList(expectedRoles); Collection gasRolesSet = new HashSet<>(); for (GrantedAuthority grantedAuthority : gas) { @@ -140,7 +139,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles)); result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper()); - try { result.afterPropertiesSet(); } @@ -167,7 +165,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { private HttpServletRequest getRequest(final String userName, final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet<>(Arrays.asList(aRoles)); @Override diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java index e5e5fd9343..fcc462dfb8 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java @@ -49,7 +49,6 @@ public class J2eePreAuthenticatedProcessingFilterTests { private HttpServletRequest getRequest(final String aUserName, final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet<>(Arrays.asList(aRoles)); @Override diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java index fc2dd00f04..55c8b8fab4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java @@ -35,7 +35,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests { List ROLE1TO4_EXPECTED_ROLES = Arrays.asList("Role1", "Role2", "Role3", "Role4"); final Resource webXml = new ClassPathResource("webxml/Role1-4.web.xml"); WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever(); - rolesRetriever.setResourceLoader(new ResourceLoader() { @Override public ClassLoader getClassLoader() { @@ -47,7 +46,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests { return webXml; } }); - rolesRetriever.afterPropertiesSet(); Set j2eeRoles = rolesRetriever.getMappableAttributes(); assertThat(j2eeRoles).containsAll(ROLE1TO4_EXPECTED_ROLES); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java index 54a3ade07f..87b2e2e7bb 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java @@ -52,17 +52,14 @@ public class WebSpherePreAuthenticatedProcessingFilterTests { WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(helper); assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo("jerry"); assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A"); - AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); - filter.setAuthenticationManager(am); WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource( helper); ads.setWebSphereGroups2GrantedAuthoritiesMapper(new SimpleAttributes2GrantedAuthoritiesMapper()); filter.setAuthenticationDetailsSource(ads); - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java index f290fc34a6..3c9c844424 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java @@ -94,10 +94,8 @@ public final class X509TestUtils { + "lcKwXuDRBWciODK/xWhvQbaegGJ1BtXcEHtvNjrUJLwSMDSr+U5oUYdMohG0h1iJ\n" + "R+JQc49I33o2cTc77wfEWLtVdXAyYY4GSJR6VfgvV40x85ItaNS3HHfT/aXU1x4m\n" + "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n" + "-----END CERTIFICATE-----"; - ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); - return (X509Certificate) cf.generateCertificate(in); } @@ -134,7 +132,6 @@ public final class X509TestUtils { + "-----END CERTIFICATE-----\n"; ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); - return (X509Certificate) cf.generateCertificate(in); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java index 2556a59e57..91607d8d6d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java @@ -90,12 +90,10 @@ public class AbstractRememberMeServicesTests { public void cookieShouldBeCorrectlyEncodedAndDecoded() { String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" }; MockRememberMeServices services = new MockRememberMeServices(this.uds); - String encoded = services.encodeCookie(cookie); // '=' aren't allowed in version 0 cookies. assertThat(encoded).doesNotEndWith("="); String[] decoded = services.decodeCookie(encoded); - assertThat(decoded).containsExactly("name:with:colon", "cookie", "tokens", "blah"); } @@ -103,11 +101,9 @@ public class AbstractRememberMeServicesTests { public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() { String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens", "blah" }; MockRememberMeServices services = new MockRememberMeServices(this.uds); - String[] decoded = services.decodeCookie(services.encodeCookie(cookie)); assertThat(decoded).hasSize(4); assertThat(decoded[0]).isEqualTo("https://id.openid.zz"); - // Check https (SEC-1410) cookie[0] = "https://id.openid.zz"; decoded = services.decodeCookie(services.encodeCookie(cookie)); @@ -120,12 +116,9 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(services.autoLogin(request, response)).isNull(); - // shouldn't try to invalidate our cookie assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull(); - request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); // set non-login cookie @@ -139,14 +132,10 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.afterPropertiesSet(); assertThat(services.getUserDetailsService()).isNotNull(); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNotNull(); } @@ -155,7 +144,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ")); Authentication result = services.autoLogin(request, response); assertThat(result).isNull(); @@ -167,7 +155,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "")); Authentication result = services.autoLogin(request, response); assertThat(result).isNull(); @@ -177,16 +164,12 @@ public class AbstractRememberMeServicesTests { @Test public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() { MockRememberMeServices services = new MockRememberMeServices(new MockUserDetailsService(joe, true)); - MockHttpServletRequest request = new MockHttpServletRequest(); // Wrong number of tokens request.setCookies(createLoginCookie("cookie:1")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -194,15 +177,11 @@ public class AbstractRememberMeServicesTests { public void autoLoginShouldFailIfUserNotFound() { this.uds.setThrowException(true); MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -211,15 +190,11 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setUserDetailsChecker(new AccountStatusUserDetailsChecker()); this.uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities()); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = services.autoLogin(request, response); - assertThat(result).isNull(); - assertCookieCancelled(response); } @@ -227,14 +202,11 @@ public class AbstractRememberMeServicesTests { public void loginFailShouldCancelCookie() { this.uds.setThrowException(true); MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.loginFail(request, response); - assertCookieCancelled(response); } @@ -242,20 +214,15 @@ public class AbstractRememberMeServicesTests { public void logoutShouldCancelCookie() { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); } @@ -265,20 +232,15 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); services.setUseSecureCookie(true); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); assertThat(returnedCookie.getSecure()).isEqualTo(true); @@ -288,21 +250,16 @@ public class AbstractRememberMeServicesTests { public void cancelledCookieShouldUseRequestIsSecure() { MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookieDomain("spring.io"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setContextPath("contextpath"); request.setCookies(createLoginCookie("cookie:1:2")); request.setSecure(true); MockHttpServletResponse response = new MockHttpServletResponse(); - services.logout(request, response, Mockito.mock(Authentication.class)); // Try again with null Authentication response = new MockHttpServletResponse(); - services.logout(request, response, null); - assertCookieCancelled(response); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie.getDomain()).isEqualTo("spring.io"); assertThat(returnedCookie.getSecure()).isEqualTo(true); @@ -311,53 +268,43 @@ public class AbstractRememberMeServicesTests { @Test(expected = CookieTheftException.class) public void cookieTheftExceptionShouldBeRethrown() { MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) { throw new CookieTheftException("Pretending cookie was stolen"); } }; - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setCookies(createLoginCookie("cookie:1:2")); MockHttpServletResponse response = new MockHttpServletResponse(); - services.autoLogin(request, response); } @Test public void loginSuccessCallsOnLoginSuccessCorrectly() { MockRememberMeServices services = new MockRememberMeServices(this.uds); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication auth = new UsernamePasswordAuthenticationToken("joe", "password"); - // No parameter set services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isFalse(); - // Parameter set to true services = new MockRememberMeServices(this.uds); request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isTrue(); - // Different parameter name, set to true services = new MockRememberMeServices(this.uds); services.setParameter("my_parameter"); request.setParameter("my_parameter", "true"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isTrue(); - // Parameter set to false services = new MockRememberMeServices(this.uds); request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false"); services.loginSuccess(request, response, auth); assertThat(services.loginSuccessCalled).isFalse(); - // alwaysRemember set to true services = new MockRememberMeServices(this.uds); services.setAlwaysRemember(true); @@ -371,7 +318,6 @@ public class AbstractRememberMeServicesTests { MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected String encodeCookie(String[] cookieTokens) { return cookieTokens[0]; @@ -380,7 +326,6 @@ public class AbstractRememberMeServicesTests { services.setCookieName("mycookiename"); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie("mycookiename"); - assertThat(cookie).isNotNull(); assertThat(cookie.getValue()).isEqualTo("mycookie"); assertThat(cookie.getName()).isEqualTo("mycookiename"); @@ -393,9 +338,7 @@ public class AbstractRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); - MockRememberMeServices services = new MockRememberMeServices(this.uds) { - @Override protected String encodeCookie(String[] cookieTokens) { return cookieTokens[0]; @@ -412,7 +355,6 @@ public class AbstractRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setContextPath("contextpath"); - MockRememberMeServices services = new MockRememberMeServices(this.uds); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); @@ -425,9 +367,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, 0, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isEqualTo(1); } @@ -438,9 +378,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, -1, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isEqualTo(1); } @@ -451,9 +389,7 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookie(new String[] { "value" }, 1, request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie.getVersion()).isZero(); } @@ -463,12 +399,10 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - services.setCookieName("mycookiename"); services.setCookieDomain("spring.io"); services.setCookie(new String[] { "mycookie" }, 1000, request, response); Cookie cookie = response.getCookie("mycookiename"); - assertThat(cookie).isNotNull(); assertThat(cookie.getDomain()).isEqualTo("spring.io"); } @@ -477,7 +411,6 @@ public class AbstractRememberMeServicesTests { MockRememberMeServices services = new MockRememberMeServices(this.uds); Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":"))); - return new Cookie[] { cookie }; } @@ -515,9 +448,7 @@ public class AbstractRememberMeServicesTests { if (cookieTokens.length != 3) { throw new InvalidCookieException("deliberate exception"); } - UserDetails user = getUserDetailsService().loadUserByUsername("joe"); - return user; } @@ -543,7 +474,6 @@ public class AbstractRememberMeServicesTests { if (this.throwException) { throw new UsernameNotFoundException("as requested by mock"); } - return this.toReturn; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java index 6aaa1617cb..97546514d0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java @@ -94,9 +94,7 @@ public class JdbcTokenRepositoryImplTests { Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis()); PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser", "joesseries", "atoken", currentDate); this.repo.createNewToken(token); - Map results = this.template.queryForMap("select * from persistent_logins"); - assertThat(results.get("last_used")).isEqualTo(currentDate); assertThat(results.get("username")).isEqualTo("joeuser"); assertThat(results.get("series")).isEqualTo("joesseries"); @@ -105,11 +103,9 @@ public class JdbcTokenRepositoryImplTests { @Test public void retrievingTokenReturnsCorrectData() { - this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); PersistentRememberMeToken token = this.repo.getTokenForSeries("joesseries"); - assertThat(token.getUsername()).isEqualTo("joeuser"); assertThat(token.getSeries()).isEqualTo("joesseries"); assertThat(token.getTokenValue()).isEqualTo("atoken"); @@ -122,11 +118,9 @@ public class JdbcTokenRepositoryImplTests { + "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')"); this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); - // List results = // template.queryForList("select * from persistent_logins where series = // 'joesseries'"); - assertThat(this.repo.getTokenForSeries("joesseries")).isNull(); } @@ -146,16 +140,12 @@ public class JdbcTokenRepositoryImplTests { + "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')"); this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')"); - // List results = // template.queryForList("select * from persistent_logins where series = // 'joesseries'"); - this.repo.removeUserTokens("joeuser"); - List> results = this.template .queryForList("select * from persistent_logins where username = 'joeuser'"); - assertThat(results).isEmpty(); } @@ -165,10 +155,8 @@ public class JdbcTokenRepositoryImplTests { this.template.execute("insert into persistent_logins (series, username, token, last_used) values " + "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')"); this.repo.updateToken("joesseries", "newtoken", new Date()); - Map results = this.template .queryForMap("select * from persistent_logins where series = 'joesseries'"); - assertThat(results.get("username")).isEqualTo("joeuser"); assertThat(results.get("series")).isEqualTo("joesseries"); assertThat(results.get("token")).isEqualTo("newtoken"); @@ -183,7 +171,6 @@ public class JdbcTokenRepositoryImplTests { this.repo.setDataSource(dataSource); this.repo.setCreateTableOnStartup(true); this.repo.initDao(); - this.template.queryForList("select username,series,token,last_used from persistent_logins"); } @@ -194,9 +181,7 @@ public class JdbcTokenRepositoryImplTests { Date lastUsed = new Date(1424841314059L); JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl(); repository.setJdbcTemplate(template); - repository.updateToken("series", "token", lastUsed); - verify(template).update(anyString(), anyString(), eq(lastUsed), anyString()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java index 2ad5f33561..aa73bc10e6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java @@ -35,7 +35,6 @@ public class NullRememberMeServicesTests { assertThat(services.autoLogin(null, null)).isNull(); services.loginFail(null, null); services.loginSuccess(null, null, null); - } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java index 6d0bbd2371..d9796b9089 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java @@ -69,7 +69,6 @@ public class PersistentTokenBasedRememberMeServicesTests { this.services = create(new PersistentRememberMeToken("joe", "series", "token", new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100))); this.services.setTokenValiditySeconds(1); - this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(), new MockHttpServletResponse()); } @@ -107,9 +106,7 @@ public class PersistentTokenBasedRememberMeServicesTests { new UsernamePasswordAuthenticationToken("joe", "password")); assertThat(this.repo.getStoredToken().getSeries().length()).isEqualTo(16); assertThat(this.repo.getStoredToken().getTokenValue().length()).isEqualTo(16); - String[] cookie = this.services.decodeCookie(response.getCookie("mycookiename").getValue()); - assertThat(cookie[0]).isEqualTo(this.repo.getStoredToken().getSeries()); assertThat(cookie[1]).isEqualTo(this.repo.getStoredToken().getTokenValue()); } @@ -125,7 +122,6 @@ public class PersistentTokenBasedRememberMeServicesTests { Cookie returnedCookie = response.getCookie("mycookiename"); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); - // SEC-1280 this.services.logout(request, response, null); } @@ -135,7 +131,6 @@ public class PersistentTokenBasedRememberMeServicesTests { PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false), this.repo); - services.setCookieName("mycookiename"); return services; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java index 595a5c8353..124ff6ecba 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java @@ -78,18 +78,15 @@ public class RememberMeAuthenticationFilterTests { // Put an Authentication object into the SecurityContextHolder Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A"); SecurityContextHolder.getContext().setAuthentication(originalAuth); - // Setup our filter correctly RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), new MockRememberMeServices(this.remembered)); filter.afterPropertiesSet(); - // Test MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - // Ensure filter didn't change our original object assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -99,16 +96,13 @@ public class RememberMeAuthenticationFilterTests { public void testOperationWhenNoAuthenticationInContextHolder() throws Exception { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(this.remembered)).willReturn(this.remembered); - RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(this.remembered)); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - // Ensure filter setup with our remembered authentication object assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.remembered); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -119,7 +113,6 @@ public class RememberMeAuthenticationFilterTests { final Authentication failedAuth = new TestingAuthenticationToken("failed", ""); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); - RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(this.remembered)) { @Override @@ -131,12 +124,10 @@ public class RememberMeAuthenticationFilterTests { }; filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class)); filter.afterPropertiesSet(); - MockHttpServletRequest request = new MockHttpServletRequest(); FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, new MockHttpServletResponse(), fc); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(failedAuth); verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -153,9 +144,7 @@ public class RememberMeAuthenticationFilterTests { FilterChain fc = mock(FilterChain.class); request.setRequestURI("x"); filter.doFilter(request, response, fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/target"); - // Should return after success handler is invoked, so chain should not proceed verifyZeroInteractions(fc); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java index 516dba5a08..d6b32b0ae4 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java @@ -78,7 +78,6 @@ public class TokenBasedRememberMeServicesTests { private long determineExpiryTimeFromBased64EncodedToken(String validToken) { String cookieAsPlainText = new String(Base64.decodeBase64(validToken.getBytes())); String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, ":"); - if (cookieTokens.length == 3) { try { return Long.parseLong(cookieTokens[1]); @@ -86,7 +85,6 @@ public class TokenBasedRememberMeServicesTests { catch (NumberFormatException ignored) { } } - return -1; } @@ -96,14 +94,12 @@ public class TokenBasedRememberMeServicesTests { // password + ":" + key) String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key); String tokenValue = username + ":" + expiryTime + ":" + signatureValue; - return new String(Base64.encodeBase64(tokenValue.getBytes())); } @Test public void autoLoginReturnsNullIfNoCookiePresented() { MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(new MockHttpServletRequest(), response); assertThat(result).isNull(); // No cookie set @@ -116,9 +112,7 @@ public class TokenBasedRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(request, response); - assertThat(result).isNull(); assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull(); } @@ -130,9 +124,7 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); @@ -145,10 +137,8 @@ public class TokenBasedRememberMeServicesTests { new String(Base64.encodeBase64("x".getBytes()))); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -160,10 +150,8 @@ public class TokenBasedRememberMeServicesTests { "NOT_BASE_64_ENCODED"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -177,11 +165,8 @@ public class TokenBasedRememberMeServicesTests { "WRONG_KEY")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -193,10 +178,8 @@ public class TokenBasedRememberMeServicesTests { new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes()))); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -210,11 +193,8 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - assertThat(this.services.autoLogin(request, response)).isNull(); - Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(returnedCookie).isNotNull(); assertThat(returnedCookie.getMaxAge()).isZero(); @@ -228,9 +208,7 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - this.services.autoLogin(request, response); } @@ -242,11 +220,8 @@ public class TokenBasedRememberMeServicesTests { "key")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setCookies(cookie); - MockHttpServletResponse response = new MockHttpServletResponse(); - Authentication result = this.services.autoLogin(request, response); - assertThat(result).isNotNull(); assertThat(result.getPrincipal()).isEqualTo(this.user); } @@ -254,13 +229,10 @@ public class TokenBasedRememberMeServicesTests { @Test public void testGettersSetters() { assertThat(this.services.getUserDetailsService()).isEqualTo(this.uds); - assertThat(this.services.getKey()).isEqualTo("key"); - assertThat(this.services.getParameter()).isEqualTo(AbstractRememberMeServices.DEFAULT_PARAMETER); this.services.setParameter("some_param"); assertThat(this.services.getParameter()).isEqualTo("some_param"); - this.services.setTokenValiditySeconds(12); assertThat(this.services.getTokenValiditySeconds()).isEqualTo(12); } @@ -270,7 +242,6 @@ public class TokenBasedRememberMeServicesTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginFail(request, response); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isZero(); @@ -282,10 +253,8 @@ public class TokenBasedRememberMeServicesTests { new AbstractRememberMeServicesTests.MockUserDetailsService(null, false)); MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false"); - MockHttpServletResponse response = new MockHttpServletResponse(); services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNull(); } @@ -296,11 +265,9 @@ public class TokenBasedRememberMeServicesTests { this.services.setTokenValiditySeconds(500000000); MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); String expiryTime = this.services.decodeCookie(cookie.getValue())[1]; long expectedExpiryTime = 1000L * 500000000; @@ -316,11 +283,9 @@ public class TokenBasedRememberMeServicesTests { public void loginSuccessNormalWithUserDetailsBasedPrincipalSetsExpectedCookie() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds()); @@ -340,12 +305,10 @@ public class TokenBasedRememberMeServicesTests { public void negativeValidityPeriodIsSetOnCookieButExpiryTimeRemainsAtTwoWeeks() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true"); - MockHttpServletResponse response = new MockHttpServletResponse(); this.services.setTokenValiditySeconds(-1); this.services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC")); - Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertThat(cookie).isNotNull(); // Check the expiry time is within 50ms of two weeks from current time diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java index 087c6bc578..5c75c28c8e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java @@ -76,7 +76,6 @@ public class CompositeSessionAuthenticationStrategyTests { CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy( Arrays.asList(this.strategy1, this.strategy2)); strategy.onAuthentication(this.authentication, this.request, this.response); - verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response); verify(this.strategy2).onAuthentication(this.authentication, this.request, this.response); } @@ -85,17 +84,14 @@ public class CompositeSessionAuthenticationStrategyTests { public void delegateShortCircuits() { willThrow(new SessionAuthenticationException("oops")).given(this.strategy1) .onAuthentication(this.authentication, this.request, this.response); - CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy( Arrays.asList(this.strategy1, this.strategy2)); - try { strategy.onAuthentication(this.authentication, this.request, this.response); fail("Expected Exception"); } catch (SessionAuthenticationException success) { } - verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response); verify(this.strategy2, times(0)).onAuthentication(this.authentication, this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java index 0f10d0e19c..7e69cbfd5d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java @@ -67,7 +67,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { this.response = new MockHttpServletResponse(); this.sessionInformation = new SessionInformation(this.authentication.getPrincipal(), "unique", new Date(1374766134216L)); - this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry); } @@ -82,9 +81,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.emptyList()); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - // no exception } @@ -96,9 +93,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - // no exception } @@ -108,7 +103,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); - this.strategy.onAuthentication(this.authentication, this.request, this.response); } @@ -117,9 +111,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(this.sessionInformation.isExpired()).isTrue(); } @@ -130,9 +122,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) .willReturn(Arrays.asList(moreRecentSessionInfo, this.sessionInformation)); this.strategy.setMaximumSessions(2); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(this.sessionInformation.isExpired()).isTrue(); } @@ -145,9 +135,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())).willReturn( Arrays.asList(oldestSessionInfo, secondOldestSessionInfo, this.sessionInformation)); this.strategy.setMaximumSessions(2); - this.strategy.onAuthentication(this.authentication, this.request, this.response); - assertThat(oldestSessionInfo.isExpired()).isTrue(); assertThat(secondOldestSessionInfo.isExpired()).isTrue(); assertThat(this.sessionInformation.isExpired()).isFalse(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java index 668b651805..34d88f80ae 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java @@ -64,7 +64,6 @@ public class RegisterSessionAuthenticationStrategyTests { @Test public void onAuthenticationRegistersSession() { this.authenticationStrategy.onAuthentication(this.authentication, this.request, this.response); - verify(this.registry).registerNewSession(this.request.getSession().getId(), this.authentication.getPrincipal()); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java index 71401bf5ad..55a43482a9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java @@ -84,30 +84,24 @@ public class SwitchUserFilterTests { request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("POST"); - return request; } private Authentication switchToUser(String name) { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter("myUsernameParameter", name); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUsernameParameter("myUsernameParameter"); filter.setUserDetailsService(new MockUserDetailsService()); - return filter.attemptSwitchUser(request); - } private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchAuthorityRole(switchAuthorityRole); - return filter.attemptSwitchUser(request); } @@ -115,10 +109,8 @@ public class SwitchUserFilterTests { public void requiresExitUserMatchesCorrectly() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isTrue(); } @@ -127,10 +119,8 @@ public class SwitchUserFilterTests { public void requiresExitUserWhenEndsWithThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isFalse(); } @@ -138,13 +128,11 @@ public class SwitchUserFilterTests { // gh-4183 public void requiresExitUserWhenGetThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("GET"); - assertThat(filter.requiresExitUser(request)).isFalse(); } @@ -152,10 +140,8 @@ public class SwitchUserFilterTests { public void requiresExitUserWhenMatcherThenWorks() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setExitUserMatcher(AnyRequestMatcher.INSTANCE); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresExitUser(request)).isTrue(); } @@ -163,10 +149,8 @@ public class SwitchUserFilterTests { public void requiresSwitchMatchesCorrectly() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/j_spring_security_my_switch_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/j_spring_security_my_switch_user"); - assertThat(filter.requiresSwitchUser(request)).isTrue(); } @@ -175,10 +159,8 @@ public class SwitchUserFilterTests { public void requiresSwitchUserWhenEndsWithThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/j_spring_security_my_exit_user"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresSwitchUser(request)).isFalse(); } @@ -186,13 +168,11 @@ public class SwitchUserFilterTests { // gh-4183 public void requiresSwitchUserWhenGetThenDoesNotMatch() { SwitchUserFilter filter = new SwitchUserFilter(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setRequestURI("/login/impersonate"); request.setMethod("GET"); - assertThat(filter.requiresSwitchUser(request)).isFalse(); } @@ -200,19 +180,15 @@ public class SwitchUserFilterTests { public void requiresSwitchUserWhenMatcherThenWorks() { SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserMatcher(AnyRequestMatcher.INSTANCE); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/foo/bar/j_spring_security_my_exit_user"); - assertThat(filter.requiresSwitchUser(request)).isTrue(); } @Test(expected = UsernameNotFoundException.class) public void attemptSwitchToUnknownUserFails() { - MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.attemptSwitchUser(request); @@ -253,14 +229,11 @@ public class SwitchUserFilterTests { filter.setTargetUrl("/target"); filter.setUserDetailsService(new MockUserDetailsService()); filter.afterPropertiesSet(); - // Check it with no url set (should get a text response) FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - assertThat(response.getErrorMessage()).isNotNull(); - // Now check for the redirect request.setContextPath("/mywebapp"); request.setRequestURI("/mywebapp/login/impersonate"); @@ -270,11 +243,9 @@ public class SwitchUserFilterTests { filter.setSwitchFailureUrl("/switchfailed"); filter.afterPropertiesSet(); response = new MockHttpServletResponse(); - chain = mock(FilterChain.class); filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/mywebapp/switchfailed"); assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed"); } @@ -303,7 +274,6 @@ public class SwitchUserFilterTests { request.setContextPath("/webapp"); SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); - request.setRequestURI("/webapp/login/impersonate;jsessionid=8JHDUD723J8"); assertThat(filter.requiresSwitchUser(request)).isTrue(); } @@ -313,32 +283,25 @@ public class SwitchUserFilterTests { // original user UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50", ROLES_12); - // set current user (Admin) List adminAuths = new ArrayList<>(); adminAuths.addAll(ROLES_12); adminAuths.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source)); UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50", adminAuths); - SecurityContextHolder.getContext().setAuthentication(admin); - MockHttpServletRequest request = createMockSwitchRequest(); request.setRequestURI("/logout/impersonate"); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setExitUserUrl("/logout/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl")); - // run 'exit' FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - // check current user, should be back to original user (dano) Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication(); assertThat(targetAuth).isNotNull(); @@ -349,20 +312,16 @@ public class SwitchUserFilterTests { public void exitUserWithNoCurrentUserFails() throws Exception { // no current user in secure context SecurityContextHolder.clearContext(); - MockHttpServletRequest request = createMockSwitchRequest(); request.setRequestURI("/logout/impersonate"); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setExitUserUrl("/logout/impersonate"); - // run 'exit', expect fail due to no current user FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); } @@ -372,18 +331,14 @@ public class SwitchUserFilterTests { request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); request.setRequestURI("/webapp/login/impersonate"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl")); filter.setUserDetailsService(new MockUserDetailsService()); - FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/webapp/someOtherUrl"); } @@ -392,12 +347,10 @@ public class SwitchUserFilterTests { // set current user UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = createMockSwitchRequest(); request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); request.setRequestURI("/webapp/login/impersonate"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setSwitchUserUrl("/login/impersonate"); SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler( @@ -407,14 +360,10 @@ public class SwitchUserFilterTests { switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector); filter.setSuccessHandler(switchSuccessHandler); filter.setUserDetailsService(new MockUserDetailsService()); - FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(request, response); - assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl"); } @@ -423,28 +372,22 @@ public class SwitchUserFilterTests { // set current user UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - // http request MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/webapp/login/impersonate"); request.setContextPath("/webapp"); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); - // http response MockHttpServletResponse response = new MockHttpServletResponse(); - // setup filter SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchUserUrl("/login/impersonate"); filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl")); - FilterChain chain = mock(FilterChain.class); - // test updates user token and context filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); - // check current user Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication(); assertThat(targetAuth).isNotNull(); @@ -456,10 +399,8 @@ public class SwitchUserFilterTests { public void modificationOfAuthoritiesWorks() { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord"); - SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchUserAuthorityChanger((targetUser, currentAuthentication, authoritiesToBeGranted) -> { @@ -467,7 +408,6 @@ public class SwitchUserFilterTests { auths.add(new SimpleGrantedAuthority("ROLE_NEW")); return auths; }); - Authentication result = filter.attemptSwitchUser(request); assertThat(result != null).isTrue(); assertThat(result.getAuthorities()).hasSize(2); @@ -483,16 +423,13 @@ public class SwitchUserFilterTests { SecurityContextHolder.getContext().setAuthentication(source); SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord")); Authentication switched = switchToUser("dano"); - SwitchUserGrantedAuthority switchedFrom = null; - for (GrantedAuthority ga : switched.getAuthorities()) { if (ga instanceof SwitchUserGrantedAuthority) { switchedFrom = (SwitchUserGrantedAuthority) ga; break; } } - assertThat(switchedFrom).isNotNull(); assertThat(source).isSameAs(switchedFrom.getSource()); } @@ -509,23 +446,19 @@ public class SwitchUserFilterTests { @Test public void switchAuthorityRoleCanBeChanged() { String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR"; - // original user UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("orig", "hawaii50", ROLES_12); SecurityContextHolder.getContext().setAuthentication(source); SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord")); Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole); - SwitchUserGrantedAuthority switchedFrom = null; - for (GrantedAuthority ga : switched.getAuthorities()) { if (ga instanceof SwitchUserGrantedAuthority) { switchedFrom = (SwitchUserGrantedAuthority) ga; break; } } - assertThat(switchedFrom).isNotNull(); assertThat(switchedFrom.getSource()).isSameAs(source); assertThat(switchAuthorityRole).isEqualTo(switchedFrom.getAuthority()); diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java index f8c1de66a8..7e93bd73ab 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java @@ -38,7 +38,6 @@ public class DefaultLogoutPageGeneratingFilterTests { @Test public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilter(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect(content().string("\n" + "\n" + " \n" + " \n" + " \n" @@ -58,7 +57,6 @@ public class DefaultLogoutPageGeneratingFilterTests { public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception { this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1")); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect( content().string(containsString(""))); } @@ -66,7 +64,6 @@ public class DefaultLogoutPageGeneratingFilterTests { @Test public void doFilterWhenRequestContextThenActionContainsRequestContext() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); - mockMvc.perform(get("/context/logout").contextPath("/context")) .andExpect(content().string(containsString("action=\"/context/logout\""))); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java index a06829f66b..ab86511eb7 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java @@ -58,7 +58,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); @@ -70,7 +69,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); @@ -81,7 +79,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer someOtherToken"); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verifyZeroInteractions(this.authenticationDetailsSource); assertThat(authentication).isNull(); } @@ -98,7 +95,6 @@ public class BasicAuthenticationConverterTests { public void testWhenInvalidBase64ThenError() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic NOT_VALID_BASE64"); - this.converter.convert(request); } @@ -108,7 +104,6 @@ public class BasicAuthenticationConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); UsernamePasswordAuthenticationToken authentication = this.converter.convert(request); - verify(this.authenticationDetailsSource).buildDetails(any()); assertThat(authentication).isNotNull(); assertThat(authentication.getName()).isEqualTo("rod"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java index 91cf5cf819..2050d9267f 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java @@ -36,7 +36,6 @@ public class BasicAuthenticationEntryPointTests { @Test public void testDetectsMissingRealmName() { BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint(); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -56,21 +55,14 @@ public class BasicAuthenticationEntryPointTests { @Test public void testNormalOperation() throws Exception { BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint(); - ep.setRealmName("hello"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // ep.afterPropertiesSet(); - ep.commence(request, response, new DisabledException("These are the jokes kid")); - assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.UNAUTHORIZED.getReasonPhrase()); - assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\""); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java index 39a7ac7655..d31d44ffe9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java @@ -67,11 +67,9 @@ public class BasicAuthenticationFilterTests { rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); } @@ -82,16 +80,12 @@ public class BasicAuthenticationFilterTests { @Test public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/some_file.html"); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -110,10 +104,8 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); @@ -126,7 +118,6 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); // The filter chain shouldn't proceed @@ -141,12 +132,10 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -159,12 +148,10 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -176,11 +163,9 @@ public class BasicAuthenticationFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -188,13 +173,11 @@ public class BasicAuthenticationFilterTests { @Test public void testOtherAuthorizationSchemeIsIgnored() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME"); request.setServletPath("/some_file.html"); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -216,32 +199,23 @@ public class BasicAuthenticationFilterTests { request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); final MockHttpServletResponse response1 = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response1, chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); - // NOW PERFORM FAILED AUTHENTICATION - token = "otherUser:WRONG_PASSWORD"; request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); final MockHttpServletResponse response2 = new MockHttpServletResponse(); - chain = mock(FilterChain.class); this.filter.doFilter(request, response2, chain); - verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); request.setServletPath("/some_file.html"); - // Test - the filter chain will not be invoked, as we get a 401 forbidden response MockHttpServletResponse response = response2; - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -253,14 +227,11 @@ public class BasicAuthenticationFilterTests { request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); - this.filter = new BasicAuthenticationFilter(this.manager); assertThat(this.filter.isIgnoreFailure()).isTrue(); FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, new MockHttpServletResponse(), chain); - verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); - // Test - the filter chain will be invoked, as we've set ignoreFailure = true assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -274,10 +245,8 @@ public class BasicAuthenticationFilterTests { request.setSession(new MockHttpSession()); assertThat(this.filter.isIgnoreFailure()).isFalse(); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); - // Test - the filter chain will not be invoked, as we get a 401 forbidden response verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -287,50 +256,38 @@ public class BasicAuthenticationFilterTests { // SEC-2054 @Test public void skippedOnErrorDispatch() throws Exception { - String token = "bad:credentials"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(200); } @Test public void doFilterWhenTokenAndFilterCharsetMatchDefaultThenAuthenticated() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -340,33 +297,25 @@ public class BasicAuthenticationFilterTests { @Test public void doFilterWhenTokenAndFilterCharsetMatchNonDefaultThenAuthenticated() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); this.filter.setCredentialsCharset("ISO-8859-1"); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.ISO_8859_1)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod"); @@ -376,33 +325,25 @@ public class BasicAuthenticationFilterTests { @Test public void doFilterWhenTokenAndFilterCharsetDoNotMatchThenUnauthorized() throws Exception { SecurityContextHolder.clearContext(); - UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü"); rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1")); - this.manager = mock(AuthenticationManager.class); given(this.manager.authenticate(rodRequest)).willReturn(rod); given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException("")); - this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint()); this.filter.setCredentialsCharset("ISO-8859-1"); - String token = "rod:äöü"; MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8)))); request.setServletPath("/some_file.html"); - MockHttpServletResponse response = new MockHttpServletResponse(); - // Test assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); FilterChain chain = mock(FilterChain.class); - this.filter.doFilter(request, response, chain); - assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED); verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -415,7 +356,6 @@ public class BasicAuthenticationFilterTests { request.setServletPath("/some_file.html"); request.setSession(new MockHttpSession()); final MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = mock(FilterChain.class); this.filter.doFilter(request, response, chain); verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java index 4d13ededfd..f2731df602 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java @@ -38,7 +38,6 @@ public class DigestAuthUtilsTests { String unsplit = "username=\"rod\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\""; String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("username")).isEqualTo("rod"); assertThat(headerMap.get("realm")).isEqualTo("Contacts Realm"); assertThat(headerMap.get("nonce")) @@ -57,7 +56,6 @@ public class DigestAuthUtilsTests { String unsplit = "username=\"rod\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\""; String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null); - assertThat(headerMap.get("username")).isEqualTo("\"rod\""); assertThat(headerMap.get("realm")).isEqualTo("\"Contacts Realm\""); assertThat(headerMap.get("nonce")) @@ -97,39 +95,30 @@ public class DigestAuthUtilsTests { fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("", "="); // empty string fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("sdch=dfgf", null); // null fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("fvfv=dcdc", ""); // empty string fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } - try { DigestAuthUtils.split("dfdc=dcdc", "BIGGER_THAN_ONE_CHARACTER"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { - } } @@ -137,7 +126,6 @@ public class DigestAuthUtilsTests { public void testSplitWorksWithDifferentDelimiters() { assertThat(DigestAuthUtils.split("18/rod", "/")).hasSize(2); assertThat(DigestAuthUtils.split("18/rod", "!")).isNull(); - // only guarantees to split at FIRST delimiter, not EACH delimiter assertThat(DigestAuthUtils.split("18|rod|foo|bar", "|")).hasSize(2); } @@ -145,9 +133,7 @@ public class DigestAuthUtilsTests { public void testAuthorizationHeaderWithCommasIsSplitCorrectly() { String header = "Digest username=\"hamilton,bob\", realm=\"bobs,ok,realm\", nonce=\"the,nonce\", " + "uri=\"the,Uri\", response=\"the,response,Digest\", qop=theqop, nc=thenc, cnonce=\"the,cnonce\""; - String[] parts = DigestAuthUtils.splitIgnoringQuotes(header, ','); - assertThat(parts).hasSize(8); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java index adfe482442..3f6b2c61f9 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java @@ -42,11 +42,9 @@ public class DigestAuthenticationEntryPointTests { // format of nonce is: // base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key)) assertThat(Base64.isArrayByteBase64(nonce.getBytes())).isTrue(); - String decodedNonce = new String(Base64.decodeBase64(nonce.getBytes())); String[] nonceTokens = StringUtils.delimitedListToStringArray(decodedNonce, ":"); assertThat(nonceTokens).hasSize(2); - String expectedNonceSignature = DigestUtils.md5Hex(nonceTokens[0] + ":" + "key"); assertThat(nonceTokens[1]).isEqualTo(expectedNonceSignature); } @@ -55,7 +53,6 @@ public class DigestAuthenticationEntryPointTests { public void testDetectsMissingKey() throws Exception { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("realm"); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -70,7 +67,6 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setKey("dcdc"); ep.setNonceValiditySeconds(12); - try { ep.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); @@ -97,29 +93,21 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("hello"); ep.setKey("key"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); - ep.commence(request, response, new DisabledException("foobar")); - // Check response is properly formed assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest "); - // Break up response header String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("realm")).isEqualTo("hello"); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("stale")).isNull(); - checkNonceValid(headerMap.get("nonce")); } @@ -128,29 +116,21 @@ public class DigestAuthenticationEntryPointTests { DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName("hello"); ep.setKey("key"); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/some_path"); - MockHttpServletResponse response = new MockHttpServletResponse(); - ep.afterPropertiesSet(); - ep.commence(request, response, new NonceExpiredException("expired nonce")); - // Check response is properly formed assertThat(response.getStatus()).isEqualTo(401); assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest "); - // Break up response header String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); - assertThat(headerMap.get("realm")).isEqualTo("hello"); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("stale")).isEqualTo("true"); - checkNonceValid(headerMap.get("nonce")); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java index f3bef133b8..f716b3991d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java @@ -90,11 +90,8 @@ public class DigestAuthenticationFilterTests { private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, final boolean expectChainToProceed) throws ServletException, IOException { final MockHttpServletResponse response = new MockHttpServletResponse(); - final FilterChain chain = mock(FilterChain.class); - filter.doFilter(request, response, chain); - verify(chain, times(expectChainToProceed ? 1 : 0)).doFilter(request, response); return response; } @@ -107,7 +104,6 @@ public class DigestAuthenticationFilterTests { long expiryTime = System.currentTimeMillis() + (validitySeconds * 1000); String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key); String nonceValue = expiryTime + ":" + signatureValue; - return new String(Base64.encodeBase64(nonceValue.getBytes())); } @@ -119,19 +115,15 @@ public class DigestAuthenticationFilterTests { @Before public void setUp() { SecurityContextHolder.clearContext(); - // Create User Details Service UserDetailsService uds = (username) -> new User("rod,ok", "koala", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); - DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint(); ep.setRealmName(REALM); ep.setKey(KEY); - this.filter = new DigestAuthenticationFilter(); this.filter.setUserDetailsService(uds); this.filter.setAuthenticationEntryPoint(ep); - this.request = new MockHttpServletRequest("GET", REQUEST_URI); this.request.setServletPath(REQUEST_URI); } @@ -141,17 +133,12 @@ public class DigestAuthenticationFilterTests { String nonce = generateNonce(0); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - Thread.sleep(1000); // ensures token expired - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); - String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); @@ -163,12 +150,9 @@ public class DigestAuthenticationFilterTests { String badNonce = generateNonce(60, "badkey"); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, badNonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(response.getStatus()).isEqualTo(401); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -176,7 +160,6 @@ public class DigestAuthenticationFilterTests { @Test public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception { executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -185,10 +168,8 @@ public class DigestAuthenticationFilterTests { DigestAuthenticationFilter filter = new DigestAuthenticationFilter(); filter.setUserDetailsService(mock(UserDetailsService.class)); assertThat(filter.getUserDetailsService() != null).isTrue(); - filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint()); assertThat(filter.getAuthenticationEntryPoint() != null).isTrue(); - filter.setUserCache(null); assertThat(filter.getUserCache()).isNull(); filter.setUserCache(new NullUserCache()); @@ -198,11 +179,8 @@ public class DigestAuthenticationFilterTests { @Test public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception { String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON"; - this.request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes()))); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(response.getStatus()).isEqualTo(401); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -210,9 +188,7 @@ public class DigestAuthenticationFilterTests { @Test public void testMalformedHeaderReturnsForbidden() throws Exception { this.request.addHeader("Authorization", "Digest scsdcsdc"); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -220,15 +196,11 @@ public class DigestAuthenticationFilterTests { @Test public void testNonBase64EncodedNonceReturnsForbidden() throws Exception { String nonce = "NOT_BASE_64_ENCODED"; - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -238,12 +210,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -253,12 +222,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -268,12 +234,9 @@ public class DigestAuthenticationFilterTests { String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -283,12 +246,9 @@ public class DigestAuthenticationFilterTests { String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD); String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -298,12 +258,9 @@ public class DigestAuthenticationFilterTests { public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -314,13 +271,10 @@ public class DigestAuthenticationFilterTests { public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - this.filter.setCreateAuthenticatedToken(true); executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); @@ -332,9 +286,7 @@ public class DigestAuthenticationFilterTests { @Test public void otherAuthorizationSchemeIsIgnored() throws Exception { this.request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME"); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -356,24 +308,17 @@ public class DigestAuthenticationFilterTests { public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); - // Now retry, giving an invalid nonce responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request = new MockHttpServletRequest(); this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - // Check we lost our previous authentication assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); @@ -382,15 +327,11 @@ public class DigestAuthenticationFilterTests { @Test public void wrongCnonceBasedOnDigestReturnsForbidden() throws Exception { String cnonce = "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION"; - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE"); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -400,12 +341,9 @@ public class DigestAuthenticationFilterTests { String password = "WRONG_PASSWORD"; String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -415,12 +353,9 @@ public class DigestAuthenticationFilterTests { String realm = "WRONG_REALM"; String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -429,12 +364,9 @@ public class DigestAuthenticationFilterTests { public void wrongUsernameReturnsForbidden() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); } @@ -446,18 +378,13 @@ public class DigestAuthenticationFilterTests { TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER"); existingContext.setAuthentication(existingAuthentication); - SecurityContextHolder.setContext(existingContext); - String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); - this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); - this.filter.setCreateAuthenticatedToken(true); executeFilterInContainerSimulator(this.filter, this.request, true); - assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication()); } diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java index e6bd2892d6..fef74d42e1 100644 --- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java @@ -91,26 +91,20 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); registry.getSessionInformation(session.getId()).expireNow(); - // Setup our test fixture and registry to want this session to be expired - SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy( "/expired.jsp"); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy); filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() }); filter.afterPropertiesSet(); - FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); // Expect that the filter chain will not be invoked, as we redirect to expiredUrl verifyZeroInteractions(fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp"); } @@ -120,18 +114,14 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); registry.getSessionInformation(session.getId()).expireNow(); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); - FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); verifyZeroInteractions(fc); - assertThat(response.getContentAsString()) .isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " + "attempted as the same user)."); @@ -148,23 +138,17 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); request.setSession(session); - MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain fc = mock(FilterChain.class); - // Setup our test fixture SessionRegistry registry = new SessionRegistryImpl(); registry.registerNewSession(session.getId(), "principal"); SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy( "/expired.jsp"); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy); - Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest(); - Thread.sleep(1000); - filter.doFilter(request, response, fc); - verify(fc).doFilter(request, response); assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue(); } @@ -173,22 +157,17 @@ public class ConcurrentSessionFilterTests { public void doFilterWhenNoSessionThenChainIsContinued() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - MockFilterChain chain = new MockFilterChain(); - filter.doFilter(request, response, chain); - assertThat(chain.getRequest()).isNotNull(); } @@ -197,18 +176,13 @@ public class ConcurrentSessionFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(new MockHttpSession()); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - MockFilterChain chain = new MockFilterChain(); - filter.doFilter(request, response, chain); - assertThat(chain.getRequest()).isNotNull(); } @@ -218,20 +192,16 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); filter.setRedirectStrategy(redirect); - filter.doFilter(request, response, new MockFilterChain()); - verify(redirect).sendRedirect(request, response, expiredUrl); } @@ -241,27 +211,21 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - RedirectStrategy redirect = mock(RedirectStrategy.class); SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - final String expiredUrl = "/expired"; ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") { - @Override protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) { return expiredUrl; } - }; filter.setRedirectStrategy(redirect); - filter.doFilter(request, response, new MockFilterChain()); - verify(redirect).sendRedirect(request, response, expiredUrl); } @@ -271,17 +235,13 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); - filter.doFilter(request, response, new MockFilterChain()); - assertThat(response.getContentAsString()).contains( "This session has been expired (possibly due to multiple concurrent logins being attempted as the same user)."); } @@ -293,32 +253,26 @@ public class ConcurrentSessionFilterTests { MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); - SessionRegistry registry = mock(SessionRegistry.class); SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000)); information.expireNow(); given(registry.getSessionInformation(anyString())).willReturn(information); - ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry); filter.setLogoutHandlers(new LogoutHandler[] { handler }); - filter.doFilter(request, response, new MockFilterChain()); - verify(handler).logout(eq(request), eq(response), any()); } @Test(expected = IllegalArgumentException.class) public void setLogoutHandlersWhenNullThenThrowsException() { ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl()); - filter.setLogoutHandlers((List) null); } @Test(expected = IllegalArgumentException.class) public void setLogoutHandlersWhenEmptyThenThrowsException() { ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl()); - filter.setLogoutHandlers(new LogoutHandler[0]); } diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java index 1eac035d61..93a753af16 100644 --- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java +++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java @@ -60,15 +60,11 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenDefaultContextThenRegistersSpringSecurityFilterChain() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verifyNoAddListener(context); @@ -78,16 +74,11 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenConfigurationClassThenAddsContextLoaderListener() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verify(context).addListener(any(ContextLoaderListener.class)); @@ -97,20 +88,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenEnableHttpSessionEventPublisherIsTrueThenAddsHttpSessionEventPublisher() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected boolean enableHttpSessionEventPublisher() { return true; } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verify(context).addListener(HttpSessionEventPublisher.class.getName()); @@ -120,20 +106,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenCustomSecurityDispatcherTypesThenUses() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected EnumSet getSecurityDispatcherTypes() { return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns( EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD), false, "/*"); verify(registration).setAsyncSupported(true); @@ -144,23 +125,18 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenCustomDispatcherWebApplicationContextSuffixThenUses() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected String getDispatcherWebApplicationContextSuffix() { return "dispatcher"; } }.onStartup(context); - DelegatingFilterProxy proxy = proxyCaptor.getValue(); assertThat(proxy.getContextAttribute()) .isEqualTo("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain"); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); verifyNoAddListener(context); @@ -169,7 +145,6 @@ public class AbstractSecurityWebApplicationInitializerTests { @Test public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() { ServletContext context = mock(ServletContext.class); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { }.onStartup(context)).isInstanceOf(IllegalStateException.class) .hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. " @@ -182,22 +157,17 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter2 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter1))).willReturn(registration); given(context.addFilter(anyString(), eq(filter2))).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { insertFilters(context, filter1, filter2); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration, times(3)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration, times(3)).setAsyncSupported(true); verifyNoAddListener(context); @@ -210,11 +180,8 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter1 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -222,9 +189,7 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage( "Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once."); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); } @@ -233,11 +198,8 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenInsertFiltersEmptyThenException() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -245,7 +207,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessage("filters cannot be null or empty"); - assertProxyDefaults(proxyCaptor.getValue()); } @@ -254,12 +215,9 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter))).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -267,7 +225,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("filters cannot contain null values"); - verify(context, times(2)).addFilter(anyString(), any(Filter.class)); } @@ -277,20 +234,16 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter2 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter1))).willReturn(registration); given(context.addFilter(anyString(), eq(filter2))).willReturn(registration); - new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { appendFilters(context, filter1, filter2); } }.onStartup(context); - verify(registration, times(1)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration, times(2)).addMappingForUrlPatterns(DEFAULT_DISPATCH, true, "/*"); verify(registration, times(3)).setAsyncSupported(true); @@ -303,11 +256,8 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter1 = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -315,9 +265,7 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage( "Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once."); - assertProxyDefaults(proxyCaptor.getValue()); - verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); } @@ -326,11 +274,8 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenAppendFiltersEmptyThenException() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -338,7 +283,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessage("filters cannot be null or empty"); - assertProxyDefaults(proxyCaptor.getValue()); } @@ -347,12 +291,9 @@ public class AbstractSecurityWebApplicationInitializerTests { Filter filter = mock(Filter.class); ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); - given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); given(context.addFilter(anyString(), eq(filter))).willReturn(registration); - assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() { @Override protected void afterSpringSecurityFilterChain(ServletContext servletContext) { @@ -360,7 +301,6 @@ public class AbstractSecurityWebApplicationInitializerTests { } }.onStartup(context)).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("filters cannot contain null values"); - verify(context, times(2)).addFilter(anyString(), any(Filter.class)); } @@ -368,20 +308,15 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenDefaultsThenSessionTrackingModes() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - ArgumentCaptor> modesCaptor = ArgumentCaptor .forClass(new HashSet() { }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); - new AbstractSecurityWebApplicationInitializer() { }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - Set modes = modesCaptor.getValue(); assertThat(modes).hasSize(1); assertThat(modes).containsExactly(SessionTrackingMode.COOKIE); @@ -391,24 +326,19 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenSessionTrackingModesConfiguredThenUsed() { ServletContext context = mock(ServletContext.class); FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class); - ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); - ArgumentCaptor> modesCaptor = ArgumentCaptor .forClass(new HashSet() { }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); - new AbstractSecurityWebApplicationInitializer() { @Override public Set getSessionTrackingModes() { return Collections.singleton(SessionTrackingMode.SSL); } }.onStartup(context); - assertProxyDefaults(proxyCaptor.getValue()); - Set modes = modesCaptor.getValue(); assertThat(modes).hasSize(1); assertThat(modes).containsExactly(SessionTrackingMode.SSL); diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java index f8e06e9c5e..c3ef02ed5f 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java @@ -71,11 +71,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); repo.loadContext(holder); - reset(request); holder.getRequest().startAsync(); holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST); - // ensure that sendError did cause interaction with the HttpSession verify(request, never()).getSession(anyBoolean()); verify(request, never()).getSession(); @@ -88,11 +86,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); repo.loadContext(holder); - reset(request); holder.getRequest().startAsync(request, response); holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST); - // ensure that sendError did cause interaction with the HttpSession verify(request, never()).getSession(anyBoolean()); verify(request, never()).getSession(); @@ -156,12 +152,10 @@ public class HttpSessionSecurityContextRepositoryTests { request.setSession(session); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); assertThat(repo.loadContext(holder)).isSameAs(ctx); - // Modify context contents. Same user, different role SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B")); repo.saveContext(ctx, holder.getRequest(), holder.getResponse()); - // Must be called even though the value in the local VM is already the same verify(session).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx); } @@ -224,7 +218,6 @@ public class HttpSessionSecurityContextRepositoryTests { SecurityContextHolder.getContext().setAuthentication(this.testToken); holder.getResponse().sendError(404); assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext()); - assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue(); repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); // Check it's still the same @@ -441,13 +434,10 @@ public class HttpSessionSecurityContextRepositoryTests { ctxInSession.setAuthentication(this.testToken); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession); - HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); repo.loadContext(holder); - ctxInSession.setAuthentication(null); repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse()); - assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) .isNull(); } @@ -459,7 +449,6 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletRequest request = new MockHttpServletRequest(); final String sessionId = ";jsessionid=id"; MockHttpServletResponse response = new MockHttpServletResponse() { - @Override public String encodeRedirectUrl(String url) { return url + sessionId; @@ -506,9 +495,7 @@ public class HttpSessionSecurityContextRepositoryTests { repo.loadContext(holder); AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class); repo.setTrustResolver(trustResolver); - repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse()); - verify(trustResolver).isAnonymous(contextToSave.getAuthentication()); } @@ -529,10 +516,8 @@ public class HttpSessionSecurityContextRepositoryTests { assertThat(request.getSession(false)).isNull(); // Simulate authentication during the request context.setAuthentication(this.testToken); - repo.saveContext(context, new HttpServletRequestWrapper(holder.getRequest()), new HttpServletResponseWrapper(holder.getResponse())); - assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) .isEqualTo(context); @@ -545,7 +530,6 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(this.testToken); - repo.saveContext(context, request, response); } @@ -556,12 +540,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeTransientAuthentication authentication = new SomeTransientAuthentication(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } @@ -573,12 +554,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeTransientAuthenticationSubclass authentication = new SomeTransientAuthenticationSubclass(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } @@ -590,12 +568,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); - SomeOtherTransientAuthentication authentication = new SomeOtherTransientAuthentication(); context.setAuthentication(authentication); - repo.saveContext(context, holder.getRequest(), holder.getResponse()); - MockHttpSession session = (MockHttpSession) request.getSession(false); assertThat(session).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java index 611e221817..4a30bf3f89 100644 --- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java @@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat; * @author Rob Winch * */ - @RunWith(MockitoJUnitRunner.class) public class SaveContextOnUpdateOrErrorResponseWrapperTests { diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java index 7dea43d79a..2bbfe08032 100644 --- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java @@ -56,7 +56,6 @@ public class SecurityContextPersistenceFilterTests { final MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(); SecurityContextHolder.getContext().setAuthentication(this.testToken); - filter.doFilter(request, response, chain); verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); @@ -76,7 +75,6 @@ public class SecurityContextPersistenceFilterTests { } catch (IOException expected) { } - assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -91,17 +89,13 @@ public class SecurityContextPersistenceFilterTests { scBefore.setAuthentication(beforeAuth); final SecurityContextRepository repo = mock(SecurityContextRepository.class); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo); - given(repo.loadContext(any(HttpRequestResponseHolder.class))).willReturn(scBefore); - final FilterChain chain = (request1, response1) -> { assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(beforeAuth); // Change the context here SecurityContextHolder.setContext(scExpectedAfter); }; - filter.doFilter(request, response, chain); - verify(repo).saveContext(scExpectedAfter, request, response); } @@ -112,7 +106,6 @@ public class SecurityContextPersistenceFilterTests { final MockHttpServletResponse response = new MockHttpServletResponse(); SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter( mock(SecurityContextRepository.class)); - request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE); filter.doFilter(request, response, chain); verify(chain).doFilter(request, response); diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java index 88681cca87..7a27f811b3 100644 --- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java @@ -62,10 +62,8 @@ public class SecurityContextCallableProcessingInterceptorTests { SecurityContextHolder.setContext(this.securityContext); interceptor.beforeConcurrentHandling(this.webRequest, this.callable); SecurityContextHolder.clearContext(); - interceptor.preProcess(this.webRequest, this.callable); assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext); - interceptor.postProcess(this.webRequest, this.callable, null); assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext); } @@ -74,10 +72,8 @@ public class SecurityContextCallableProcessingInterceptorTests { public void specificSecurityContext() throws Exception { SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor( this.securityContext); - interceptor.preProcess(this.webRequest, this.callable); assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext); - interceptor.postProcess(this.webRequest, this.callable, null); assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext); } diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java index 2f35a7e449..09fc283ec3 100644 --- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java @@ -72,16 +72,13 @@ public class WebAsyncManagerIntegrationFilterTests { @Before public void setUp() { this.filterChain = new MockFilterChain(); - this.threadFactory = new JoinableThreadFactory(); SimpleAsyncTaskExecutor executor = new SimpleAsyncTaskExecutor(); executor.setThreadFactory(this.threadFactory); - this.asyncManager = WebAsyncUtils.getAsyncManager(this.request); this.asyncManager.setAsyncWebRequest(this.asyncWebRequest); this.asyncManager.setTaskExecutor(executor); given(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).willReturn(this.asyncManager); - this.filter = new WebAsyncManagerIntegrationFilter(); } @@ -101,7 +98,6 @@ public class WebAsyncManagerIntegrationFilterTests { } }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); - VerifyingCallable verifyingCallable = new VerifyingCallable(); this.asyncManager.startCallableProcessing(verifyingCallable); this.threadFactory.join(); @@ -120,7 +116,6 @@ public class WebAsyncManagerIntegrationFilterTests { }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); SecurityContextHolder.setContext(this.securityContext); - VerifyingCallable verifyingCallable = new VerifyingCallable(); this.asyncManager.startCallableProcessing(verifyingCallable); this.threadFactory.join(); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java index 6f0aa4fddf..ffd64a0ff3 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java @@ -49,7 +49,6 @@ public class CookieCsrfTokenRepositoryTests { @Test public void generateToken() { CsrfToken generateToken = this.repository.generateToken(this.request); - assertThat(generateToken).isNotNull(); assertThat(generateToken.getHeaderName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_HEADER_NAME); assertThat(generateToken.getParameterName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_PARAMETER_NAME); @@ -62,9 +61,7 @@ public class CookieCsrfTokenRepositoryTests { String parameterName = "paramName"; this.repository.setHeaderName(headerName); this.repository.setParameterName(parameterName); - CsrfToken generateToken = this.repository.generateToken(this.request); - assertThat(generateToken).isNotNull(); assertThat(generateToken.getHeaderName()).isEqualTo(headerName); assertThat(generateToken.getParameterName()).isEqualTo(parameterName); @@ -75,9 +72,7 @@ public class CookieCsrfTokenRepositoryTests { public void saveToken() { CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getMaxAge()).isEqualTo(-1); assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); @@ -91,9 +86,7 @@ public class CookieCsrfTokenRepositoryTests { this.request.setSecure(true); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isTrue(); } @@ -103,9 +96,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setSecure(Boolean.TRUE); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isTrue(); } @@ -115,9 +106,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setSecure(Boolean.FALSE); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getSecure()).isFalse(); } @@ -125,9 +114,7 @@ public class CookieCsrfTokenRepositoryTests { public void saveTokenNull() { this.request.setSecure(true); this.repository.saveToken(null, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getMaxAge()).isZero(); assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); @@ -140,9 +127,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookieHttpOnly(true); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isTrue(); } @@ -151,9 +136,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookieHttpOnly(false); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isFalse(); } @@ -162,9 +145,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository = CookieCsrfTokenRepository.withHttpOnlyFalse(); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.isHttpOnly()).isFalse(); } @@ -174,9 +155,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.repository.getCookiePath()); } @@ -186,9 +165,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); } @@ -198,9 +175,7 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setCookiePath(customPath); CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath()); } @@ -208,12 +183,9 @@ public class CookieCsrfTokenRepositoryTests { public void saveTokenWithCookieDomain() { String domainName = "example.com"; this.repository.setCookieDomain(domainName); - CsrfToken token = this.repository.generateToken(this.request); this.repository.saveToken(token, this.request, this.response); - Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME); - assertThat(tokenCookie.getDomain()).isEqualTo(domainName); } @@ -225,26 +197,21 @@ public class CookieCsrfTokenRepositoryTests { @Test public void loadTokenCookieIncorrectNameNull() { this.request.setCookies(new Cookie("other", "name")); - assertThat(this.repository.loadToken(this.request)).isNull(); } @Test public void loadTokenCookieValueEmptyString() { this.request.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, "")); - assertThat(this.repository.loadToken(this.request)).isNull(); } @Test public void loadToken() { CsrfToken generateToken = this.repository.generateToken(this.request); - this.request .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken())); - CsrfToken loadToken = this.repository.loadToken(this.request); - assertThat(loadToken).isNotNull(); assertThat(loadToken.getHeaderName()).isEqualTo(generateToken.getHeaderName()); assertThat(loadToken.getParameterName()).isEqualTo(generateToken.getParameterName()); @@ -260,11 +227,8 @@ public class CookieCsrfTokenRepositoryTests { this.repository.setHeaderName(headerName); this.repository.setParameterName(parameterName); this.repository.setCookieName(cookieName); - this.request.setCookies(new Cookie(cookieName, value)); - CsrfToken loadToken = this.repository.loadToken(this.request); - assertThat(loadToken).isNotNull(); assertThat(loadToken.getHeaderName()).isEqualTo(headerName); assertThat(loadToken.getParameterName()).isEqualTo(parameterName); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java index 9a848bf0c9..d8057e2d9e 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java @@ -77,7 +77,6 @@ public class CsrfAuthenticationStrategyTests { given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken); this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -93,16 +92,13 @@ public class CsrfAuthenticationStrategyTests { @Test public void delaySavingCsrf() { this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository)); - given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken); given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken); this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); verify(this.csrfTokenRepository, never()).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), any(HttpServletResponse.class)); - CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName()); tokenInRequest.getToken(); verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class), @@ -113,7 +109,6 @@ public class CsrfAuthenticationStrategyTests { public void logoutRemovesNoActionIfNullToken() { this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); - verify(this.csrfTokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java index 0f3c2edc97..a0b619209f 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java @@ -106,18 +106,14 @@ public class CsrfFilterTests { this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository)); given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.token.getParameterName()); - // no CsrfToken should have been saved yet verify(this.tokenRepository, times(0)).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); verify(this.filterChain).doFilter(this.request, this.response); - // access the token attrToken.getToken(); - // now the CsrfToken should have been saved verify(this.tokenRepository).saveToken(eq(this.token), any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -127,12 +123,9 @@ public class CsrfFilterTests { public void doFilterAccessDeniedNoTokenPresent() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -142,12 +135,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -157,12 +147,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -174,12 +161,9 @@ public class CsrfFilterTests { given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID"); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); } @@ -188,12 +172,9 @@ public class CsrfFilterTests { public void doFilterNotCsrfRequestExistingToken() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -202,12 +183,9 @@ public class CsrfFilterTests { public void doFilterNotCsrfRequestGenerateToken() throws ServletException, IOException { given(this.requestMatcher.matches(this.request)).willReturn(false); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -217,12 +195,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.addHeader(this.token.getHeaderName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -234,12 +209,9 @@ public class CsrfFilterTests { given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID"); this.request.addHeader(this.token.getHeaderName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -249,12 +221,9 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); verify(this.tokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class), @@ -266,15 +235,11 @@ public class CsrfFilterTests { given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.generateToken(this.request)).willReturn(this.token); this.request.setParameter(this.token.getParameterName(), this.token.getToken()); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - // LazyCsrfTokenRepository requires the response as an attribute assertThat(this.request.getAttribute(HttpServletResponse.class.getName())).isEqualTo(this.response); - verify(this.filterChain).doFilter(this.request, this.response); verify(this.tokenRepository).saveToken(this.token, this.request, this.response); verifyZeroInteractions(this.deniedHandler); @@ -284,14 +249,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethods() throws ServletException, IOException { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("GET", "TRACE", "OPTIONS", "HEAD")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.filterChain).doFilter(this.request, this.response); verifyZeroInteractions(this.deniedHandler); } @@ -307,14 +269,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethodsCaseSensitive() throws Exception { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("get", "TrAcE", "oPTIOnS", "hEaD")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); @@ -325,14 +284,11 @@ public class CsrfFilterTests { public void doFilterDefaultRequireCsrfProtectionMatcherDeniedMethods() throws ServletException, IOException { this.filter = new CsrfFilter(this.tokenRepository); this.filter.setAccessDeniedHandler(this.deniedHandler); - for (String method : Arrays.asList("POST", "PUT", "PATCH", "DELETE", "INVALID")) { resetRequestResponse(); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); this.request.setMethod(method); - this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class)); verifyZeroInteractions(this.filterChain); @@ -345,28 +301,21 @@ public class CsrfFilterTests { this.filter.setRequireCsrfProtectionMatcher(this.requestMatcher); given(this.requestMatcher.matches(this.request)).willReturn(true); given(this.tokenRepository.loadToken(this.request)).willReturn(this.token); - this.filter.doFilter(this.request, this.response, this.filterChain); - assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token); assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token); - assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); verifyZeroInteractions(this.filterChain); } @Test public void doFilterWhenSkipRequestInvokedThenSkips() throws Exception { - CsrfTokenRepository repository = mock(CsrfTokenRepository.class); CsrfFilter filter = new CsrfFilter(repository); - lenient().when(repository.loadToken(any(HttpServletRequest.class))).thenReturn(this.token); - MockHttpServletRequest request = new MockHttpServletRequest(); CsrfFilter.skipRequest(request); filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(repository); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java index 64be6dad9d..3e187126d4 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java @@ -60,7 +60,6 @@ public class CsrfLogoutHandlerTests { public void logoutRemovesCsrfToken() { this.handler.logout(this.request, this.response, new TestingAuthenticationToken("user", "password", "ROLE_USER")); - verify(this.csrfTokenRepository).saveToken(null, this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java index 52f89da077..7470c04727 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java @@ -48,12 +48,9 @@ public class HttpSessionCsrfTokenRepositoryTests { @Test public void generateToken() { this.token = this.repo.generateToken(this.request); - assertThat(this.token.getParameterName()).isEqualTo("_csrf"); assertThat(this.token.getToken()).isNotEmpty(); - CsrfToken loadedToken = this.repo.loadToken(this.request); - assertThat(loadedToken).isNull(); } @@ -61,9 +58,7 @@ public class HttpSessionCsrfTokenRepositoryTests { public void generateCustomParameter() { String paramName = "_csrf"; this.repo.setParameterName(paramName); - this.token = this.repo.generateToken(this.request); - assertThat(this.token.getParameterName()).isEqualTo(paramName); assertThat(this.token.getToken()).isNotEmpty(); } @@ -72,9 +67,7 @@ public class HttpSessionCsrfTokenRepositoryTests { public void generateCustomHeader() { String headerName = "CSRF"; this.repo.setHeaderName(headerName); - this.token = this.repo.generateToken(this.request); - assertThat(this.token.getHeaderName()).isEqualTo(headerName); assertThat(this.token.getToken()).isNotEmpty(); } @@ -95,10 +88,8 @@ public class HttpSessionCsrfTokenRepositoryTests { public void saveToken() { CsrfToken tokenToSave = new DefaultCsrfToken("123", "abc", "def"); this.repo.saveToken(tokenToSave, this.request, this.response); - String attrName = this.request.getSession().getAttributeNames().nextElement(); CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(attrName); - assertThat(loadedToken).isEqualTo(tokenToSave); } @@ -108,26 +99,20 @@ public class HttpSessionCsrfTokenRepositoryTests { String sessionAttributeName = "custom"; this.repo.setSessionAttributeName(sessionAttributeName); this.repo.saveToken(tokenToSave, this.request, this.response); - CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(sessionAttributeName); - assertThat(loadedToken).isEqualTo(tokenToSave); } @Test public void saveTokenNullToken() { saveToken(); - this.repo.saveToken(null, this.request, this.response); - assertThat(this.request.getSession().getAttributeNames().hasMoreElements()).isFalse(); } @Test public void saveTokenNullTokenWhenSessionNotExists() { - this.repo.saveToken(null, this.request, this.response); - assertThat(this.request.getSession(false)).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java index 36bc4b0284..f7dc6895ec 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java @@ -72,33 +72,27 @@ public class LazyCsrfTokenRepositoryTests { @Test public void generateTokenGetTokenSavesToken() { CsrfToken newToken = this.repository.generateToken(this.request); - newToken.getToken(); - verify(this.delegate).saveToken(this.token, this.request, this.response); } @Test public void saveNonNullDoesNothing() { this.repository.saveToken(this.token, this.request, this.response); - verifyZeroInteractions(this.delegate); } @Test public void saveNullDelegates() { this.repository.saveToken(null, this.request, this.response); - verify(this.delegate).saveToken(null, this.request, this.response); } @Test public void loadTokenDelegates() { given(this.delegate.loadToken(this.request)).willReturn(this.token); - CsrfToken loadToken = this.repository.loadToken(this.request); assertThat(loadToken).isSameAs(this.token); - verify(this.delegate).loadToken(this.request); } diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java index 7d5316e497..eae9715712 100644 --- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java @@ -89,7 +89,6 @@ public class DebugFilterTests { @Test public void doFilterProcessesRequests() throws Exception { this.filter.doFilter(this.request, this.response, this.filterChain); - verify(this.logger).info(anyString()); verify(this.request).setAttribute(this.requestAttr, Boolean.TRUE); verify(this.fcp).doFilter(this.requestCaptor.capture(), eq(this.response), eq(this.filterChain)); @@ -102,9 +101,7 @@ public class DebugFilterTests { public void doFilterProcessesForwardedRequests() throws Exception { given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE); HttpServletRequest request = new DebugRequestWrapper(this.request); - this.filter.doFilter(request, this.response, this.filterChain); - verify(this.logger).info(anyString()); verify(this.fcp).doFilter(request, this.response, this.filterChain); verify(this.request, never()).removeAttribute(this.requestAttr); @@ -114,9 +111,7 @@ public class DebugFilterTests { public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception { given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE); HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request)); - this.filter.doFilter(fireWalledRequest, this.response, this.filterChain); - verify(this.fcp).doFilter(fireWalledRequest, this.response, this.filterChain); } @@ -129,11 +124,8 @@ public class DebugFilterTests { request.addHeader("A", "A Value"); request.addHeader("A", "Another Value"); request.addHeader("B", "B Value"); - this.filter.doFilter(request, this.response, this.filterChain); - verify(this.logger).info(this.logCaptor.capture()); - assertThat(this.logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n" + "\n" + "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n" + "B: B Value\n" + "\n" + "\n" + "Security filter chain: no match"); diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java index aa36573226..ef2b49258a 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java @@ -33,7 +33,6 @@ public class DefaultHttpFirewallTests { @Test public void unnormalizedPathsAreRejected() { DefaultHttpFirewall fw = new DefaultHttpFirewall(); - MockHttpServletRequest request; for (String path : this.unnormalizedPaths) { request = new MockHttpServletRequest(); @@ -78,7 +77,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } @@ -91,7 +89,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } @@ -104,7 +101,6 @@ public class DefaultHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - fw.getFirewalledRequest(request); } diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java index 3b7fb9a846..6628070350 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java @@ -51,49 +51,42 @@ public class FirewalledResponseTests { @Test public void sendRedirectWhenValidThenNoException() throws Exception { this.fwResponse.sendRedirect("/theURL"); - verify(this.response).sendRedirect("/theURL"); } @Test public void sendRedirectWhenNullThenDelegateInvoked() throws Exception { this.fwResponse.sendRedirect(null); - verify(this.response).sendRedirect(null); } @Test public void sendRedirectWhenHasCrlfThenThrowsException() throws Exception { expectCrlfValidationException(); - this.fwResponse.sendRedirect("/theURL\r\nsomething"); } @Test public void addHeaderWhenValidThenDelegateInvoked() { this.fwResponse.addHeader("foo", "bar"); - verify(this.response).addHeader("foo", "bar"); } @Test public void addHeaderWhenNullValueThenDelegateInvoked() { this.fwResponse.addHeader("foo", null); - verify(this.response).addHeader("foo", null); } @Test public void addHeaderWhenHeaderValueHasCrlfThenException() { expectCrlfValidationException(); - this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100"); } @Test public void addHeaderWhenHeaderNameHasCrlfThenException() { expectCrlfValidationException(); - this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar"); } @@ -103,16 +96,13 @@ public class FirewalledResponseTests { cookie.setPath("/foobar"); cookie.setDomain("foobar"); cookie.setComment("foobar"); - this.fwResponse.addCookie(cookie); - verify(this.response).addCookie(cookie); } @Test public void addCookieWhenNullThenDelegateInvoked() { this.fwResponse.addCookie(null); - verify(this.response).addCookie(null); } @@ -124,10 +114,8 @@ public class FirewalledResponseTests { public String getName() { return "foo\r\nbar"; } - }; expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -135,7 +123,6 @@ public class FirewalledResponseTests { public void addCookieWhenCookieValueContainsCrlfThenException() { Cookie cookie = new Cookie("foo", "foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -144,7 +131,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setPath("/foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -153,7 +139,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setDomain("foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -162,7 +147,6 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setComment("foo\r\nbar"); expectCrlfValidationException(); - this.fwResponse.addCookie(cookie); } @@ -171,7 +155,6 @@ public class FirewalledResponseTests { validateLineEnding("foo", "foo\rbar"); validateLineEnding("foo", "foo\r\nbar"); validateLineEnding("foo", "foo\nbar"); - validateLineEnding("foo\rbar", "bar"); validateLineEnding("foo\r\nbar", "bar"); validateLineEnding("foo\nbar", "bar"); diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java index 36169d418d..247d0e963f 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java @@ -56,7 +56,6 @@ public class RequestWrapperTests { @Test public void pathParametersAreRemovedFromServletPath() { MockHttpServletRequest request = new MockHttpServletRequest(); - for (Map.Entry entry : testPaths.entrySet()) { String path = entry.getKey(); String expectedResult = entry.getValue(); @@ -71,7 +70,6 @@ public class RequestWrapperTests { @Test public void pathParametersAreRemovedFromPathInfo() { MockHttpServletRequest request = new MockHttpServletRequest(); - for (Map.Entry entry : testPaths.entrySet()) { String path = entry.getKey(); String expectedResult = entry.getValue(); @@ -97,11 +95,9 @@ public class RequestWrapperTests { given(mockRequest.getServletPath()).willReturn(""); given(mockRequest.getPathInfo()).willReturn(denormalizedPath); given(mockRequest.getRequestDispatcher(forwardPath)).willReturn(mockDispatcher); - RequestWrapper wrapper = new RequestWrapper(mockRequest); RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath); dispatcher.forward(mockRequest, mockResponse); - verify(mockRequest).getRequestDispatcher(forwardPath); verify(mockDispatcher).forward(mockRequest, mockResponse); assertThat(wrapper.getPathInfo()).isEqualTo(denormalizedPath); diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java index 9146827284..a09c7a9e2e 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java @@ -149,84 +149,72 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath(";/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3B/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3b/context"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -234,7 +222,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInContextPathAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setContextPath(";/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -242,7 +229,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInServletPathAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -250,7 +236,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInPathInfoAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -258,7 +243,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path;/"); - this.firewall.getFirewalledRequest(this.request); } @@ -267,7 +251,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setContextPath("%3B/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -276,7 +259,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -285,7 +267,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -293,7 +274,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path%3B/"); - this.firewall.getFirewalledRequest(this.request); } @@ -302,7 +282,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setContextPath("%3b/context"); - this.firewall.getFirewalledRequest(this.request); } @@ -311,7 +290,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setServletPath("/spring%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -320,7 +298,6 @@ public class StrictHttpFirewallTests { this.firewall.setAllowUrlEncodedPercent(true); this.firewall.setAllowSemicolon(true); this.request.setPathInfo("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @@ -328,21 +305,18 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() { this.firewall.setAllowSemicolon(true); this.request.setRequestURI("/path%3b/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2E/"); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2e/"); - this.firewall.getFirewalledRequest(this.request); } @@ -350,7 +324,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenAllowEncodedPeriodAndEncodedPeriodInThenNoException() { this.firewall.setAllowUrlEncodedPeriod(true); this.request.setRequestURI("/%2E/"); - this.firewall.getFirewalledRequest(this.request); } @@ -410,7 +383,6 @@ public class StrictHttpFirewallTests { this.request.setContextPath("/context-root"); this.request.setServletPath(""); this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(this.request); } @@ -423,7 +395,6 @@ public class StrictHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(request); } @@ -436,7 +407,6 @@ public class StrictHttpFirewallTests { request.setContextPath("/context-root"); request.setServletPath(""); request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI - this.firewall.getFirewalledRequest(request); } @@ -533,7 +503,6 @@ public class StrictHttpFirewallTests { } // blocklist - @Test public void getFirewalledRequestWhenRemoveFromUpperCaseEncodedUrlBlocklistThenNoException() { this.firewall.setAllowUrlEncodedSlash(true); @@ -582,7 +551,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenTrustedDomainThenNoException() { this.request.addHeader("Host", "example.org"); this.firewall.setAllowedHostnames((hostname) -> hostname.equals("example.org")); - assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException(); } @@ -590,14 +558,12 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenUntrustedDomainThenException() { this.request.addHeader("Host", "example.org"); this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org")); - this.firewall.getFirewalledRequest(this.request); } @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() { this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name")); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("bad name"); } @@ -606,7 +572,6 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() { this.request.addHeader("good name", "bad value"); this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value")); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("good name"); } @@ -614,7 +579,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetDateHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getDateHeader("Bad\0Name"); } @@ -622,7 +586,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetIntHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getIntHeader("Bad\0Name"); } @@ -630,7 +593,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Bad\0Name"); } @@ -638,7 +600,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderNameThenException() { this.request.addHeader("Bad\uFFFEName", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Bad\uFFFEName"); } @@ -646,7 +607,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaders("Bad\0Name"); } @@ -654,7 +614,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderNamesWhenControlCharacterInHeaderNameThenException() { this.request.addHeader("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaderNames().nextElement(); } @@ -662,7 +621,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\0value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Something"); } @@ -670,7 +628,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\uFFFEvalue"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeader("Something"); } @@ -678,7 +635,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderValueThenException() { this.request.addHeader("Something", "bad\0value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getHeaders("Something").nextElement(); } @@ -686,7 +642,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameter("Bad\0Name"); } @@ -694,7 +649,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterMapWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterMap(); } @@ -702,7 +656,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterNamesWhenControlCharacterInParameterNameThenException() { this.request.addParameter("Bad\0Name", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterNames().nextElement(); } @@ -710,7 +663,6 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterNamesWhenUndefinedCharacterInParameterNameThenException() { this.request.addParameter("Bad\uFFFEName", "some value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterNames().nextElement(); } @@ -718,9 +670,7 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() { this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value")); - this.request.addParameter("Something", "bad value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterValues("Something"); } @@ -728,9 +678,7 @@ public class StrictHttpFirewallTests { @Test(expected = RequestRejectedException.class) public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() { this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name")); - this.request.addParameter("bad name", "good value"); - HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); request.getParameterValues("bad name"); } diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java index 2bf8744e3e..6da7e6a2b7 100644 --- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java @@ -71,15 +71,11 @@ public class HeaderWriterFilterTests { List headerWriters = new ArrayList<>(); headerWriters.add(this.writer1); headerWriters.add(this.writer2); - HeaderWriterFilter filter = new HeaderWriterFilter(headerWriters); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain filterChain = new MockFilterChain(); - filter.doFilter(request, response, filterChain); - verify(this.writer1).writeHeaders(request, response); verify(this.writer2).writeHeaders(request, response); HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest) filterChain @@ -93,19 +89,14 @@ public class HeaderWriterFilterTests { @Test public void headersDelayed() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Arrays.asList(this.writer1)); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, (request1, response1) -> { verifyZeroInteractions(HeaderWriterFilterTests.this.writer1); - response1.flushBuffer(); - verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)); }); - verifyNoMoreInteractions(this.writer1); } @@ -113,19 +104,14 @@ public class HeaderWriterFilterTests { @Test public void doFilterWhenRequestContainsIncludeThenHeadersStillWritten() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1)); - MockHttpServletRequest mockRequest = new MockHttpServletRequest(); MockHttpServletResponse mockResponse = new MockHttpServletResponse(); - filter.doFilter(mockRequest, mockResponse, (request, response) -> { verifyZeroInteractions(HeaderWriterFilterTests.this.writer1); - request.getRequestDispatcher("/").include(request, response); - verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)); }); - verifyNoMoreInteractions(this.writer1); } @@ -133,13 +119,10 @@ public class HeaderWriterFilterTests { public void headersWrittenAtBeginningOfRequest() throws Exception { HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1)); filter.setShouldWriteHeadersEagerly(true); - MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1) .writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class))); - verifyNoMoreInteractions(this.writer1); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java index c21b93e29d..398a844f53 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java @@ -53,7 +53,6 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().size()).isEqualTo(3); assertThat(this.response.getHeaderValues("Cache-Control")) .containsOnly("no-cache, no-store, max-age=0, must-revalidate"); @@ -65,9 +64,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfCacheControl() { this.response.setHeader("Cache-Control", "max-age: 123"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Cache-Control")).containsOnly("max-age: 123"); assertThat(this.response.getHeaderValue("Pragma")).isNull(); @@ -77,9 +74,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfPragma() { this.response.setHeader("Pragma", "mock"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Pragma")).containsOnly("mock"); assertThat(this.response.getHeaderValue("Expires")).isNull(); @@ -89,9 +84,7 @@ public class CacheControlHeadersWriterTests { @Test public void writeHeadersDisabledIfExpires() { this.response.setHeader("Expires", "mock"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("Expires")).containsOnly("mock"); assertThat(this.response.getHeaderValue("Cache-Control")).isNull(); @@ -102,9 +95,7 @@ public class CacheControlHeadersWriterTests { // gh-5534 public void writeHeadersDisabledIfNotModified() { this.response.setStatus(HttpStatus.NOT_MODIFIED.value()); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java index 4b9b83589b..a559c13282 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java @@ -54,7 +54,6 @@ public class ClearSiteDataHeaderWriterTests { public void createInstanceWhenMissingSourceThenThrowsException() { this.thrown.expect(Exception.class); this.thrown.expectMessage("directives cannot be empty or null"); - new ClearSiteDataHeaderWriter(); } @@ -63,7 +62,6 @@ public class ClearSiteDataHeaderWriterTests { this.request.setSecure(false); ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)).isNull(); } @@ -71,7 +69,6 @@ public class ClearSiteDataHeaderWriterTests { public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSource() { ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.STORAGE); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)).isEqualTo("\"storage\""); } @@ -80,7 +77,6 @@ public class ClearSiteDataHeaderWriterTests { ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE, Directive.COOKIES, Directive.STORAGE, Directive.EXECUTION_CONTEXTS); headerWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeader(HEADER_NAME)) .isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\""); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java index fe3c26097a..52f69284ab 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java @@ -44,9 +44,7 @@ public class CompositeHeaderWriterTests { HttpServletResponse response = mock(HttpServletResponse.class); HeaderWriter one = mock(HeaderWriter.class); HeaderWriter two = mock(HeaderWriter.class); - CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two)); - headerWriter.writeHeaders(request, response); verify(one).writeHeaders(request, response); verify(two).writeHeaders(request, response); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java index 5946ac1105..2aebd2af5b 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java @@ -54,7 +54,6 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersWhenNoPolicyDirectivesThenUsesDefault() { ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter(); noPolicyWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -62,7 +61,6 @@ public class ContentSecurityPolicyHeaderWriterTests { @Test public void writeHeadersContentSecurityPolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -71,10 +69,8 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersContentSecurityPolicyCustom() { String policyDirectives = "default-src 'self'; " + "object-src plugins1.example.com plugins2.example.com; " + "script-src trustedscripts.example.com"; - this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives); } @@ -84,7 +80,6 @@ public class ContentSecurityPolicyHeaderWriterTests { ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter(); this.writer.setReportOnly(true); noPolicyWriter.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -93,7 +88,6 @@ public class ContentSecurityPolicyHeaderWriterTests { public void writeHeadersContentSecurityPolicyReportOnlyDefault() { this.writer.setReportOnly(true); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } @@ -101,11 +95,9 @@ public class ContentSecurityPolicyHeaderWriterTests { @Test public void writeHeadersContentSecurityPolicyReportOnlyCustom() { String policyDirectives = "default-src https:; report-uri https://example.com/"; - this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); this.writer.setReportOnly(true); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java index aca16eb1ae..8e4124f983 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java @@ -70,18 +70,14 @@ public class DelegatingRequestMatcherHeaderWriterTests { @Test public void writeHeadersOnMatch() { given(this.matcher.matches(this.request)).willReturn(true); - this.headerWriter.writeHeaders(this.request, this.response); - verify(this.delegate).writeHeaders(this.request, this.response); } @Test public void writeHeadersOnNoMatch() { given(this.matcher.matches(this.request)).willReturn(false); - this.headerWriter.writeHeaders(this.request, this.response); - verify(this.delegate, times(0)).writeHeaders(this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java index 00454d0459..8c62dbd1c5 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java @@ -53,7 +53,6 @@ public class FeaturePolicyHeaderWriterTests { @Test public void writeHeadersFeaturePolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Feature-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java index c92dfc09d8..537a65a2b8 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java @@ -43,7 +43,6 @@ public class HpkpHeaderWriterTests { defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); DEFAULT_PINS = Collections.unmodifiableMap(defaultPins); } - private MockHttpServletRequest request; private MockHttpServletResponse response; @@ -58,21 +57,16 @@ public class HpkpHeaderWriterTests { public void setup() { this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.writer = new HpkpHeaderWriter(); - Map defaultPins = new LinkedHashMap<>(); defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256"); - this.writer.setPins(defaultPins); - this.request.setSecure(true); } @Test public void writeHeadersDefaultValues() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -82,9 +76,7 @@ public class HpkpHeaderWriterTests { public void maxAgeCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -94,9 +86,7 @@ public class HpkpHeaderWriterTests { public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000, true); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -106,9 +96,7 @@ public class HpkpHeaderWriterTests { public void allArgsCustomConstructorWriteHeaders() { this.writer = new HpkpHeaderWriter(2592000, true, false); this.writer.setPins(DEFAULT_PINS); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -117,9 +105,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersCustomMaxAgeInSeconds() { this.writer.setMaxAgeInSeconds(2592000); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -128,9 +114,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersIncludeSubDomains() { this.writer.setIncludeSubDomains(true); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"); @@ -139,9 +123,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersTerminateConnection() { this.writer.setReportOnly(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")) .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); @@ -151,9 +133,7 @@ public class HpkpHeaderWriterTests { public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException { this.writer.setReportOnly(false); this.writer.setReportUri(new URI("https://example.com/pkp-report")); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\""); @@ -163,9 +143,7 @@ public class HpkpHeaderWriterTests { public void writeHeadersTerminateConnectionWithURIAsString() { this.writer.setReportOnly(false); this.writer.setReportUri("https://example.com/pkp-report"); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\""); @@ -176,7 +154,6 @@ public class HpkpHeaderWriterTests { this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo( "max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""); @@ -185,9 +162,7 @@ public class HpkpHeaderWriterTests { @Test public void writeHeadersInsecureRequestDoesNotWriteHeader() { this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java index 1ac7ea3b6c..dd006b845d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java @@ -45,7 +45,6 @@ public class HstsHeaderWriterTests { this.request = new MockHttpServletRequest(); this.request.setSecure(true); this.response = new MockHttpServletResponse(); - this.writer = new HstsHeaderWriter(); } @@ -53,9 +52,7 @@ public class HstsHeaderWriterTests { public void allArgsCustomConstructorWriteHeaders() { this.request.setSecure(false); this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000"); } @@ -64,9 +61,7 @@ public class HstsHeaderWriterTests { public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() { this.request.setSecure(false); this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000"); } @@ -74,9 +69,7 @@ public class HstsHeaderWriterTests { @Test public void maxAgeCustomConstructorWriteHeaders() { this.writer = new HstsHeaderWriter(15768000); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=15768000 ; includeSubDomains"); @@ -85,9 +78,7 @@ public class HstsHeaderWriterTests { @Test public void includeSubDomainsCustomConstructorWriteHeaders() { this.writer = new HstsHeaderWriter(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000"); } @@ -95,7 +86,6 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersDefaultValues() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=31536000 ; includeSubDomains"); @@ -104,9 +94,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersIncludeSubDomainsFalse() { this.writer.setIncludeSubDomains(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000"); } @@ -114,9 +102,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersCustomMaxAgeInSeconds() { this.writer.setMaxAgeInSeconds(1); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains"); } @@ -124,9 +110,7 @@ public class HstsHeaderWriterTests { @Test public void writeHeadersInsecureRequestDoesNotWriteHeader() { this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().isEmpty()).isTrue(); } @@ -134,9 +118,7 @@ public class HstsHeaderWriterTests { public void writeHeadersAnyRequestMatcher() { this.writer.setRequestMatcher(AnyRequestMatcher.INSTANCE); this.request.setSecure(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) .isEqualTo("max-age=31536000 ; includeSubDomains"); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java index 95d06305e8..b11c344fc3 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java @@ -52,7 +52,6 @@ public class ReferrerPolicyHeaderWriterTests { @Test public void writeHeadersReferrerPolicyDefault() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo(this.DEFAULT_REFERRER_POLICY); } @@ -60,9 +59,7 @@ public class ReferrerPolicyHeaderWriterTests { @Test public void writeHeadersReferrerPolicyCustom() { this.writer = new ReferrerPolicyHeaderWriter(ReferrerPolicy.SAME_ORIGIN); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo("same-origin"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java index ca82d20848..33c077d51d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java @@ -78,7 +78,6 @@ public class StaticHeaderWriterTests { String headerName = "X-header"; String headerValue = "foo"; StaticHeadersWriter factory = new StaticHeadersWriter(headerName, headerValue); - factory.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue)); } @@ -88,9 +87,7 @@ public class StaticHeaderWriterTests { Header pragma = new Header("Pragma", "no-cache"); Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate"); StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl)); - factory.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(2); assertThat(this.response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues()); assertThat(this.response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues()); @@ -106,11 +103,9 @@ public class StaticHeaderWriterTests { Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate"); StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl)); factory.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(2); assertThat(this.response.getHeader("Pragma")).isSameAs(pragmaValue); assertThat(this.response.getHeader("Cache-Control")).isSameAs(cacheControlValue); - } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java index 10288251a9..fac153df1e 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java @@ -46,7 +46,6 @@ public class XContentTypeOptionsHeaderWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java index 775e9058a1..c4525989d4 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java @@ -49,7 +49,6 @@ public class XXssProtectionHeaderWriterTests { @Test public void writeHeaders() { this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block"); } @@ -57,9 +56,7 @@ public class XXssProtectionHeaderWriterTests { @Test public void writeHeadersNoBlock() { this.writer.setBlock(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1"); } @@ -68,9 +65,7 @@ public class XXssProtectionHeaderWriterTests { public void writeHeadersDisabled() { this.writer.setBlock(false); this.writer.setEnabled(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0"); } @@ -78,9 +73,7 @@ public class XXssProtectionHeaderWriterTests { @Test public void setEnabledFalseWithBlockTrue() { this.writer.setEnabled(false); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0"); } @@ -89,7 +82,6 @@ public class XXssProtectionHeaderWriterTests { public void setBlockTrueWithEnabledFalse() { this.writer.setBlock(false); this.writer.setEnabled(false); - this.writer.setBlock(true); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java index b853d1dcbf..10599ea34d 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java @@ -39,7 +39,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { @Test public void nullAllowFromParameterValue() { RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -47,7 +46,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { public void emptyAllowFromParameterValue() { this.request.setParameter("x-frames-allow-from", ""); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -57,7 +55,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { this.request.setParameter(customParam, ""); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); strategy.setAllowFromParameterName(customParam); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } @@ -66,7 +63,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { String value = "https://example.com"; this.request.setParameter("x-frames-allow-from", value); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo(value); } @@ -75,7 +71,6 @@ public class AbstractRequestParameterAllowFromStrategyTests { String value = "https://example.com"; this.request.setParameter("x-frames-allow-from", value); RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false); - assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java index fdc33bee9c..2bf5e2abdb 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java @@ -69,9 +69,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersAllowFromReturnsNull() { this.writer = new XFrameOptionsHeaderWriter(this.strategy); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames().isEmpty()).isTrue(); } @@ -80,9 +78,7 @@ public class FrameOptionsHeaderWriterTests { String allowFromValue = "https://example.com/"; given(this.strategy.getAllowFromValue(this.request)).willReturn(allowFromValue); this.writer = new XFrameOptionsHeaderWriter(this.strategy); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)) .isEqualTo("ALLOW-FROM " + allowFromValue); @@ -91,9 +87,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersDeny() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } @@ -101,9 +95,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void writeHeadersSameOrigin() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN); - this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN"); } @@ -112,10 +104,8 @@ public class FrameOptionsHeaderWriterTests { public void writeHeadersTwiceLastWins() { this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN); this.writer.writeHeaders(this.request, this.response); - this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY); this.writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java index 3eb1ab512a..95dc5791c9 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java @@ -44,15 +44,12 @@ public class RegExpAllowFromStrategyTests { RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^https://([a-z0-9]*?\\.)test\\.com"); strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); - request.setParameter("from", "https://www.test.com"); String result1 = strategy.getAllowFromValue(request); assertThat(result1).isEqualTo("https://www.test.com"); - request.setParameter("from", "https://www.test.com"); String result2 = strategy.getAllowFromValue(request); assertThat(result2).isEqualTo("https://www.test.com"); - request.setParameter("from", "https://test.foobar.com"); String result3 = strategy.getAllowFromValue(request); assertThat(result3).isEqualTo("DENY"); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java index 1d088d6c34..3ccc08ed73 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java @@ -51,7 +51,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("https://www.test.com"); } @@ -65,7 +64,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("https://www.test.com"); } @@ -78,7 +76,6 @@ public class WhiteListedAllowFromStrategyTests { strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("from", "https://www.test123.com"); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("DENY"); } @@ -90,10 +87,8 @@ public class WhiteListedAllowFromStrategyTests { WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed); strategy.setAllowFromParameterName("from"); MockHttpServletRequest request = new MockHttpServletRequest(); - String result = strategy.getAllowFromValue(request); assertThat(result).isEqualTo("DENY"); - } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java index 9c8eb1e38d..d2974bc865 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java @@ -43,9 +43,7 @@ public class XFrameOptionsHeaderWriterTests { public void writeHeadersWhenWhiteList() { WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(Arrays.asList("example.com")); XFrameOptionsHeaderWriter writer = new XFrameOptionsHeaderWriter(whitelist); - writer.writeHeaders(this.request, this.response); - assertThat(this.response.getHeaderValue(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY"); } diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java index 2d6d4e3da5..d8412b2e8c 100644 --- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java @@ -77,7 +77,6 @@ public class JaasApiIntegrationFilterTests { this.filter = new JaasApiIntegrationFilter(); this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); - this.authenticatedSubject = new Subject(); this.authenticatedSubject.getPrincipals().add(() -> "principal"); this.authenticatedSubject.getPrivateCredentials().add("password"); @@ -99,7 +98,6 @@ public class JaasApiIntegrationFilterTests { } }; this.testConfiguration = new Configuration() { - @Override public void refresh() { } @@ -115,7 +113,6 @@ public class JaasApiIntegrationFilterTests { ctx.login(); this.token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx); - // just in case someone forgot to clear the context SecurityContextHolder.clearContext(); } @@ -194,14 +191,12 @@ public class JaasApiIntegrationFilterTests { private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception { MockFilterChain chain = new MockFilterChain() { - @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { // See if the subject was updated Subject currentSubject = Subject.getSubject(AccessController.getContext()); assertThat(currentSubject).isEqualTo(expectedValue); - // run so we know the chain was executed super.doFilter(request, response); } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java index 7a6b00d6e3..15c202283a 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java @@ -47,7 +47,6 @@ public class CookieMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}"; // @formatter:on - @Test public void serializeCookie() throws JsonProcessingException, JSONException { Cookie cookie = new Cookie("demo", "cookie1"); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java index 0130cc3b9e..f6ec0dedc5 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java @@ -42,7 +42,6 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests { + "\"token\": \"1\"" + "}"; // @formatter:on - @Test public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException { DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1"); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java index d5cff45f45..ba7104fd37 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java @@ -54,7 +54,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}]]"; // @formatter:on - // @formatter:off private static final String REQUEST_JSON = "{" + "\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", " @@ -74,7 +73,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { + "\"serverPort\": 80" + "}"; // @formatter:on - @Test public void matchRequestBuildWithConstructorAndBuilder() { DefaultSavedRequest request = new DefaultSavedRequest.Builder() @@ -86,7 +84,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { MockHttpServletRequest mockRequest = new MockHttpServletRequest(); mockRequest.setCookies(new Cookie("SESSION", "123456789")); mockRequest.addHeader("x-auth-token", "12"); - assert request.doesRequestMatch(mockRequest, new PortResolverImpl()); } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java index a4a79d5e6d..7be1a9514e 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java @@ -44,7 +44,6 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; // @formatter:on - PreAuthenticatedAuthenticationToken expected; @Before diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java index 597357a8ca..8fc97e5db1 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java @@ -51,13 +51,11 @@ public class SavedCookieMixinTests extends AbstractMixinTests { + "\"domain\": null" + "}"; // @formatter:on - // @formatter:off private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [" + COOKIE_JSON + "]]"; // @formatter:on - @Test public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException { SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789")); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java index 2a821f308a..4b353a4cb8 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java @@ -43,15 +43,12 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests { + "\"/localhost\"" + "}"; // @formatter:on - @Test public void buildWebAuthenticationDetailsUsingDifferentConstructors() throws IOException { MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("localhost"); request.setSession(new MockHttpSession(null, "1")); - WebAuthenticationDetails details = new WebAuthenticationDetails(request); - WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON, WebAuthenticationDetails.class); assertThat(details.equals(authenticationDetails)); diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java index 0e8f447630..00ad5c7657 100644 --- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java +++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java @@ -260,17 +260,14 @@ public final class ResolvableMethod { factory.addAdvice(interceptor); return (T) factory.getProxy(); } - else { Enhancer enhancer = new Enhancer(); enhancer.setSuperclass(type); enhancer.setInterfaces(new Class[] { Supplier.class }); enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE); enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class); - Class proxyClass = enhancer.createClass(); Object proxy = null; - if (objenesis.isWorthTrying()) { try { proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache()); @@ -279,7 +276,6 @@ public final class ResolvableMethod { logger.debug("Objenesis failed, falling back to default constructor", ex); } } - if (proxy == null) { try { proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance(); @@ -290,7 +286,6 @@ public final class ResolvableMethod { ex); } } - ((Factory) proxy).setCallbacks(new Callback[] { interceptor }); return (T) proxy; } @@ -426,7 +421,6 @@ public final class ResolvableMethod { } // Build & resolve shortcuts... - /** * Resolve and return the {@code Method} equivalent to: *

@@ -475,7 +469,6 @@ public final class ResolvableMethod { */ public MethodParameter resolveReturnType(Class returnType, ResolvableType generic, ResolvableType... generics) { - return returning(returnType, generic, generics).build().returnType(); } diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java index 3e78d79014..745902a800 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java @@ -84,7 +84,6 @@ public class CsrfTokenArgumentResolverTests { @Test public void resolveArgumentFound() throws Exception { this.request.setAttribute(CsrfToken.class.getName(), this.token); - assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory)) .isSameAs(this.token); } diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java index 7dfb2df30c..71d6687f9d 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java @@ -139,7 +139,6 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentUserDetails() { setAuthenticationDetail(new User("my_user", "my_password", AuthorityUtils.createAuthorityList("ROLE_USER"))); - User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null, null); assertThat(u.getUsername()).isEqualTo("my_user"); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java index 6bfabe3794..d7d5a915cd 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java @@ -94,19 +94,15 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenIsAuthenticationThenObtainsPrincipal() { MethodParameter parameter = this.authenticationPrincipal.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(this.authentication.getPrincipal()); } @Test public void resolveArgumentWhenIsEmptyThenMonoEmpty() { MethodParameter parameter = this.authenticationPrincipal.arg(String.class); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - assertThat(argument).isNotNull(); assertThat(argument.block()).isNull(); } @@ -115,10 +111,8 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenMonoIsAuthenticationThenObtainsPrincipal() { MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @@ -127,10 +121,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build() .arg(Mono.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @@ -139,10 +131,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MyUser user = new MyUser(3L); MethodParameter parameter = this.spel.arg(Long.class); given(this.authentication.getPrincipal()).willReturn(user); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(user.getId()); } @@ -152,10 +142,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.bean.arg(Long.class); given(this.authentication.getPrincipal()).willReturn(user); given(this.beanResolver.resolve(any(), eq("beanName"))).willReturn(new Bean()); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo(user.getId()); } @@ -163,10 +151,8 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentWhenMetaThenObtainsPrincipal() { MethodParameter parameter = this.meta.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isEqualTo("user"); } @@ -175,10 +161,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isNull(); } @@ -187,10 +171,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThat(argument.block()).isNull(); } @@ -199,10 +181,8 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build() .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); - Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); - assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java index fbaf87fa7f..874b565652 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java @@ -122,7 +122,6 @@ public class CsrfRequestDataValueProcessorTests { this.exchange.getAttributes().put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token); Map expected = new HashMap<>(); expected.put(token.getParameterName(), token.getToken()); - CsrfRequestDataValueProcessor processor = new CsrfRequestDataValueProcessor(); assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java index b6a8596640..4b24012da9 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java @@ -39,7 +39,6 @@ public class CookieRequestCacheTests { @Test public void saveRequestWhenMatchesThenSavedRequestInACookieOnResponse() { CookieRequestCache cookieRequestCache = new CookieRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerPort(443); request.setSecure(true); @@ -48,15 +47,11 @@ public class CookieRequestCacheTests { request.setRequestURI("/destination"); request.setQueryString("param1=a¶m2=b¶m3=1122"); MockHttpServletResponse response = new MockHttpServletResponse(); - cookieRequestCache.saveRequest(request, response); - Cookie savedCookie = response.getCookie(DEFAULT_COOKIE_NAME); assertThat(savedCookie).isNotNull(); - String redirectUrl = decodeCookie(savedCookie.getValue()); assertThat(redirectUrl).isEqualTo("https://abc.com/destination?param1=a¶m2=b¶m3=1122"); - assertThat(savedCookie.getMaxAge()).isEqualTo(-1); assertThat(savedCookie.getPath()).isEqualTo("/"); assertThat(savedCookie.isHttpOnly()).isTrue(); @@ -74,14 +69,11 @@ public class CookieRequestCacheTests { public void getMatchingRequestWhenRequestMatcherDefinedThenReturnsCorrectSubsetOfCachedRequests() { CookieRequestCache cookieRequestCache = new CookieRequestCache(); cookieRequestCache.setRequestMatcher((request) -> request.getRequestURI().equals("/expected-destination")); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cookieRequestCache.saveRequest(request, response); - SavedRequest savedRequest = cookieRequestCache.getRequest(request, response); assertThat(savedRequest).isNull(); - HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response); assertThat(matchingRequest).isNull(); } @@ -105,12 +97,10 @@ public class CookieRequestCacheTests { @Test public void getRequestWhenRequestContainsSavedRequestCookieThenReturnsSaveRequest() { - CookieRequestCache cookieRequestCache = new CookieRequestCache(); MockHttpServletRequest request = new MockHttpServletRequest(); String redirectUrl = "https://abc.com/destination?param1=a¶m2=b¶m3=1122"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); - SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse()); assertThat(savedRequest).isNotNull(); assertThat(savedRequest.getRedirectUrl()).isEqualTo(redirectUrl); @@ -118,10 +108,8 @@ public class CookieRequestCacheTests { @Test public void matchingRequestWhenRequestDoesNotContainSavedRequestCookieThenReturnsNull() { - CookieRequestCache cookieRequestCache = new CookieRequestCache(); MockHttpServletResponse response = new MockHttpServletResponse(); - HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(new MockHttpServletRequest(), response); assertThat(matchingRequest).isNull(); @@ -138,11 +126,9 @@ public class CookieRequestCacheTests { request.setServerName("abc.com"); request.setRequestURI("/destination"); request.setQueryString("param1=a¶m2=b¶m3=1122"); - String redirectUrl = "https://abc.com/destination?param1=a¶m2=b¶m3=1122"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); MockHttpServletResponse response = new MockHttpServletResponse(); - cookieRequestCache.getMatchingRequest(request, response); Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME); assertThat(expiredCookie).isNotNull(); @@ -159,11 +145,9 @@ public class CookieRequestCacheTests { request.setScheme("https"); request.setServerName("abc.com"); request.setRequestURI("/destination"); - String redirectUrl = "https://abc.com/api"; request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl))); MockHttpServletResponse response = new MockHttpServletResponse(); - final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response); assertThat(matchingRequest).isNull(); Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME); diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java index d352f5242a..83a9499f60 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java @@ -43,24 +43,20 @@ public class HttpSessionRequestCacheTests { @Test public void originalGetRequestDoesntMatchIncomingPost() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull(); assertThat(cache.getRequest(request, response)).isNotNull(); - MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination"); newRequest.setSession(request.getSession()); assertThat(cache.getMatchingRequest(newRequest, response)).isNull(); - } @Test public void requestMatcherDefinesCorrectSubsetOfCachedRequests() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); cache.setRequestMatcher((request) -> request.getMethod().equals("GET")); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); @@ -75,16 +71,13 @@ public class HttpSessionRequestCacheTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); HttpSessionRequestCache cache = new HttpSessionRequestCache() { - @Override public void saveRequest(HttpServletRequest request, HttpServletResponse response) { request.getSession().setAttribute(SAVED_REQUEST, new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl()))); } - }; cache.saveRequest(request, response); - cache.saveRequest(request, response); assertThat(cache.getRequest(request, response)).isInstanceOf(CustomSavedRequest.class); } @@ -93,14 +86,11 @@ public class HttpSessionRequestCacheTests { public void testCustomSessionAttrName() { HttpSessionRequestCache cache = new HttpSessionRequestCache(); cache.setSessionAttrName("CUSTOM_SAVED_REQUEST"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); - assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull(); assertThat(request.getSession().getAttribute("CUSTOM_SAVED_REQUEST")).isNotNull(); - } private static final class CustomSavedRequest implements SavedRequest { diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java index 6457a22d6d..08414bf576 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java @@ -34,12 +34,10 @@ public class RequestCacheAwareFilterTests { public void doFilterWhenHttpSessionRequestCacheConfiguredThenSavedRequestRemovedAfterMatch() throws Exception { RequestCacheAwareFilter filter = new RequestCacheAwareFilter(); HttpSessionRequestCache cache = new HttpSessionRequestCache(); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination"); MockHttpServletResponse response = new MockHttpServletResponse(); cache.saveRequest(request, response); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull(); - filter.doFilter(request, response, new MockFilterChain()); assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull(); } @@ -48,14 +46,12 @@ public class RequestCacheAwareFilterTests { public void doFilterWhenCookieRequestCacheConfiguredThenExpiredSavedRequestCookieSetAfterMatch() throws Exception { CookieRequestCache cache = new CookieRequestCache(); RequestCacheAwareFilter filter = new RequestCacheAwareFilter(cache); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServerName("abc.com"); request.setRequestURI("/destination"); request.setScheme("https"); request.setServerPort(443); request.setSecure(true); - String encodedRedirectUrl = Base64.getEncoder().encodeToString("https://abc.com/destination".getBytes()); Cookie savedRequest = new Cookie("REDIRECT_URI", encodedRedirectUrl); savedRequest.setMaxAge(-1); @@ -63,11 +59,8 @@ public class RequestCacheAwareFilterTests { savedRequest.setPath("/"); savedRequest.setHttpOnly(true); request.setCookies(savedRequest); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, new MockFilterChain()); - Cookie expiredCookie = response.getCookie("REDIRECT_URI"); assertThat(expiredCookie).isNotNull(); assertThat(expiredCookie.getValue()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java index 6a3ba4987c..b1d0d23a45 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java @@ -56,11 +56,9 @@ public class SavedRequestAwareWrapperTests { MockHttpServletRequest savedRequest = new MockHttpServletRequest(); savedRequest.addHeader("header", "savedheader"); SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest()); - assertThat(wrapper.getHeader("nonexistent")).isNull(); Enumeration headers = wrapper.getHeaders("nonexistent"); assertThat(headers.hasMoreElements()).isFalse(); - assertThat(wrapper.getHeader("Header")).isEqualTo("savedheader"); headers = wrapper.getHeaders("heaDer"); assertThat(headers.hasMoreElements()).isTrue(); @@ -125,7 +123,6 @@ public class SavedRequestAwareWrapperTests { savedRequest.setParameter("action", "foo"); MockHttpServletRequest wrappedRequest = new MockHttpServletRequest(); SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, wrappedRequest); - assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "foo" }); wrappedRequest.setParameter("action", "bar"); assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "bar", "foo" }); @@ -144,7 +141,6 @@ public class SavedRequestAwareWrapperTests { request.addHeader("header", nowString); SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest()); assertThat(wrapper.getDateHeader("header")).isEqualTo(now.getTime()); - assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L); } @@ -169,7 +165,6 @@ public class SavedRequestAwareWrapperTests { request.addHeader("header", "999"); request.addHeader("header", "1000"); SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest()); - assertThat(wrapper.getIntHeader("header")).isEqualTo(999); assertThat(wrapper.getIntHeader("nonexistent")).isEqualTo(-1); } diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java index 24aa5ecb80..45afe5fa6a 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java @@ -33,30 +33,24 @@ public class SimpleSavedRequestTests { @Test public void constructorWhenGivenSavedRequestThenCopies() { SavedRequest savedRequest = new SimpleSavedRequest(prepareSavedRequest()); - assertThat(savedRequest.getMethod()).isEqualTo("POST"); - List cookies = savedRequest.getCookies(); assertThat(cookies).hasSize(1); Cookie cookie = cookies.get(0); assertThat(cookie.getName()).isEqualTo("cookiename"); assertThat(cookie.getValue()).isEqualTo("cookievalue"); - Collection headerNames = savedRequest.getHeaderNames(); assertThat(headerNames).hasSize(1); String headerName = headerNames.iterator().next(); assertThat(headerName).isEqualTo("headername"); - List headerValues = savedRequest.getHeaderValues("headername"); assertThat(headerValues).hasSize(1); String headerValue = headerValues.get(0); assertThat(headerValue).isEqualTo("headervalue"); - List locales = savedRequest.getLocales(); assertThat(locales).hasSize(1); Locale locale = locales.get(0); assertThat(locale).isEqualTo(Locale.ENGLISH); - Map parameterMap = savedRequest.getParameterMap(); assertThat(parameterMap).hasSize(1); String[] values = parameterMap.get("key"); @@ -67,7 +61,6 @@ public class SimpleSavedRequestTests { @Test public void constructorWhenGivenRedirectUrlThenDefaultValues() { SavedRequest savedRequest = new SimpleSavedRequest("redirectUrl"); - assertThat(savedRequest.getMethod()).isEqualTo("GET"); assertThat(savedRequest.getCookies()).isEmpty(); assertThat(savedRequest.getHeaderNames()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java index 634f0704dc..eaf5c1ece7 100644 --- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java @@ -58,16 +58,13 @@ public class DefaultServerRedirectStrategyTests { @Test public void sendRedirectWhenNoSubscribersThenNoActions() { this.strategy.sendRedirect(this.exchange, this.location); - verifyZeroInteractions(this.exchange); } @Test public void sendRedirectWhenNoContextPathThenStatusAndLocationSet() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -75,9 +72,7 @@ public class DefaultServerRedirectStrategyTests { @Test public void sendRedirectWhenContextPathSetThenStatusAndLocationSet() { this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()) .hasPath("/context" + this.location.getPath()); @@ -87,9 +82,7 @@ public class DefaultServerRedirectStrategyTests { public void sendRedirectWhenContextPathSetAndAbsoluteURLThenStatusAndLocationSet() { this.location = URI.create("https://example.com/foo/bar"); this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -98,9 +91,7 @@ public class DefaultServerRedirectStrategyTests { public void sendRedirectWhenContextPathSetAndDisabledThenStatusAndLocationSet() { this.strategy.setContextRelative(false); this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } @@ -110,9 +101,7 @@ public class DefaultServerRedirectStrategyTests { HttpStatus status = HttpStatus.MOVED_PERMANENTLY; this.strategy.setHttpStatus(status); this.exchange = exchange(MockServerHttpRequest.get("/")); - this.strategy.sendRedirect(this.exchange, this.location).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(status); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath()); } diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java index 924a940fd4..d80795a937 100644 --- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java @@ -69,10 +69,8 @@ public class DelegatingServerAuthenticationEntryPointTests { given(this.delegate2.commence(this.exchange, this.e)).willReturn(expectedResult); this.entryPoint = new DelegatingServerAuthenticationEntryPoint(new DelegateEntry(this.matcher1, this.delegate1), new DelegateEntry(this.matcher2, this.delegate2)); - Mono actualResult = this.entryPoint.commence(this.exchange, this.e); actualResult.block(); - verifyZeroInteractions(this.delegate1); verify(this.delegate2).commence(this.exchange, this.e); } @@ -82,9 +80,7 @@ public class DelegatingServerAuthenticationEntryPointTests { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); this.entryPoint = new DelegatingServerAuthenticationEntryPoint( new DelegateEntry(this.matcher1, this.delegate1)); - this.entryPoint.commence(this.exchange, this.e).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); verifyZeroInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java index a0b4bf8b3a..cb60a158bf 100644 --- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java @@ -34,7 +34,6 @@ import org.springframework.web.server.WebFilterChain; * @author Rob Winch * @since 5.0 */ - public class WebFilterChainProxyTests { // gh-4668 @@ -44,7 +43,6 @@ public class WebFilterChainProxyTests { ServerWebExchangeMatcher notMatch = (exchange) -> MatchResult.notMatch(); MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters); WebFilterChainProxy filter = new WebFilterChainProxy(chain); - WebTestClient.bindToController(new Object()).webFilter(filter).build().get().exchange().expectStatus() .isNotFound(); } diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java index f5e67ca78c..b896310add 100644 --- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java +++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java @@ -54,14 +54,12 @@ public class WebFilterExchangeTests { @Test public void getExchange() { WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain); - assertThat(filterExchange.getExchange()).isEqualTo(this.exchange); } @Test public void getChain() { WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain); - assertThat(filterExchange.getChain()).isEqualTo(this.chain); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java index 41c965d4f5..7bbbcc9985 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java @@ -42,10 +42,8 @@ public class AnonymousAuthenticationWebFilterTests { @Test public void anonymousAuthenticationFilterWorking() { - WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(HttpMeController.class, new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())).build(); - client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java index 9cee39d0d9..6addc3d8ad 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java @@ -64,35 +64,30 @@ public class AuthenticationConverterServerWebExchangeMatcherTests { @Test public void matchesWhenNotEmptyThenReturnTrue() { given(this.converter.convert(any())).willReturn(Mono.just(this.authentication)); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @Test public void matchesWhenEmptyThenReturnFalse() { given(this.converter.convert(any())).willReturn(Mono.empty()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @Test public void matchesWhenErrorThenReturnFalse() { given(this.converter.convert(any())).willReturn(Mono.error(new RuntimeException())); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @Test public void matchesWhenNullThenThrowsException() { given(this.converter.convert(any())).willReturn(null); - assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class); } @Test public void matchesWhenExceptionThenPropagates() { given(this.converter.convert(any())).willThrow(RuntimeException.class); - assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java index 4c935b969d..863cc1183a 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java @@ -83,13 +83,10 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - verifyZeroInteractions(this.authenticationManager); assertThat(result.getResponseCookies()).isEmpty(); } @@ -97,13 +94,10 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - verifyZeroInteractions(this.authenticationManagerResolver); assertThat(result.getResponseCookies()).isEmpty(); } @@ -113,14 +107,11 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -129,16 +120,12 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); - this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -147,13 +134,10 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("failed"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); - assertThat(result.getResponseCookies()).isEmpty(); } @@ -162,27 +146,20 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("failed"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); - this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); - assertThat(result.getResponseCookies()).isEmpty(); } @Test public void filterWhenConvertEmptyThenOk() { given(this.authenticationConverter.convert(any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class) .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler); } @@ -190,11 +167,8 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenConvertErrorThenServerError() { given(this.authenticationConverter.convert(any())).willReturn(Mono.error(new RuntimeException("Unexpected"))); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler); } @@ -206,11 +180,8 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())).willReturn(authentication); given(this.successHandler.onAuthenticationSuccess(any(), any())).willReturn(Mono.empty()); given(this.securityContextRepository.save(any(), any())).willAnswer((a) -> Mono.just(a.getArguments()[0])); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty(); - verify(this.successHandler).onAuthenticationSuccess(any(), eq(authentication.block())); verify(this.securityContextRepository).save(any(), any()); verifyZeroInteractions(this.failureHandler); @@ -221,11 +192,8 @@ public class AuthenticationWebFilterTests { Mono authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER")); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler, this.failureHandler); } @@ -233,14 +201,11 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() { this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); - assertThat(result.getResponseCookies()).isEmpty(); verifyZeroInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler); } @@ -252,11 +217,8 @@ public class AuthenticationWebFilterTests { given(this.authenticationManager.authenticate(any())) .willReturn(Mono.error(new BadCredentialsException("Failed"))); given(this.failureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty()); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty(); - verify(this.failureHandler).onAuthenticationFailure(any(), any()); verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler); @@ -267,11 +229,8 @@ public class AuthenticationWebFilterTests { Mono authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER")); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())).willReturn(Mono.error(new RuntimeException("Failed"))); - WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty(); - verify(this.securityContextRepository, never()).save(any(), any()); verifyZeroInteractions(this.successHandler, this.failureHandler); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java index 179ae25eba..5c3e1a6319 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java @@ -84,9 +84,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { public void onAuthenticationSuccessWhenSingleThenExecuted() { DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler( this.delegate1); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); } @@ -94,9 +92,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { public void onAuthenticationSuccessWhenMultipleThenExecuted() { DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler( this.delegate1, this.delegate2); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); this.delegate2Result.assertWasSubscribed(); } @@ -114,9 +110,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { }); DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow, second); - handler.onAuthenticationSuccess(this.exchange, this.authentication).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java index b40e6b5d06..43c8828e48 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java @@ -48,16 +48,13 @@ public class HttpBasicServerAuthenticationEntryPointTests { @Test public void commenceWhenNoSubscribersThenNoActions() { this.entryPoint.commence(this.exchange, this.exception); - verifyZeroInteractions(this.exchange); } @Test public void commenceWhenSubscribeThenStatusAndHeaderSet() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) .containsOnly("Basic realm=\"Realm\""); @@ -67,9 +64,7 @@ public class HttpBasicServerAuthenticationEntryPointTests { public void commenceWhenCustomRealmThenStatusAndHeaderSet() { this.entryPoint.setRealm("Custom"); this.exchange = exchange(MockServerHttpRequest.get("/")); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) .containsOnly("Basic realm=\"Custom\""); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java index f5e40368dd..2fb7ea2f87 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java @@ -63,7 +63,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { @Test public void returnsAuthenticatedTokenForValidAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.validAccount)); - Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername())) .block(); assertThat(authentication.isAuthenticated()).isEqualTo(true); @@ -72,28 +71,24 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { @Test(expected = UsernameNotFoundException.class) public void returnsNullForNonExistingAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty()); - this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block(); } @Test(expected = LockedException.class) public void throwsExceptionForLockedAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount)); - this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block(); } @Test(expected = DisabledException.class) public void throwsExceptionForDisabledAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount)); - this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block(); } @Test(expected = AccountExpiredException.class) public void throwsExceptionForExpiredAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount)); - this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block(); } @@ -101,7 +96,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { public void throwsExceptionForAccountWithExpiredCredentials() { given(this.mockUserDetailsService.findByUsername(anyString())) .willReturn(Mono.just(this.accountWithExpiredCredentials)); - this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java index e6b075f2ad..d48160c43f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java @@ -64,7 +64,6 @@ public class RedirectServerAuthenticationEntryPointTests { public void commenceWhenNoSubscribersThenNoActions() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); this.entryPoint.commence(this.exchange, this.exception); - assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getSession().block().isStarted()).isFalse(); } @@ -72,9 +71,7 @@ public class RedirectServerAuthenticationEntryPointTests { @Test public void commenceWhenSubscribeThenStatusAndLocationSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.entryPoint.commence(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location); } @@ -85,9 +82,7 @@ public class RedirectServerAuthenticationEntryPointTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.entryPoint.setRedirectStrategy(this.redirectStrategy); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.entryPoint.commence(this.exchange, this.exception).block(); - redirectResult.assertWasSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java index 25cba86938..6f0cb185a0 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java @@ -65,7 +65,6 @@ public class RedirectServerAuthenticationFailureHandlerTests { public void commenceWhenNoSubscribersThenNoActions() { this.exchange = createExchange(); this.handler.onAuthenticationFailure(this.exchange, this.exception); - assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse(); } @@ -73,9 +72,7 @@ public class RedirectServerAuthenticationFailureHandlerTests { @Test public void commenceWhenSubscribeThenStatusAndLocationSet() { this.exchange = createExchange(); - this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); - assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location); } @@ -86,9 +83,7 @@ public class RedirectServerAuthenticationFailureHandlerTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.handler.setRedirectStrategy(this.redirectStrategy); this.exchange = createExchange(); - this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); - redirectResult.assertWasSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java index 8fe06ccb91..6a4054b620 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java @@ -70,9 +70,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests { @Test public void successWhenNoSubscribersThenNoActions() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication); - assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull(); assertThat(this.exchange.getSession().block().isStarted()).isFalse(); } @@ -80,10 +78,8 @@ public class RedirectServerAuthenticationSuccessHandlerTests { @Test public void successWhenSubscribeThenStatusAndLocationSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) .block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location); } @@ -94,7 +90,6 @@ public class RedirectServerAuthenticationSuccessHandlerTests { given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono()); this.handler.setRedirectStrategy(this.redirectStrategy); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) .block(); redirectResult.assertWasSubscribed(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java index 23d0288917..ffa96d4e38 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java @@ -65,7 +65,6 @@ public class ServerAuthenticationEntryPointFailureHandlerTests { Mono result = Mono.empty(); BadCredentialsException e = new BadCredentialsException("Failed"); given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(result); - assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java index 0088aa89b8..49d6866fde 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java @@ -56,9 +56,7 @@ public class ServerFormLoginAuthenticationConverterTests { String password = "password"; this.data.add("username", username); this.data.add("password", password); - Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isEqualTo(username); assertThat(authentication.getCredentials()).isEqualTo(password); assertThat(authentication.getAuthorities()).isEmpty(); @@ -74,9 +72,7 @@ public class ServerFormLoginAuthenticationConverterTests { this.converter.setPasswordParameter(passwordParameter); this.data.add(usernameParameter, username); this.data.add(passwordParameter, password); - Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isEqualTo(username); assertThat(authentication.getCredentials()).isEqualTo(password); assertThat(authentication.getAuthorities()).isEmpty(); @@ -85,7 +81,6 @@ public class ServerFormLoginAuthenticationConverterTests { @Test public void applyWhenNoDataThenCreatesTokenSuccess() { Authentication authentication = this.converter.convert(this.exchange).block(); - assertThat(authentication.getName()).isNullOrEmpty(); assertThat(authentication.getCredentials()).isNull(); assertThat(authentication.getAuthorities()).isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java index da1500df3b..b00b308031 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java @@ -40,35 +40,30 @@ public class ServerHttpBasicAuthenticationConverterTests { @Test public void applyWhenNoAuthorizationHeaderThenEmpty() { Mono result = apply(this.request); - assertThat(result.block()).isNull(); } @Test public void applyWhenEmptyAuthorizationHeaderThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "")); - assertThat(result.block()).isNull(); } @Test public void applyWhenOnlyBasicAuthorizationHeaderThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic ")); - assertThat(result.block()).isNull(); } @Test public void applyWhenNotBase64ThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic z")); - assertThat(result.block()).isNull(); } @Test public void applyWhenNoSemicolonThenEmpty() { Mono result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg==")); - assertThat(result.block()).isNull(); } @@ -76,7 +71,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenUserPasswordThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -87,7 +81,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenUserPasswordHasColonThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ=")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -98,7 +91,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenLowercaseSchemeThenAuthentication() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA==")); - UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); @@ -109,7 +101,6 @@ public class ServerHttpBasicAuthenticationConverterTests { public void applyWhenWrongSchemeThenEmpty() { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "token dXNlcjpwYXNzd29yZA==")); - assertThat(result.block()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java index 6e5d2e83db..f94d6aeb33 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java @@ -52,7 +52,6 @@ public class ServerX509AuthenticationConverterTests { @Before public void setUp() throws Exception { this.request = MockServerHttpRequest.get("/"); - this.certificate = X509TestUtils.buildTestCertificate(); given(this.principalExtractor.extractPrincipal(any())).willReturn("Luke Taylor"); } @@ -61,17 +60,14 @@ public class ServerX509AuthenticationConverterTests { public void shouldReturnNullForInvalidCertificate() { Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) .block(); - assertThat(authentication).isNull(); } @Test public void shouldReturnAuthenticationForValidCertificate() { this.request.sslInfo(new MockSslInfo(this.certificate)); - Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) .block(); - assertThat(authentication.getName()).isEqualTo("Luke Taylor"); assertThat(authentication.getCredentials()).isEqualTo(this.certificate); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java index ae7e5531fb..2161e8660c 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java @@ -103,7 +103,6 @@ public class SwitchUserWebFilterTests { verifyNoInteractions(this.successHandler); verifyNoInteractions(this.failureHandler); verifyNoInteractions(this.serverSecurityContextRepository); - verify(chain).filter(exchange); } @@ -111,39 +110,29 @@ public class SwitchUserWebFilterTests { public void switchUser() { final String targetUsername = "TEST_USERNAME"; final UserDetails switchUserDetails = switchUserDetails(targetUsername, true); - final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("principal", "credentials"); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); - given(this.userDetailsService.findByUsername(targetUsername)).willReturn(Mono.just(switchUserDetails)); given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - verifyNoInteractions(chain); verify(this.userDetailsService).findByUsername(targetUsername); - final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture()); final SecurityContext savedSecurityContext = securityContextCaptor.getValue(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication switchUserAuthentication = authenticationCaptor.getValue(); - assertThat(switchUserAuthentication).isSameAs(savedSecurityContext.getAuthentication()); assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername); assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance); @@ -159,37 +148,28 @@ public class SwitchUserWebFilterTests { public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() { final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); - final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); - final String targetUsername = "newSwitchPrincipal"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); - given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); given(this.userDetailsService.findByUsername(targetUsername)) .willReturn(Mono.just(switchUserDetails(targetUsername, true))); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue(); - assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername); assertThat(secondSwitchUserAuthentication.getAuthorities().stream() .filter((a) -> a instanceof SwitchUserGrantedAuthority) @@ -201,13 +181,10 @@ public class SwitchUserWebFilterTests { public void switchUserWhenUsernameIsMissingThenThrowException() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - this.exceptionRule.expect(IllegalArgumentException.class); this.exceptionRule.expectMessage("The userName can not be null."); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -219,19 +196,15 @@ public class SwitchUserWebFilterTests { final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)); verifyNoInteractions(chain); } @@ -239,19 +212,14 @@ public class SwitchUserWebFilterTests { @Test public void switchUserWhenFailureHandlerNotDefinedThenReturnError() { this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null); - final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); - final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); - this.exceptionRule.expect(DisabledException.class); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -262,37 +230,28 @@ public class SwitchUserWebFilterTests { public void exitSwitchThenReturnToOriginalAuthentication() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); - given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) .willReturn(Mono.empty()); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); - final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture()); final SecurityContext savedSecurityContext = securityContextCaptor.getValue(); - final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); - final Authentication originalAuthenticationValue = authenticationCaptor.getValue(); - assertThat(savedSecurityContext.getAuthentication()).isSameAs(originalAuthentication); assertThat(originalAuthenticationValue).isSameAs(originalAuthentication); verifyNoInteractions(chain); @@ -302,16 +261,12 @@ public class SwitchUserWebFilterTests { public void exitSwitchWhenUserNotSwitchedThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials"); - final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); - this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class); this.exceptionRule.expectMessage("Could not find original Authentication object"); - this.switchUserWebFilter.filter(exchange, chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) .block(); @@ -322,12 +277,9 @@ public class SwitchUserWebFilterTests { public void exitSwitchWhenNoCurrentUserThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final WebFilterChain chain = mock(WebFilterChain.class); - this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class); this.exceptionRule.expectMessage("No current user associated with this request"); - this.switchUserWebFilter.filter(exchange, chain).block(); verifyNoInteractions(chain); } @@ -373,14 +325,11 @@ public class SwitchUserWebFilterTests { "failure/target/url"); final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler"); assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class); - final Object failureHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "failureHandler"); assertThat(failureHandler).isInstanceOf(RedirectServerAuthenticationFailureHandler.class); - final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter, "securityContextRepository"); assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class); - final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker"); assertThat(userDetailsChecker instanceof AccountStatusUserDetailsChecker).isTrue(); } @@ -426,16 +375,13 @@ public class SwitchUserWebFilterTests { public void setExitUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); this.switchUserWebFilter.setExitUserUrl("/exit-url"); final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url")); final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue(); } @@ -451,20 +397,14 @@ public class SwitchUserWebFilterTests { public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/logout/impersonate")); - final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); - final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/exit-url"); - this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher); - final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "exitUserMatcher"); - assertThat(currentExitUserMatcher).isSameAs(newExitUserMatcher); } @@ -488,14 +428,10 @@ public class SwitchUserWebFilterTests { public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); - assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); - this.switchUserWebFilter.setSwitchUserUrl("/switch-url"); - final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url")); final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); @@ -514,17 +450,12 @@ public class SwitchUserWebFilterTests { public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.post("/login/impersonate")); - final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); - assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); - final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/switch-url"); - this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher); - final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java index 9414b01363..0f42d12f4d 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java @@ -94,7 +94,6 @@ public class DelegatingServerLogoutHandlerTests { public void logoutWhenSingleThenExecuted() { DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1); handler.logout(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); } @@ -102,7 +101,6 @@ public class DelegatingServerLogoutHandlerTests { public void logoutWhenMultipleThenExecuted() { DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1, this.delegate2); handler.logout(this.exchange, this.authentication).block(); - this.delegate1Result.assertWasSubscribed(); this.delegate2Result.assertWasSubscribed(); } @@ -118,9 +116,7 @@ public class DelegatingServerLogoutHandlerTests { assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); }); DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(slow, second); - handler.logout(this.exchange, this.authentication).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java index 0cb532a837..af8cad8e6b 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java @@ -48,9 +48,7 @@ public class HeaderWriterServerLogoutHandlerTests { WebFilterExchange filterExchange = mock(WebFilterExchange.class); given(filterExchange.getExchange()).willReturn(serverWebExchange); Authentication authentication = mock(Authentication.class); - handler.logout(filterExchange, authentication); - verify(headersWriter).writeHttpHeaders(serverWebExchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java index 09065c9dd7..d26a9b345f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java @@ -40,7 +40,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler().onLogoutSuccess(filterExchange, mock(Authentication.class)) .block(); - assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.OK); } @@ -49,7 +48,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.NO_CONTENT) .onLogoutSuccess(filterExchange, mock(Authentication.class)).block(); - assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT); } @@ -63,7 +61,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { private static WebFilterExchange buildFilterExchange() { MockServerHttpRequest request = MockServerHttpRequest.get("/").build(); MockServerWebExchange exchange = MockServerWebExchange.from(request); - return new WebFilterExchange(exchange, mock(WebFilterChain.class)); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java index 4439a68961..d87fdeb9fb 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java @@ -56,7 +56,6 @@ public class LogoutWebFilterTests { public void singleLogoutHandler() { this.logoutWebFilter.setLogoutHandler(this.handler1); this.logoutWebFilter.setLogoutHandler(this.handler2); - assertThat(getLogoutHandler()).isNotNull().isInstanceOf(ServerLogoutHandler.class) .isNotInstanceOf(SecurityContextServerLogoutHandler.class).extracting(ServerLogoutHandler::getClass) .isEqualTo(this.handler2.getClass()); @@ -66,7 +65,6 @@ public class LogoutWebFilterTests { public void multipleLogoutHandlers() { this.logoutWebFilter .setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3)); - assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) .extracting((delegatingLogoutHandler) -> ((Collection) ReflectionTestUtils .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java index 0bcbcb5edc..0afc768ed2 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java @@ -55,9 +55,7 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -67,10 +65,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> a.flatMap((auth) -> Mono.error(new AccessDeniedException("Denied")))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl()))); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -80,10 +76,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R"))); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -94,10 +88,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); context.assertWasNotSubscribed(); @@ -109,10 +101,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.just(new AuthorizationDecision(true))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasNotSubscribed(); @@ -124,10 +114,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a .map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true))); - Mono result = filter.filter(this.exchange, this.chain) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); - StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasSubscribed(); diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java index c052bf2b2c..ae9e0bbc8f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java @@ -80,9 +80,7 @@ public class DelegatingReactiveAuthorizationManagerTests { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); - verifyZeroInteractions(this.match2, this.delegate2); } @@ -92,9 +90,7 @@ public class DelegatingReactiveAuthorizationManagerTests { given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); - verifyZeroInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java index 79ae02cbc2..4e6a9c7285 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java @@ -71,7 +71,6 @@ public class ExceptionTranslationWebFilterTests { given(this.exchange.getResponse()).willReturn(new MockServerHttpResponse()); given(this.deniedHandler.handle(any(), any())).willReturn(this.deniedPublisher.mono()); given(this.entryPoint.commence(any(), any())).willReturn(this.entryPointPublisher.mono()); - this.filter.setAuthenticationEntryPoint(this.entryPoint); this.filter.setAccessDeniedHandler(this.deniedHandler); } @@ -79,9 +78,7 @@ public class ExceptionTranslationWebFilterTests { @Test public void filterWhenNoExceptionThenNotHandled() { given(this.chain.filter(this.exchange)).willReturn(Mono.empty()); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } @@ -89,10 +86,8 @@ public class ExceptionTranslationWebFilterTests { @Test public void filterWhenNotAccessDeniedExceptionThenNotHandled() { given(this.chain.filter(this.exchange)).willReturn(Mono.error(new IllegalArgumentException("oops"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class) .verify(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } @@ -101,9 +96,7 @@ public class ExceptionTranslationWebFilterTests { public void filterWhenAccessDeniedExceptionAndNotAuthenticatedThenHandled() { given(this.exchange.getPrincipal()).willReturn(Mono.empty()); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).verifyComplete(); - this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasSubscribed(); } @@ -113,9 +106,7 @@ public class ExceptionTranslationWebFilterTests { this.filter = new ExceptionTranslationWebFilter(); given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal)); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -124,9 +115,7 @@ public class ExceptionTranslationWebFilterTests { this.filter = new ExceptionTranslationWebFilter(); given(this.exchange.getPrincipal()).willReturn(Mono.empty()); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } @@ -134,9 +123,7 @@ public class ExceptionTranslationWebFilterTests { public void filterWhenAccessDeniedExceptionAndAuthenticatedThenHandled() { given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal)); given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify(); - this.deniedPublisher.assertWasSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java index 599bbd842b..08cde18541 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java @@ -54,16 +54,13 @@ public class HttpStatusServerAccessDeniedHandlerTests { @Test public void commenceWhenNoSubscribersThenNoActions() { this.handler.handle(this.exchange, this.exception); - verifyZeroInteractions(this.exchange); } @Test public void commenceWhenSubscribeThenStatusSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.handle(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus); } @@ -72,9 +69,7 @@ public class HttpStatusServerAccessDeniedHandlerTests { this.httpStatus = HttpStatus.NOT_FOUND; this.handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - this.handler.handle(this.exchange, this.exception).block(); - assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java index 0467943bf2..896f8d20f3 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java @@ -57,13 +57,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(matcher.matches(this.exchange)).willReturn(MatchResult.notMatch()); given(handler.handle(this.exchange, null)).willReturn(Mono.empty()); given(this.accessDeniedHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(matcher, handler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler); - this.delegator.handle(this.exchange, null).block(); - verify(this.accessDeniedHandler).handle(this.exchange, null); verify(handler, never()).handle(this.exchange, null); } @@ -77,14 +74,11 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.match()); given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty()); given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(firstMatcher, firstHandler)); this.entries.add(new DelegateEntry(secondMatcher, secondHandler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler); - this.delegator.handle(this.exchange, null).block(); - verify(firstHandler).handle(this.exchange, null); verify(secondHandler, never()).handle(this.exchange, null); verify(this.accessDeniedHandler, never()).handle(this.exchange, null); @@ -101,13 +95,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests { given(secondMatcher.matches(this.exchange)).willReturn(MatchResult.match()); given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty()); given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty()); - this.entries.add(new DelegateEntry(firstMatcher, firstHandler)); this.entries.add(new DelegateEntry(secondMatcher, secondHandler)); this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries); - this.delegator.handle(this.exchange, null).block(); - verify(secondHandler).handle(this.exchange, null); verify(firstHandler, never()).handle(this.exchange, null); verify(this.accessDeniedHandler, never()).handle(this.exchange, null); diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java index 1c216cfcde..fd2c7c08d9 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java @@ -39,10 +39,8 @@ public class NoOpServerSecurityContextRepositoryTests { @Test public void saveAndLoad() { SecurityContext context = new SecurityContextImpl(); - Mono result = this.repository.save(this.exchange, context) .then(this.repository.load(this.exchange)); - StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java index f74e15e195..ccc686bf6c 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java @@ -78,7 +78,6 @@ public class ReactorContextWebFilterTests { @Test public void filterWhenNoPrincipalAccessThenNoInteractions() { this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -88,9 +87,7 @@ public class ReactorContextWebFilterTests { ReactiveSecurityContextHolder.getContext(); return c.filter(e); }); - this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -101,9 +98,7 @@ public class ReactorContextWebFilterTests { this.handler = WebTestHandler.bindToWebFilters(this.filter, (e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) .doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)).flatMap((p) -> c.filter(e))); - WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange); - this.securityContext.assertWasNotSubscribed(); } @@ -112,7 +107,6 @@ public class ReactorContextWebFilterTests { public void filterWhenMainContextThenDoesNotOverride() { String contextKey = "main"; WebFilter mainContextWebFilter = (e, c) -> c.filter(e).subscriberContext(Context.of(contextKey, true)); - WebFilterChain chain = new DefaultWebFilterChain((e) -> Mono.empty(), mainContextWebFilter, this.filter); Mono filter = chain.filter(MockServerWebExchange.from(this.exchange.build())); StepVerifier.create(filter).expectAccessibleContext().hasKey(contextKey).then().verifyComplete(); diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java index 63cb704adc..e6cdb78402 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java @@ -51,7 +51,6 @@ public class SecurityContextServerWebExchangeWebFilterTests { .doOnSuccess((context) -> assertThat(context.get("foo")).isEqualTo("bar")).then())) .subscriberContext((context) -> context.put("foo", "bar")) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); - StepVerifier.create(result).verifyComplete(); } @@ -64,7 +63,6 @@ public class SecurityContextServerWebExchangeWebFilterTests { (contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)) .then())) .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); - StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java index 1ecf1e7fdf..4d5dc45ac0 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java @@ -40,9 +40,7 @@ public class WebSessionServerSecurityContextRepositoryTests { public void saveAndLoadWhenDefaultsThenFound() { SecurityContext expected = new SecurityContextImpl(); this.repository.save(this.exchange, expected).block(); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isEqualTo(expected); } @@ -51,14 +49,10 @@ public class WebSessionServerSecurityContextRepositoryTests { String attrName = "attr"; this.repository.setSpringSecurityContextAttrName(attrName); SecurityContext expected = new SecurityContextImpl(); - this.repository.save(this.exchange, expected).block(); - WebSession session = this.exchange.getSession().block(); assertThat(session.getAttribute(attrName)).isEqualTo(expected); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isEqualTo(expected); } @@ -67,9 +61,7 @@ public class WebSessionServerSecurityContextRepositoryTests { SecurityContext context = new SecurityContextImpl(); this.repository.save(this.exchange, context).block(); this.repository.save(this.exchange, null).block(); - SecurityContext actual = this.repository.load(this.exchange).block(); - assertThat(actual).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java index e03083109b..d16f131920 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java @@ -64,14 +64,12 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void generateTokenWhenCustomHeaderThenCustomHeader() { setExpectedHeaderName("someHeader"); - generateTokenAndAssertExpectedValues(); } @Test public void generateTokenWhenCustomParameterThenCustomParameter() { setExpectedParameterName("someParam"); - generateTokenAndAssertExpectedValues(); } @@ -79,14 +77,12 @@ public class CookieServerCsrfTokenRepositoryTests { public void generateTokenWhenCustomHeaderAndParameterThenCustomHeaderAndParameter() { setExpectedHeaderName("someHeader"); setExpectedParameterName("someParam"); - generateTokenAndAssertExpectedValues(); } @Test public void saveTokenWhenNoSubscriptionThenNotWritten() { this.csrfTokenRepository.saveToken(this.exchange, createToken()); - assertThat(this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName)).isNull(); } @@ -103,7 +99,6 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void saveTokenWhenHttpOnlyFalseThenHttpOnlyFalse() { setExpectedHttpOnly(false); - saveAndAssertExpectedValues(createToken()); } @@ -114,7 +109,6 @@ public class CookieServerCsrfTokenRepositoryTests { setExpectedPath("/some/path"); setExpectedHeaderName("headerName"); setExpectedParameterName("paramName"); - saveAndAssertExpectedValues(createToken()); } @@ -128,7 +122,6 @@ public class CookieServerCsrfTokenRepositoryTests { setExpectedParameterName("paramName"); setExpectedHeaderName("headerName"); setExpectedCookieName("csrfCookie"); - saveAndAssertExpectedValues(createToken()); } @@ -141,14 +134,12 @@ public class CookieServerCsrfTokenRepositoryTests { @Test public void loadTokenWhenCookieExistsWithNoValue() { setExpectedCookieValue(""); - loadAndAssertExpectedValues(); } @Test public void loadTokenWhenCookieExistsWithNullValue() { setExpectedCookieValue(null); - loadAndAssertExpectedValues(); } @@ -190,9 +181,7 @@ public class CookieServerCsrfTokenRepositoryTests { MockServerHttpRequest.BodyBuilder request = MockServerHttpRequest.post("/someUri") .cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue)); this.exchange = MockServerWebExchange.from(request); - CsrfToken csrfToken = this.csrfTokenRepository.loadToken(this.exchange).block(); - if (StringUtils.hasText(this.expectedCookieValue)) { assertThat(csrfToken).isNotNull(); assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName); @@ -209,11 +198,8 @@ public class CookieServerCsrfTokenRepositoryTests { this.expectedMaxAge = Duration.ofSeconds(0); this.expectedCookieValue = ""; } - this.csrfTokenRepository.saveToken(this.exchange, token).block(); - ResponseCookie cookie = this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName); - assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isEqualTo(this.expectedMaxAge); assertThat(cookie.getDomain()).isEqualTo(this.expectedDomain); @@ -226,7 +212,6 @@ public class CookieServerCsrfTokenRepositoryTests { private void generateTokenAndAssertExpectedValues() { CsrfToken csrfToken = this.csrfTokenRepository.generateToken(this.exchange).block(); - assertThat(csrfToken).isNotNull(); assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName); assertThat(csrfToken.getParameterName()).isEqualTo(this.expectedParameterName); diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java index 5acdbd3569..60ced8c233 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java @@ -70,7 +70,6 @@ public class CsrfServerLogoutHandlerTests { public void logoutRemovesCsrfToken() { this.handler.logout(this.filterExchange, new TestingAuthenticationToken("user", "password", "ROLE_USER")) .block(); - verify(this.csrfTokenRepository).saveToken(this.exchange, null); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java index 564a3d2e62..3d26430c07 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java @@ -70,23 +70,17 @@ public class CsrfWebFilterTests { public void filterWhenGetThenSessionNotCreatedAndChainContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(this.get)).willReturn(chainResult.mono()); - Mono result = this.csrfFilter.filter(this.get, this.chain); - StepVerifier.create(result).verifyComplete(); - Mono isSessionStarted = this.get.getSession().map(WebSession::isStarted); StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); - chainResult.assertWasSubscribed(); } @Test public void filterWhenPostAndNoTokenThenCsrfException() { Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -94,11 +88,8 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -108,11 +99,8 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/") .body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID")); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -120,18 +108,14 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamValidTokenThenContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange .from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) .body(this.token.getParameterName() + "=" + this.token.getToken())); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - chainResult.assertWasSubscribed(); } @@ -141,11 +125,8 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange.from( MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID")); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); } @@ -153,17 +134,13 @@ public class CsrfWebFilterTests { public void filterWhenPostAndEstablishedCsrfTokenAndHeaderValidTokenThenContinues() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); - Mono result = this.csrfFilter.filter(this.post, this.chain); - StepVerifier.create(result).verifyComplete(); - chainResult.assertWasSubscribed(); } @@ -172,7 +149,6 @@ public class CsrfWebFilterTests { public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() { MockServerWebExchange nonStandardHttpExchange = MockServerWebExchange .from(MockServerHttpRequest.method("non-standard-http-method", "/")); - ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER; assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block()) .isTrue(); @@ -182,14 +158,11 @@ public class CsrfWebFilterTests { public void doFilterWhenSkipExchangeInvokedThenSkips() { PublisherProbe chainResult = PublisherProbe.empty(); given(this.chain.filter(any())).willReturn(chainResult.mono()); - ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class); this.csrfFilter.setRequireCsrfProtectionMatcher(matcher); - MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/post").build()); CsrfWebFilter.skipExchange(exchange); this.csrfFilter.filter(exchange, this.chain).block(); - verifyZeroInteractions(matcher); } @@ -197,9 +170,7 @@ public class CsrfWebFilterTests { public void filterWhenMultipartFormDataAndNotEnabledThenDenied() { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() .expectStatus().isForbidden(); @@ -211,9 +182,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() .expectStatus().is2xxSuccessful(); @@ -225,9 +194,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() .is2xxSuccessful(); @@ -238,9 +205,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setCsrfTokenRepository(this.repository); this.csrfFilter.setTokenFromMultipartDataEnabled(true); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); - WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_MIXED) .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() .isForbidden(); diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java index ba2cd59a9e..97adcbaece 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java @@ -41,18 +41,14 @@ public class WebSessionServerCsrfTokenRepositoryTests { @Test public void generateTokenThenNoSession() { Mono result = this.repository.generateToken(this.exchange); - Mono isSessionStarted = this.exchange.getSession().map(WebSession::isStarted); - StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); } @Test public void generateTokenWhenSubscriptionThenNoSession() { Mono result = this.repository.generateToken(this.exchange); - Mono isSessionStarted = this.exchange.getSession().map(WebSession::isStarted); - StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete(); } @@ -61,10 +57,8 @@ public class WebSessionServerCsrfTokenRepositoryTests { Mono result = this.repository.generateToken(this.exchange) .delayUntil((t) -> this.repository.saveToken(this.exchange, t)); result.block(); - WebSession session = this.exchange.getSession().block(); Map attributes = session.getAttributes(); - assertThat(session.isStarted()).isTrue(); assertThat(attributes).hasSize(1); assertThat(attributes.values().iterator().next()).isInstanceOf(CsrfToken.class); @@ -73,12 +67,9 @@ public class WebSessionServerCsrfTokenRepositoryTests { @Test public void saveTokenWhenNullThenDeletes() { CsrfToken token = this.repository.generateToken(this.exchange).block(); - Mono result = this.repository.saveToken(this.exchange, null); StepVerifier.create(result).verifyComplete(); - WebSession session = this.exchange.getSession().block(); - assertThat(session.getAttributes()).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java index 4b7db815ec..6ff6384f58 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java @@ -42,7 +42,6 @@ public class CacheControlServerHttpHeadersWriterTests { @Test public void writeHeadersWhenCacheHeadersThenWritesAllCacheControl() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(3); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); @@ -54,11 +53,8 @@ public class CacheControlServerHttpHeadersWriterTests { @Test public void writeHeadersWhenCacheControlThenNoCacheControlHeaders() { String cacheControl = "max-age=1234"; - this.headers.set(HttpHeaders.CACHE_CONTROL, cacheControl); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(cacheControl); } @@ -66,9 +62,7 @@ public class CacheControlServerHttpHeadersWriterTests { public void writeHeadersWhenPragmaThenNoCacheControlHeaders() { String pragma = "1"; this.headers.set(HttpHeaders.PRAGMA, pragma); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma); } @@ -77,9 +71,7 @@ public class CacheControlServerHttpHeadersWriterTests { public void writeHeadersWhenExpiresThenNoCacheControlHeaders() { String expires = "1"; this.headers.set(HttpHeaders.EXPIRES, expires); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.EXPIRES)).containsOnly(expires); } @@ -88,9 +80,7 @@ public class CacheControlServerHttpHeadersWriterTests { // gh-5534 public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() { this.exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java index ff8a0c0020..fb2a9ec540 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java @@ -48,9 +48,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL); ServerWebExchange secureExchange = MockServerWebExchange .from(MockServerHttpRequest.get("https://localhost").build()); - writer.writeHttpHeaders(secureExchange); - assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.ALL); } @@ -58,9 +56,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { public void writeHttpHeadersWhenInsecureConnectionThenHeaderNotWritten() { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL); ServerWebExchange insecureExchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - writer.writeHttpHeaders(insecureExchange); - assertThat(insecureExchange.getResponse()).doesNotHaveClearSiteDataHeaderSet(); } @@ -70,9 +66,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { Directive.COOKIES); ServerWebExchange secureExchange = MockServerWebExchange .from(MockServerHttpRequest.get("https://localhost").build()); - writer.writeHttpHeaders(secureExchange); - assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.CACHE, Directive.COOKIES); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java index 9a72024092..c400c13a21 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java @@ -63,22 +63,16 @@ public class CompositeServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenErrorNoErrorThenError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException())); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectError().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); } @Test public void writeHttpHeadersWhenErrorErrorThenError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException())); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectError().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); } @@ -86,11 +80,8 @@ public class CompositeServerHttpHeadersWriterTests { public void writeHttpHeadersWhenNoErrorThenNoError() { given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.empty()); given(this.writer2.writeHttpHeaders(this.exchange)).willReturn(Mono.empty()); - Mono result = this.writer.writeHttpHeaders(this.exchange); - StepVerifier.create(result).expectComplete().verify(); - verify(this.writer1).writeHttpHeaders(this.exchange); verify(this.writer2).writeHttpHeaders(this.exchange); } @@ -106,9 +97,7 @@ public class CompositeServerHttpHeadersWriterTests { assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); }); CompositeServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(slow, second); - writer.writeHttpHeaders(this.exchange).block(); - assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java index 4c844d54cd..bc4a007c6b 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java @@ -48,7 +48,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -57,7 +56,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) @@ -69,7 +67,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.setReportOnly(true); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY)) @@ -80,7 +77,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenOnlyReportOnlySetThenDoesNotWrite() { this.writer.setReportOnly(true); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -91,7 +87,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { this.exchange.getResponse().getHeaders() .set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) diff --git a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java index 9195a1ad68..a0fd03f3ce 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java @@ -48,7 +48,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -57,7 +56,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)) @@ -70,7 +68,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests { String headerValue = "camera: 'self'"; this.exchange.getResponse().getHeaders().set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java index 094f329b3b..b953e78c2f 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java @@ -55,22 +55,16 @@ public class HttpHeaderWriterWebFilterTests { @Test public void filterWhenCompleteThenWritten() { WebTestClient rest = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - rest.get().uri("/foo").exchange(); - verify(this.writer).writeHttpHeaders(any()); } @Test public void filterWhenNotCompleteThenNotWritten() { WebTestHandler handler = WebTestHandler.bindToWebFilters(this.filter); - WebHandlerResult result = handler.exchange(MockServerHttpRequest.get("/foo")); - verify(this.writer, never()).writeHttpHeaders(any()); - result.getExchange().getResponse().setComplete().block(); - verify(this.writer).writeHttpHeaders(any()); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java index 1f6a0a88a7..8502d1192a 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java @@ -47,7 +47,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) @@ -58,7 +57,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { public void writeHeadersWhenUsingPolicyThenWritesPolicy() { this.writer.setPolicy(ReferrerPolicy.SAME_ORIGIN); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) @@ -71,7 +69,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { this.exchange.getResponse().getHeaders().set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java index 94e98b9d7a..86809627fc 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java @@ -43,7 +43,6 @@ public class StaticServerHttpHeadersWriterTests { @Test public void writeHeadersWhenSingleHeaderThenWritesHeader() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); } @@ -52,9 +51,7 @@ public class StaticServerHttpHeadersWriterTests { public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() { String headerValue = "other"; this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(headerValue); } @@ -65,9 +62,7 @@ public class StaticServerHttpHeadersWriterTests { .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE); @@ -79,14 +74,11 @@ public class StaticServerHttpHeadersWriterTests { public void writeHeadersWhenMultiHeaderAndSingleWrittenThenNoHeadersOverridden() { String headerValue = "other"; this.headers.set(HttpHeaders.CACHE_CONTROL, headerValue); - this.writer = StaticServerHttpHeadersWriter.builder() .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java index 351e3515c3..6f61d730d7 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java @@ -41,9 +41,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenHttpsThenWrites() { this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -55,9 +53,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { Duration maxAge = Duration.ofDays(1); this.hsts.setMaxAge(maxAge); this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -68,9 +64,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { public void writeHttpHeadersWhenCustomIncludeSubDomainsThenWrites() { this.hsts.setIncludeSubDomains(false); this.exchange = exchange(MockServerHttpRequest.get("https://example.com/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, @@ -80,9 +74,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenNullSchemeThenNoHeaders() { this.exchange = exchange(MockServerHttpRequest.get("/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } @@ -90,9 +82,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests { @Test public void writeHttpHeadersWhenHttpThenNoHeaders() { this.exchange = exchange(MockServerHttpRequest.get("http://localhost/")); - this.hsts.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).isEmpty(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java index a6765baa97..15dcbd9892 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java @@ -40,7 +40,6 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenNoHeadersThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); @@ -50,9 +49,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() { String headerValue = "value"; this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) .containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java index 4c078b24ac..48e50ebae8 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java @@ -44,7 +44,6 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingDefaultsThenWritesDeny() { this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY"); @@ -53,9 +52,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() { this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY"); @@ -64,9 +61,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { @Test public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() { this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN"); @@ -76,9 +71,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests { public void writeHeadersWhenAlreadyWrittenThenWritesHeader() { String headerValue = "other"; this.exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue); - this.writer.writeHttpHeaders(this.exchange); - HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java index 8e012d0721..f29a3397d7 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java @@ -40,7 +40,6 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenNoHeadersThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) .containsOnly("1 ; mode=block"); @@ -49,9 +48,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenBlockFalseThenWriteHeaders() { this.writer.setBlock(false); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1"); } @@ -59,9 +56,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test public void writeHeadersWhenEnabledFalseThenWriteHeaders() { this.writer.setEnabled(false); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0"); } @@ -70,9 +65,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() { String headerValue = "value"; this.headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue); - this.writer.writeHttpHeaders(this.exchange); - assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue); } diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java index e5aaaa6d70..3a1a9f246e 100644 --- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java @@ -43,7 +43,6 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests { + "\"token\": \"1\"" + "}"; // @formatter:on - @Test public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException { DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1"); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java index 7bd21e0963..a80359be8e 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java @@ -45,7 +45,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); @@ -60,7 +59,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); @@ -75,7 +73,6 @@ public class CookieServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies).isEmpty(); } @@ -84,7 +81,6 @@ public class CookieServerRequestCacheTests { public void saveRequestWhenPostRequestThenNoCookie() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies).isEmpty(); } @@ -94,11 +90,9 @@ public class CookieServerRequestCacheTests { this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); assertThat(cookie).isNotNull(); - String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); assertThat(cookie.toString()) .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); @@ -109,9 +103,7 @@ public class CookieServerRequestCacheTests { String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl))); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isEqualTo(URI.create("/secured/")); } @@ -119,9 +111,7 @@ public class CookieServerRequestCacheTests { public void getRedirectUriWhenCookieValueNotEncodedThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isNull(); } @@ -129,9 +119,7 @@ public class CookieServerRequestCacheTests { public void getRedirectUriWhenNoCookieThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); - URI redirectUri = this.cache.getRedirectUri(exchange).block(); - assertThat(redirectUri).isNull(); } @@ -139,9 +127,7 @@ public class CookieServerRequestCacheTests { public void removeMatchingRequestThenRedirectUriCookieExpired() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); - this.cache.removeMatchingRequest(exchange).block(); - MultiValueMap cookies = exchange.getResponse().getCookies(); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); assertThat(cookie).isNotNull(); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java index 5652b680f0..82224c5432 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java @@ -70,9 +70,7 @@ public class ServerRequestCacheWebFilterTests { ServerHttpRequest savedRequest = MockServerHttpRequest.get("/") .header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build(); given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest)); - this.requestCacheFilter.filter(exchange, this.chain).block(); - verify(this.chain).filter(this.exchangeCaptor.capture()); ServerWebExchange updatedExchange = this.exchangeCaptor.getValue(); assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest); @@ -83,9 +81,7 @@ public class ServerRequestCacheWebFilterTests { MockServerHttpRequest initialRequest = MockServerHttpRequest.get("/").build(); ServerWebExchange exchange = MockServerWebExchange.from(initialRequest); given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.empty()); - this.requestCacheFilter.filter(exchange, this.chain).block(); - verify(this.chain).filter(this.exchangeCaptor.capture()); ServerWebExchange updatedExchange = this.exchangeCaptor.getValue(); assertThat(updatedExchange.getRequest()).isEqualTo(initialRequest); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java index 4f1c45a04b..35b2a95082 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java @@ -41,9 +41,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -52,9 +50,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -63,9 +59,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isNull(); } @@ -73,7 +67,6 @@ public class WebSessionServerRequestCacheTests { public void saveRequestGetRequestWhenPostThenNotFound() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - assertThat(this.cache.getRedirectUri(exchange).block()).isNull(); } @@ -82,9 +75,7 @@ public class WebSessionServerRequestCacheTests { this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - URI saved = this.cache.getRedirectUri(exchange).block(); - assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @@ -93,9 +84,7 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); - ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block(); - assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI()); } @@ -103,9 +92,7 @@ public class WebSessionServerRequestCacheTests { public void removeRequestGetRequestWhenDefaultThenNotFound() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")); this.cache.saveRequest(exchange).block(); - this.cache.removeMatchingRequest(exchange).block(); - assertThat(this.cache.getRedirectUri(exchange).block()).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java index dfff77d0a2..38cf2bf214 100644 --- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java @@ -78,7 +78,6 @@ public class HttpsRedirectWebFilterTests { given(matcher.matches(any(ServerWebExchange.class))) .willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); this.filter.setRequiresHttpsRedirectMatcher(matcher); - ServerWebExchange exchange = get("http://localhost:8080"); this.filter.filter(exchange, this.chain).block(); assertThat(exchange.getResponse().getStatusCode()).isNull(); @@ -89,12 +88,10 @@ public class HttpsRedirectWebFilterTests { ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class); given(matcher.matches(any(ServerWebExchange.class))).willReturn(ServerWebExchangeMatcher.MatchResult.match()); this.filter.setRequiresHttpsRedirectMatcher(matcher); - ServerWebExchange exchange = get("http://localhost:8080"); this.filter.filter(exchange, this.chain).block(); assertThat(statusCode(exchange)).isEqualTo(302); assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:8443"); - verify(matcher).matches(any(ServerWebExchange.class)); } @@ -103,12 +100,10 @@ public class HttpsRedirectWebFilterTests { PortMapper portMapper = mock(PortMapper.class); given(portMapper.lookupHttpsPort(314)).willReturn(159); this.filter.setPortMapper(portMapper); - ServerWebExchange exchange = get("http://localhost:314"); this.filter.filter(exchange, this.chain).block(); assertThat(statusCode(exchange)).isEqualTo(302); assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:159"); - verify(portMapper).lookupHttpsPort(314); } diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java index 6bedbadcc9..ccade95ad8 100644 --- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java @@ -30,12 +30,9 @@ public class LoginPageGeneratingWebFilterTests { public void filterWhenLoginWithContextPathThenActionContainsContextPath() throws Exception { LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter(); filter.setFormLoginEnabled(true); - MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/test/login").contextPath("/test")); - filter.filter(exchange, (e) -> Mono.empty()).block(); - assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/login\""); } @@ -43,11 +40,8 @@ public class LoginPageGeneratingWebFilterTests { public void filterWhenLoginWithNoContextPathThenActionDoesNotContainsContextPath() throws Exception { LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter(); filter.setFormLoginEnabled(true); - MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/login")); - filter.filter(exchange, (e) -> Mono.empty()).block(); - assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/login\""); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java index 4c94122877..ab34e4928c 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java @@ -61,14 +61,11 @@ public class AndServerWebExchangeMatcherTests { Map params2 = Collections.singletonMap("x", "y"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params1)); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params2)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).hasSize(2); assertThat(matches.getVariables()).containsAllEntriesOf(params1); assertThat(matches.getVariables()).containsAllEntriesOf(params2); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -76,12 +73,9 @@ public class AndServerWebExchangeMatcherTests { @Test public void matchesWhenFalseFalseThenFalseAndMatcher2NotInvoked() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } @@ -91,12 +85,9 @@ public class AndServerWebExchangeMatcherTests { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -104,12 +95,9 @@ public class AndServerWebExchangeMatcherTests { @Test public void matchesWhenFalseTrueThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java index b01d0bd778..57b0fa3ba1 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java @@ -64,7 +64,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptEqualThenMatch() { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); - assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue(); } @@ -73,7 +72,6 @@ public class MediaTypeServerWebExchangeMatcherTests { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue(); } @@ -82,7 +80,6 @@ public class MediaTypeServerWebExchangeMatcherTests { MediaType acceptType = MediaType.TEXT_HTML; MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType); matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(matcher.matches(exchange(MediaType.ALL)).block().isMatch()).isFalse(); } @@ -90,7 +87,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptImpliedThenMatch() { MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher( MediaType.parseMediaTypes("text/*")); - assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isTrue(); } @@ -98,7 +94,6 @@ public class MediaTypeServerWebExchangeMatcherTests { public void matchWhenDefaultResolverAndAcceptImpliedAndUseEqualsThenNotMatch() { MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(MediaType.ALL); matcher.setUseEquals(true); - assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java index 56684e0e01..8636ed1b1d 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java @@ -51,24 +51,18 @@ public class NegatedServerWebExchangeMatcherTests { @Test public void matchesWhenFalseThenTrue() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); } @Test public void matchesWhenTrueThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java index 2bdc51806a..ee9b08d81c 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java @@ -59,12 +59,9 @@ public class OrServerWebExchangeMatcherTests { public void matchesWhenFalseFalseThenFalse() { given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isFalse(); assertThat(matches.getVariables()).isEmpty(); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } @@ -73,12 +70,9 @@ public class OrServerWebExchangeMatcherTests { public void matchesWhenTrueFalseThenTrueAndMatcher2NotInvoked() { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEqualTo(params); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2, never()).matches(this.exchange); } @@ -88,12 +82,9 @@ public class OrServerWebExchangeMatcherTests { Map params = Collections.singletonMap("foo", "bar"); given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params)); - ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block(); - assertThat(matches.isMatch()).isTrue(); assertThat(matches.getVariables()).isEqualTo(params); - verify(this.matcher1).matches(this.exchange); verify(this.matcher2).matches(this.exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java index b44fa173bb..3bf61f4487 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java @@ -62,7 +62,6 @@ public class PathMatcherServerWebExchangeMatcherTests { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); this.exchange = MockServerWebExchange.from(request); this.path = "/path"; - this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern); } @@ -81,14 +80,12 @@ public class PathMatcherServerWebExchangeMatcherTests { given(this.pattern.matches(any())).willReturn(true); given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo); given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @Test public void matchesWhenPathMatcherFalseThenReturnFalse() { given(this.pattern.matches(any())).willReturn(false); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); } @@ -99,7 +96,6 @@ public class PathMatcherServerWebExchangeMatcherTests { given(this.pattern.matches(any())).willReturn(true); given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo); given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>()); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue(); } @@ -108,9 +104,7 @@ public class PathMatcherServerWebExchangeMatcherTests { HttpMethod method = HttpMethod.OPTIONS; assertThat(this.exchange.getRequest().getMethod()).isNotEqualTo(method); this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern, method); - assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse(); - verifyZeroInteractions(this.pattern); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java index 80f9430b94..62ceb878c2 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java @@ -68,9 +68,7 @@ public class ServerWebExchangeMatchersTests { @Test public void anyExchangeWhenMockThenMatches() { ServerWebExchange mockExchange = mock(ServerWebExchange.class); - assertThat(ServerWebExchangeMatchers.anyExchange().matches(mockExchange).block().isMatch()).isTrue(); - verifyZeroInteractions(mockExchange); } diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java index b227f2ed86..4e97fec869 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java @@ -49,10 +49,8 @@ public class CsrfRequestDataValueProcessorTests { public void setup() { this.request = new MockHttpServletRequest(); this.processor = new CsrfRequestDataValueProcessor(); - this.token = new DefaultCsrfToken("1", "a", "b"); this.request.setAttribute(CsrfToken.class.getName(), this.token); - this.expected.put(this.token.getParameterName(), this.token.getToken()); } @@ -132,7 +130,6 @@ public class CsrfRequestDataValueProcessorTests { this.request.setAttribute(CsrfToken.class.getName(), token); Map expected = new HashMap<>(); expected.put(token.getParameterName(), token.getToken()); - RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor(); assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected); } diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java index 867d3ff476..d579003787 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java @@ -73,7 +73,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesSuccess() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path"); assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path"); } @@ -83,7 +82,6 @@ public class MvcRequestMatcherTests { given(this.result.extractUriTemplateVariables()).willReturn(Collections.emptyMap()); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @@ -92,7 +90,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesDefaultSuccess() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path"); assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path"); } @@ -101,7 +98,6 @@ public class MvcRequestMatcherTests { public void extractUriTemplateVariablesDefaultFail() throws Exception { this.matcher = new MvcRequestMatcher(this.introspector, "/nomatch/{p}"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @@ -112,7 +108,6 @@ public class MvcRequestMatcherTests { given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); this.matcher.setServletPath("/spring"); this.request.setServletPath("/spring"); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -121,7 +116,6 @@ public class MvcRequestMatcherTests { public void matchesServletPathFalse() { this.matcher.setServletPath("/spring"); this.request.setServletPath("/"); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -129,7 +123,6 @@ public class MvcRequestMatcherTests { public void matchesPathOnlyTrue() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -137,7 +130,6 @@ public class MvcRequestMatcherTests { @Test public void matchesDefaultMatches() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -145,14 +137,12 @@ public class MvcRequestMatcherTests { public void matchesDefaultDoesNotMatch() throws Exception { this.request.setServletPath("/other"); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null); - assertThat(this.matcher.matches(this.request)).isFalse(); } @Test public void matchesPathOnlyFalse() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -161,7 +151,6 @@ public class MvcRequestMatcherTests { this.matcher.setMethod(HttpMethod.GET); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result); - assertThat(this.matcher.matches(this.request)).isTrue(); assertThat(this.pattern.getValue()).isEqualTo("/path"); } @@ -169,7 +158,6 @@ public class MvcRequestMatcherTests { @Test public void matchesMethodAndPathFalseMethod() { this.matcher.setMethod(HttpMethod.POST); - assertThat(this.matcher.matches(this.request)).isFalse(); // method compare should be done first since faster verifyZeroInteractions(this.introspector); @@ -184,7 +172,6 @@ public class MvcRequestMatcherTests { public void matchesInvalidMethodOnRequest() { this.matcher.setMethod(HttpMethod.GET); this.request.setMethod("invalid"); - assertThat(this.matcher.matches(this.request)).isFalse(); // method compare should be done first since faster verifyZeroInteractions(this.introspector); @@ -194,7 +181,6 @@ public class MvcRequestMatcherTests { public void matchesMethodAndPathFalsePath() throws Exception { this.matcher.setMethod(HttpMethod.GET); given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -214,21 +200,18 @@ public class MvcRequestMatcherTests { public void toStringWhenAll() { this.matcher.setMethod(HttpMethod.GET); this.matcher.setServletPath("/spring"); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring', GET]"); } @Test public void toStringWhenHttpMethod() { this.matcher.setMethod(HttpMethod.GET); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', GET]"); } @Test public void toStringWhenServletPath() { this.matcher.setServletPath("/spring"); - assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring']"); } diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java index 8721b35d2e..0f59497165 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java @@ -116,15 +116,11 @@ public class SecurityContextHolderAwareRequestFilterTests { @Test public void expectedRequestWrapperClassIsUsed() throws Exception { this.filter.setRolePrefix("ROLE_"); - this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain); - // Now re-execute the filter, ensuring our replacement wrapper is still used this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain); - verify(this.filterChain, times(2)).doFilter(any(SecurityContextHolderAwareRequestWrapper.class), any(HttpServletResponse.class)); - this.filter.destroy(); } @@ -141,7 +137,6 @@ public class SecurityContextHolderAwareRequestFilterTests { public void authenticateTrue() throws Exception { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER")); - assertThat(wrappedRequest().authenticate(this.response)).isTrue(); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); verify(this.request, times(0)).authenticate(any(HttpServletResponse.class)); @@ -151,7 +146,6 @@ public class SecurityContextHolderAwareRequestFilterTests { public void authenticateNullEntryPointFalse() throws Exception { this.filter.setAuthenticationEntryPoint(null); this.filter.afterPropertiesSet(); - assertThat(wrappedRequest().authenticate(this.response)).isFalse(); verify(this.request).authenticate(this.response); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); @@ -162,7 +156,6 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.authenticate(this.response)).willReturn(true); this.filter.setAuthenticationEntryPoint(null); this.filter.afterPropertiesSet(); - assertThat(wrappedRequest().authenticate(this.response)).isTrue(); verify(this.request).authenticate(this.response); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); @@ -173,9 +166,7 @@ public class SecurityContextHolderAwareRequestFilterTests { TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willReturn(expectedAuth); - wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials())); - assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth); verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler); verify(this.request, times(0)).login(anyString(), anyString()); @@ -188,7 +179,6 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER")); SecurityContextHolder.getContext().setAuthentication(expectedAuth); - try { wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials())); fail("Expected Exception"); @@ -205,7 +195,6 @@ public class SecurityContextHolderAwareRequestFilterTests { AuthenticationException authException = new BadCredentialsException("Invalid"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) .willThrow(authException); - try { wrappedRequest().login("invalid", "credentials"); fail("Expected Exception"); @@ -214,7 +203,6 @@ public class SecurityContextHolderAwareRequestFilterTests { assertThat(success.getCause()).isEqualTo(authException); } assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); - verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler); verify(this.request, times(0)).login(anyString(), anyString()); } @@ -223,12 +211,9 @@ public class SecurityContextHolderAwareRequestFilterTests { public void loginNullAuthenticationManager() throws Exception { this.filter.setAuthenticationManager(null); this.filter.afterPropertiesSet(); - String username = "username"; String password = "password"; - wrappedRequest().login(username, password); - verify(this.request).login(username, password); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -237,12 +222,10 @@ public class SecurityContextHolderAwareRequestFilterTests { public void loginNullAuthenticationManagerFail() throws Exception { this.filter.setAuthenticationManager(null); this.filter.afterPropertiesSet(); - String username = "username"; String password = "password"; ServletException authException = new ServletException("Failed Login"); willThrow(authException).given(this.request).login(username, password); - try { wrappedRequest().login(username, password); fail("Expected Exception"); @@ -250,7 +233,6 @@ public class SecurityContextHolderAwareRequestFilterTests { catch (ServletException success) { assertThat(success).isEqualTo(authException); } - verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -258,10 +240,8 @@ public class SecurityContextHolderAwareRequestFilterTests { public void logout() throws Exception { TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(expectedAuth); - HttpServletRequest wrappedRequest = wrappedRequest(); wrappedRequest.logout(); - verify(this.logoutHandler).logout(wrappedRequest, this.response, expectedAuth); verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(this.request, times(0)).logout(); @@ -271,9 +251,7 @@ public class SecurityContextHolderAwareRequestFilterTests { public void logoutNullLogoutHandler() throws Exception { this.filter.setLogoutHandlers(null); this.filter.afterPropertiesSet(); - wrappedRequest().logout(); - verify(this.request).logout(); verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -295,9 +273,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.getAsyncContext()).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().getAsyncContext().start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -317,9 +293,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.startAsync()).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().startAsync().start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -339,9 +313,7 @@ public class SecurityContextHolderAwareRequestFilterTests { given(this.request.startAsync(this.request, this.response)).willReturn(asyncContext); Runnable runnable = () -> { }; - wrappedRequest().startAsync(this.request, this.response).start(runnable); - verifyZeroInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor @@ -356,14 +328,12 @@ public class SecurityContextHolderAwareRequestFilterTests { SecurityContextHolder.getContext() .setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER")); this.filter.setRolePrefix("PREFIX_"); - assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue(); } private HttpServletRequest wrappedRequest() throws Exception { this.filter.doFilter(this.request, this.response, this.filterChain); verify(this.filterChain).doFilter(this.requestCaptor.capture(), any(HttpServletResponse.class)); - return this.requestCaptor.getValue(); } diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java index d15db55802..f7df38e78b 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java @@ -44,12 +44,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testCorrectOperationWithStringBasedPrincipal() { Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isEqualTo("rod"); assertThat(wrapper.isUserInRole("ROLE_FOO")).isTrue(); assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse(); @@ -60,13 +57,10 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testUseOfRolePrefixMeansItIsntNeededWhenCallngIsUserInRole() { Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("FOO")).isTrue(); } @@ -76,12 +70,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { new User("rodAsUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isEqualTo("rodAsUserDetails"); assertThat(wrapper.isUserInRole("ROLE_FOO")).isFalse(); assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse(); @@ -93,10 +84,8 @@ public class SecurityContextHolderAwareRequestWrapperTests { @Test public void testRoleIsntHeldIfAuthenticationIsNull() { SecurityContextHolder.getContext().setAuthentication(null); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); assertThat(wrapper.getRemoteUser()).isNull(); assertThat(wrapper.isUserInRole("ROLE_ANY")).isFalse(); @@ -107,12 +96,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolesArentHeldIfAuthenticationPrincipalIsNull() { Authentication auth = new TestingAuthenticationToken(null, "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/"); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, ""); - assertThat(wrapper.getRemoteUser()).isNull(); assertThat(wrapper.isUserInRole("ROLE_HELLO")).isFalse(); // principal is null, so // reject @@ -125,12 +111,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolePrefix() { Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("HELLO")).isTrue(); assertThat(wrapper.isUserInRole("FOOBAR")).isTrue(); } @@ -140,12 +123,9 @@ public class SecurityContextHolderAwareRequestWrapperTests { public void testRolePrefixNotAppliedIfRoleStartsWith() { Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); - MockHttpServletRequest request = new MockHttpServletRequest(); - SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "ROLE_"); - assertThat(wrapper.isUserInRole("ROLE_HELLO")).isTrue(); assertThat(wrapper.isUserInRole("ROLE_FOOBAR")).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java index 6754bc5701..558fdce2c5 100644 --- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java @@ -43,9 +43,7 @@ public class DefaultSessionAuthenticationStrategyTests { public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() { SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy(); HttpServletRequest request = new MockHttpServletRequest(); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(request.getSession(false)).isNull(); } @@ -54,9 +52,7 @@ public class DefaultSessionAuthenticationStrategyTests { SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy(); HttpServletRequest request = new MockHttpServletRequest(); String sessionId = request.getSession().getId(); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(sessionId.equals(request.getSession().getId())).isFalse(); } @@ -69,21 +65,15 @@ public class DefaultSessionAuthenticationStrategyTests { session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); String oldSessionId = session.getId(); - ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class); strategy.setApplicationEventPublisher(eventPublisher); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - ArgumentCaptor eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class); verify(eventPublisher).publishEvent(eventArgumentCaptor.capture()); - assertThat(oldSessionId.equals(request.getSession().getId())).isFalse(); assertThat(request.getSession().getAttribute("blah")).isNotNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); - assertThat(eventArgumentCaptor.getValue()).isNotNull(); assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue(); SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue(); @@ -101,9 +91,7 @@ public class DefaultSessionAuthenticationStrategyTests { HttpSession session = request.getSession(); session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); - strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse()); - assertThat(request.getSession().getAttribute("blah")).isNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); } @@ -118,20 +106,14 @@ public class DefaultSessionAuthenticationStrategyTests { session.setAttribute("blah", "blah"); session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest"); String oldSessionId = session.getId(); - ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class); strategy.setApplicationEventPublisher(eventPublisher); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - ArgumentCaptor eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class); verify(eventPublisher).publishEvent(eventArgumentCaptor.capture()); - assertThat(request.getSession().getAttribute("blah")).isNull(); assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull(); - assertThat(eventArgumentCaptor.getValue()).isNotNull(); assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue(); SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue(); @@ -155,11 +137,8 @@ public class DefaultSessionAuthenticationStrategyTests { HttpServletRequest request = new MockHttpServletRequest(); HttpSession session = request.getSession(); session.setMaxInactiveInterval(1); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - assertThat(request.getSession().getMaxInactiveInterval()).isEqualTo(1); } @@ -170,11 +149,8 @@ public class DefaultSessionAuthenticationStrategyTests { HttpServletRequest request = new MockHttpServletRequest(); HttpSession session = request.getSession(); session.setMaxInactiveInterval(1); - Authentication mockAuthentication = mock(Authentication.class); - strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse()); - assertThat(request.getSession().getMaxInactiveInterval()).isNotEqualTo(1); } diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java index 1ddf4f5cec..be04e536eb 100644 --- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java +++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java @@ -40,35 +40,25 @@ public class HttpSessionEventPublisherTests { @Test public void publishedEventIsReceivedbyListener() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); - StaticWebApplicationContext context = new StaticWebApplicationContext(); - MockServletContext servletContext = new MockServletContext(); servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context); - context.setServletContext(servletContext); context.registerSingleton("listener", MockApplicationListener.class, null); context.refresh(); - MockHttpSession session = new MockHttpSession(servletContext); MockApplicationListener listener = (MockApplicationListener) context.getBean("listener"); - HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); - assertThat(listener.getCreatedEvent()).isNotNull(); assertThat(listener.getDestroyedEvent()).isNull(); assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session); - listener.setCreatedEvent(null); listener.setDestroyedEvent(null); - publisher.sessionDestroyed(event); assertThat(listener.getDestroyedEvent()).isNotNull(); assertThat(listener.getCreatedEvent()).isNull(); assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session); - publisher.sessionIdChanged(event, "oldSessionId"); assertThat(listener.getSessionIdChangedEvent()).isNotNull(); assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId"); @@ -78,35 +68,25 @@ public class HttpSessionEventPublisherTests { @Test public void publishedEventIsReceivedbyListenerChildContext() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); - StaticWebApplicationContext context = new StaticWebApplicationContext(); - MockServletContext servletContext = new MockServletContext(); servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context); - context.setServletContext(servletContext); context.registerSingleton("listener", MockApplicationListener.class, null); context.refresh(); - MockHttpSession session = new MockHttpSession(servletContext); MockApplicationListener listener = (MockApplicationListener) context.getBean("listener"); - HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); - assertThat(listener.getCreatedEvent()).isNotNull(); assertThat(listener.getDestroyedEvent()).isNull(); assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session); - listener.setCreatedEvent(null); listener.setDestroyedEvent(null); - publisher.sessionDestroyed(event); assertThat(listener.getDestroyedEvent()).isNotNull(); assertThat(listener.getCreatedEvent()).isNull(); assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session); - publisher.sessionIdChanged(event, "oldSessionId"); assertThat(listener.getSessionIdChangedEvent()).isNotNull(); assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId"); @@ -120,7 +100,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionCreated(event); } @@ -131,7 +110,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionDestroyed(event); } @@ -141,7 +119,6 @@ public class HttpSessionEventPublisherTests { MockServletContext servletContext = new MockServletContext(); MockHttpSession session = new MockHttpSession(servletContext); HttpSessionEvent event = new HttpSessionEvent(session); - publisher.sessionIdChanged(event, "oldSessionId"); } diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java index bb5f535ba9..ad25c72ab3 100644 --- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java @@ -61,9 +61,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo); HttpServletRequest request = new MockHttpServletRequest(); String sessionId = request.getSession().getId(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - assertThat(request.getSession().getId()).isEqualTo(sessionId); } @@ -76,9 +74,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(strategy); } @@ -88,9 +84,7 @@ public class SessionManagementFilterTests { SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class); SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verifyZeroInteractions(strategy); } @@ -102,9 +96,7 @@ public class SessionManagementFilterTests { SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); // Check that it is only applied once to the request @@ -117,7 +109,6 @@ public class SessionManagementFilterTests { SecurityContextRepository repo = mock(SecurityContextRepository.class); // repo will return false to containsContext() SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); filter.setAuthenticationFailureHandler(failureHandler); @@ -128,7 +119,6 @@ public class SessionManagementFilterTests { SessionAuthenticationException exception = new SessionAuthenticationException("Failure"); willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response); - filter.doFilter(request, response, fc); verifyZeroInteractions(fc); verify(failureHandler).onAuthenticationFailure(request, response, exception); @@ -144,10 +134,8 @@ public class SessionManagementFilterTests { request.setRequestedSessionId("xxx"); request.setRequestedSessionIdValid(false); MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, new MockFilterChain()); assertThat(response.getRedirectedUrl()).isNull(); - // Now set a redirect URL request = new MockHttpServletRequest(); request.setRequestedSessionId("xxx"); @@ -158,7 +146,6 @@ public class SessionManagementFilterTests { FilterChain fc = mock(FilterChain.class); filter.doFilter(request, response, fc); verifyZeroInteractions(fc); - assertThat(response.getRedirectedUrl()).isEqualTo("/timedOut"); } @@ -170,9 +157,7 @@ public class SessionManagementFilterTests { filter.setTrustResolver(trustResolver); HttpServletRequest request = new MockHttpServletRequest(); authenticateUser(); - filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); - verify(trustResolver).isAnonymous(any(Authentication.class)); } diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java index 778b5bcb92..e234ca1bb3 100644 --- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java +++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java @@ -66,7 +66,6 @@ public class OnCommittedResponseWrapperTests { @Test public void printWriterHashCode() throws Exception { int expected = this.writer.hashCode(); - assertThat(this.response.getWriter().hashCode()).isEqualTo(expected); } @@ -74,16 +73,13 @@ public class OnCommittedResponseWrapperTests { public void printWriterCheckError() throws Exception { boolean expected = true; given(this.writer.checkError()).willReturn(expected); - assertThat(this.response.getWriter().checkError()).isEqualTo(expected); } @Test public void printWriterWriteInt() throws Exception { int expected = 1; - this.response.getWriter().write(expected); - verify(this.writer).write(expected); } @@ -92,18 +88,14 @@ public class OnCommittedResponseWrapperTests { char[] buff = new char[0]; int off = 2; int len = 3; - this.response.getWriter().write(buff, off, len); - verify(this.writer).write(buff, off, len); } @Test public void printWriterWriteChar() throws Exception { char[] buff = new char[0]; - this.response.getWriter().write(buff); - verify(this.writer).write(buff); } @@ -112,187 +104,146 @@ public class OnCommittedResponseWrapperTests { String s = ""; int off = 2; int len = 3; - this.response.getWriter().write(s, off, len); - verify(this.writer).write(s, off, len); } @Test public void printWriterWriteString() throws Exception { String s = ""; - this.response.getWriter().write(s); - verify(this.writer).write(s); } @Test public void printWriterPrintBoolean() throws Exception { boolean b = true; - this.response.getWriter().print(b); - verify(this.writer).print(b); } @Test public void printWriterPrintChar() throws Exception { char c = 1; - this.response.getWriter().print(c); - verify(this.writer).print(c); } @Test public void printWriterPrintInt() throws Exception { int i = 1; - this.response.getWriter().print(i); - verify(this.writer).print(i); } @Test public void printWriterPrintLong() throws Exception { long l = 1; - this.response.getWriter().print(l); - verify(this.writer).print(l); } @Test public void printWriterPrintFloat() throws Exception { float f = 1; - this.response.getWriter().print(f); - verify(this.writer).print(f); } @Test public void printWriterPrintDouble() throws Exception { double x = 1; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintCharArray() throws Exception { char[] x = new char[0]; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintString() throws Exception { String x = "1"; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintObject() throws Exception { Object x = "1"; - this.response.getWriter().print(x); - verify(this.writer).print(x); } @Test public void printWriterPrintln() throws Exception { this.response.getWriter().println(); - verify(this.writer).println(); } @Test public void printWriterPrintlnBoolean() throws Exception { boolean b = true; - this.response.getWriter().println(b); - verify(this.writer).println(b); } @Test public void printWriterPrintlnChar() throws Exception { char c = 1; - this.response.getWriter().println(c); - verify(this.writer).println(c); } @Test public void printWriterPrintlnInt() throws Exception { int i = 1; - this.response.getWriter().println(i); - verify(this.writer).println(i); } @Test public void printWriterPrintlnLong() throws Exception { long l = 1; - this.response.getWriter().println(l); - verify(this.writer).println(l); } @Test public void printWriterPrintlnFloat() throws Exception { float f = 1; - this.response.getWriter().println(f); - verify(this.writer).println(f); } @Test public void printWriterPrintlnDouble() throws Exception { double x = 1; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnCharArray() throws Exception { char[] x = new char[0]; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnString() throws Exception { String x = "1"; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @Test public void printWriterPrintlnObject() throws Exception { Object x = "1"; - this.response.getWriter().println(x); - verify(this.writer).println(x); } @@ -300,9 +251,7 @@ public class OnCommittedResponseWrapperTests { public void printWriterPrintfStringObjectVargs() throws Exception { String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().printf(format, args); - verify(this.writer).printf(format, args); } @@ -311,9 +260,7 @@ public class OnCommittedResponseWrapperTests { Locale l = Locale.US; String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().printf(l, format, args); - verify(this.writer).printf(l, format, args); } @@ -321,9 +268,7 @@ public class OnCommittedResponseWrapperTests { public void printWriterFormatStringObjectVargs() throws Exception { String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().format(format, args); - verify(this.writer).format(format, args); } @@ -332,18 +277,14 @@ public class OnCommittedResponseWrapperTests { Locale l = Locale.US; String format = "format"; Object[] args = new Object[] { "1" }; - this.response.getWriter().format(l, format, args); - verify(this.writer).format(l, format, args); } @Test public void printWriterAppendCharSequence() throws Exception { String x = "a"; - this.response.getWriter().append(x); - verify(this.writer).append(x); } @@ -352,45 +293,35 @@ public class OnCommittedResponseWrapperTests { String x = "abcdef"; int start = 1; int end = 3; - this.response.getWriter().append(x, start, end); - verify(this.writer).append(x, start, end); } @Test public void printWriterAppendChar() throws Exception { char x = 1; - this.response.getWriter().append(x); - verify(this.writer).append(x); } // servletoutputstream - @Test public void outputStreamHashCode() throws Exception { int expected = this.out.hashCode(); - assertThat(this.response.getOutputStream().hashCode()).isEqualTo(expected); } @Test public void outputStreamWriteInt() throws Exception { int expected = 1; - this.response.getOutputStream().write(expected); - verify(this.out).write(expected); } @Test public void outputStreamWriteByte() throws Exception { byte[] expected = new byte[0]; - this.response.getOutputStream().write(expected); - verify(this.out).write(expected); } @@ -399,160 +330,124 @@ public class OnCommittedResponseWrapperTests { int start = 1; int end = 2; byte[] expected = new byte[0]; - this.response.getOutputStream().write(expected, start, end); - verify(this.out).write(expected, start, end); } @Test public void outputStreamPrintBoolean() throws Exception { boolean b = true; - this.response.getOutputStream().print(b); - verify(this.out).print(b); } @Test public void outputStreamPrintChar() throws Exception { char c = 1; - this.response.getOutputStream().print(c); - verify(this.out).print(c); } @Test public void outputStreamPrintInt() throws Exception { int i = 1; - this.response.getOutputStream().print(i); - verify(this.out).print(i); } @Test public void outputStreamPrintLong() throws Exception { long l = 1; - this.response.getOutputStream().print(l); - verify(this.out).print(l); } @Test public void outputStreamPrintFloat() throws Exception { float f = 1; - this.response.getOutputStream().print(f); - verify(this.out).print(f); } @Test public void outputStreamPrintDouble() throws Exception { double x = 1; - this.response.getOutputStream().print(x); - verify(this.out).print(x); } @Test public void outputStreamPrintString() throws Exception { String x = "1"; - this.response.getOutputStream().print(x); - verify(this.out).print(x); } @Test public void outputStreamPrintln() throws Exception { this.response.getOutputStream().println(); - verify(this.out).println(); } @Test public void outputStreamPrintlnBoolean() throws Exception { boolean b = true; - this.response.getOutputStream().println(b); - verify(this.out).println(b); } @Test public void outputStreamPrintlnChar() throws Exception { char c = 1; - this.response.getOutputStream().println(c); - verify(this.out).println(c); } @Test public void outputStreamPrintlnInt() throws Exception { int i = 1; - this.response.getOutputStream().println(i); - verify(this.out).println(i); } @Test public void outputStreamPrintlnLong() throws Exception { long l = 1; - this.response.getOutputStream().println(l); - verify(this.out).println(l); } @Test public void outputStreamPrintlnFloat() throws Exception { float f = 1; - this.response.getOutputStream().println(f); - verify(this.out).println(f); } @Test public void outputStreamPrintlnDouble() throws Exception { double x = 1; - this.response.getOutputStream().println(x); - verify(this.out).println(x); } @Test public void outputStreamPrintlnString() throws Exception { String x = "1"; - this.response.getOutputStream().println(x); - verify(this.out).println(x); } // The amount of content specified in the setContentLength method of the response // has been greater than zero and has been written to the response. - // gh-3823 @Test public void contentLengthPrintWriterWriteNullCommits() throws Exception { String expected = null; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); - this.response.getWriter().write("a"); - assertThat(this.committed).isTrue(); } @@ -560,9 +455,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteIntCommits() throws Exception { int expected = 1; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -570,9 +463,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -580,13 +471,9 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPlus1PrintWriterWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); - this.response.getWriter().write(1); - assertThat(this.committed).isTrue(); } @@ -596,9 +483,7 @@ public class OnCommittedResponseWrapperTests { int off = 2; int len = 3; this.response.setContentLength(3); - this.response.getWriter().write(buff, off, len); - assertThat(this.committed).isTrue(); } @@ -606,9 +491,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteCharCommits() throws Exception { char[] buff = new char[4]; this.response.setContentLength(buff.length); - this.response.getWriter().write(buff); - assertThat(this.committed).isTrue(); } @@ -618,9 +501,7 @@ public class OnCommittedResponseWrapperTests { int off = 2; int len = 3; this.response.setContentLength(3); - this.response.getWriter().write(s, off, len); - assertThat(this.committed).isTrue(); } @@ -628,9 +509,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLength(body.length()); - this.response.getWriter().write(body); - assertThat(this.committed).isTrue(); } @@ -638,18 +517,14 @@ public class OnCommittedResponseWrapperTests { public void printWriterWriteStringContentLengthCommits() throws IOException { String body = "something"; this.response.getWriter().write(body); - this.response.setContentLength(body.length()); - assertThat(this.committed).isTrue(); } @Test public void printWriterWriteStringDoesNotCommit() throws IOException { String body = "something"; - this.response.getWriter().write(body); - assertThat(this.committed).isFalse(); } @@ -657,9 +532,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getWriter().print(b); - assertThat(this.committed).isTrue(); } @@ -667,9 +540,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getWriter().print(c); - assertThat(this.committed).isTrue(); } @@ -677,9 +548,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintIntCommits() throws Exception { int i = 1234; this.response.setContentLength(String.valueOf(i).length()); - this.response.getWriter().print(i); - assertThat(this.committed).isTrue(); } @@ -687,9 +556,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintLongCommits() throws Exception { long l = 12345; this.response.setContentLength(String.valueOf(l).length()); - this.response.getWriter().print(l); - assertThat(this.committed).isTrue(); } @@ -697,9 +564,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintFloatCommits() throws Exception { float f = 12345; this.response.setContentLength(String.valueOf(f).length()); - this.response.getWriter().print(f); - assertThat(this.committed).isTrue(); } @@ -707,9 +572,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintDoubleCommits() throws Exception { double x = 1.2345; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -717,9 +580,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintCharArrayCommits() throws Exception { char[] x = new char[10]; this.response.setContentLength(x.length); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -727,9 +588,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintStringCommits() throws Exception { String x = "12345"; this.response.setContentLength(x.length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @@ -737,18 +596,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintObjectCommits() throws Exception { Object x = "12345"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().print(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthPrintWriterPrintlnCommits() throws Exception { this.response.setContentLength(NL.length()); - this.response.getWriter().println(); - assertThat(this.committed).isTrue(); } @@ -756,9 +611,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getWriter().println(b); - assertThat(this.committed).isTrue(); } @@ -766,9 +619,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getWriter().println(c); - assertThat(this.committed).isTrue(); } @@ -776,9 +627,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnIntCommits() throws Exception { int i = 12345; this.response.setContentLength(String.valueOf(i).length()); - this.response.getWriter().println(i); - assertThat(this.committed).isTrue(); } @@ -786,9 +635,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnLongCommits() throws Exception { long l = 12345678; this.response.setContentLength(String.valueOf(l).length()); - this.response.getWriter().println(l); - assertThat(this.committed).isTrue(); } @@ -796,9 +643,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnFloatCommits() throws Exception { float f = 1234; this.response.setContentLength(String.valueOf(f).length()); - this.response.getWriter().println(f); - assertThat(this.committed).isTrue(); } @@ -806,9 +651,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnDoubleCommits() throws Exception { double x = 1; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -816,9 +659,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnCharArrayCommits() throws Exception { char[] x = new char[20]; this.response.setContentLength(x.length); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -826,9 +667,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnStringCommits() throws Exception { String x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -836,9 +675,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterPrintlnObjectCommits() throws Exception { Object x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().println(x); - assertThat(this.committed).isTrue(); } @@ -846,9 +683,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterAppendCharSequenceCommits() throws Exception { String x = "a"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getWriter().append(x); - assertThat(this.committed).isTrue(); } @@ -858,9 +693,7 @@ public class OnCommittedResponseWrapperTests { int start = 1; int end = 3; this.response.setContentLength(end - start); - this.response.getWriter().append(x, start, end); - assertThat(this.committed).isTrue(); } @@ -868,9 +701,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPrintWriterAppendCharCommits() throws Exception { char x = 1; this.response.setContentLength(1); - this.response.getWriter().append(x); - assertThat(this.committed).isTrue(); } @@ -878,9 +709,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteIntCommits() throws Exception { int expected = 1; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isTrue(); } @@ -888,9 +717,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length()); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isTrue(); } @@ -898,13 +725,9 @@ public class OnCommittedResponseWrapperTests { public void contentLengthPlus1OutputStreamWriteIntMultiDigitCommits() throws Exception { int expected = 10000; this.response.setContentLength(String.valueOf(expected).length() + 1); - this.response.getOutputStream().write(expected); - assertThat(this.committed).isFalse(); - this.response.getOutputStream().write(1); - assertThat(this.committed).isTrue(); } @@ -915,13 +738,9 @@ public class OnCommittedResponseWrapperTests { + " \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" + " \"headerName\" : \"X-CSRF-TOKEN\"\n" + "}"; this.response.setContentLength(expected.length() + 1); - this.response.getOutputStream().write(expected.getBytes()); - assertThat(this.committed).isFalse(); - this.response.getOutputStream().write("1".getBytes("UTF-8")); - assertThat(this.committed).isTrue(); } @@ -929,9 +748,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getOutputStream().print(b); - assertThat(this.committed).isTrue(); } @@ -939,9 +756,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getOutputStream().print(c); - assertThat(this.committed).isTrue(); } @@ -949,9 +764,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintIntCommits() throws Exception { int i = 1234; this.response.setContentLength(String.valueOf(i).length()); - this.response.getOutputStream().print(i); - assertThat(this.committed).isTrue(); } @@ -959,9 +772,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintLongCommits() throws Exception { long l = 12345; this.response.setContentLength(String.valueOf(l).length()); - this.response.getOutputStream().print(l); - assertThat(this.committed).isTrue(); } @@ -969,9 +780,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintFloatCommits() throws Exception { float f = 12345; this.response.setContentLength(String.valueOf(f).length()); - this.response.getOutputStream().print(f); - assertThat(this.committed).isTrue(); } @@ -979,9 +788,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintDoubleCommits() throws Exception { double x = 1.2345; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().print(x); - assertThat(this.committed).isTrue(); } @@ -989,18 +796,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintStringCommits() throws Exception { String x = "12345"; this.response.setContentLength(x.length()); - this.response.getOutputStream().print(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthOutputStreamPrintlnCommits() throws Exception { this.response.setContentLength(NL.length()); - this.response.getOutputStream().println(); - assertThat(this.committed).isTrue(); } @@ -1008,9 +811,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnBooleanCommits() throws Exception { boolean b = true; this.response.setContentLength(1); - this.response.getOutputStream().println(b); - assertThat(this.committed).isTrue(); } @@ -1018,9 +819,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnCharCommits() throws Exception { char c = 1; this.response.setContentLength(1); - this.response.getOutputStream().println(c); - assertThat(this.committed).isTrue(); } @@ -1028,9 +827,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnIntCommits() throws Exception { int i = 12345; this.response.setContentLength(String.valueOf(i).length()); - this.response.getOutputStream().println(i); - assertThat(this.committed).isTrue(); } @@ -1038,9 +835,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnLongCommits() throws Exception { long l = 12345678; this.response.setContentLength(String.valueOf(l).length()); - this.response.getOutputStream().println(l); - assertThat(this.committed).isTrue(); } @@ -1048,9 +843,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnFloatCommits() throws Exception { float f = 1234; this.response.setContentLength(String.valueOf(f).length()); - this.response.getOutputStream().println(f); - assertThat(this.committed).isTrue(); } @@ -1058,9 +851,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnDoubleCommits() throws Exception { double x = 1; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().println(x); - assertThat(this.committed).isTrue(); } @@ -1068,18 +859,14 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamPrintlnStringCommits() throws Exception { String x = "1"; this.response.setContentLength(String.valueOf(x).length()); - this.response.getOutputStream().println(x); - assertThat(this.committed).isTrue(); } @Test public void contentLengthDoesNotCommit() { String body = "something"; - this.response.setContentLength(body.length()); - assertThat(this.committed).isFalse(); } @@ -1087,9 +874,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthOutputStreamWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLength(body.length()); - this.response.getOutputStream().print(body); - assertThat(this.committed).isTrue(); } @@ -1098,9 +883,7 @@ public class OnCommittedResponseWrapperTests { public void contentLengthLongOutputStreamWriteStringCommits() throws IOException { String body = "something"; this.response.setContentLengthLong(body.length()); - this.response.getOutputStream().print(body); - assertThat(this.committed).isTrue(); } @@ -1108,9 +891,7 @@ public class OnCommittedResponseWrapperTests { public void addHeaderContentLengthPrintWriterWriteStringCommits() throws Exception { int expected = 1234; this.response.addHeader("Content-Length", String.valueOf(String.valueOf(expected).length())); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -1118,9 +899,7 @@ public class OnCommittedResponseWrapperTests { public void bufferSizePrintWriterWriteCommits() throws Exception { String expected = "1234567890"; given(this.response.getBufferSize()).willReturn(expected.length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); } @@ -1128,15 +907,10 @@ public class OnCommittedResponseWrapperTests { public void bufferSizeCommitsOnce() throws Exception { String expected = "1234567890"; given(this.response.getBufferSize()).willReturn(expected.length()); - this.response.getWriter().write(expected); - assertThat(this.committed).isTrue(); - this.committed = false; - this.response.getWriter().write(expected); - assertThat(this.committed).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java index 10a76b0f6c..893d8db75a 100644 --- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java +++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java @@ -51,7 +51,6 @@ public class ThrowableAnalyzerTests { @Before public void setUp() { - // Set up test trace this.testTrace = new Throwable[7]; this.testTrace[6] = new IllegalArgumentException("Test_6"); @@ -61,13 +60,10 @@ public class ThrowableAnalyzerTests { this.testTrace[2] = new NonStandardException("Test_2", this.testTrace[3]); this.testTrace[1] = new RuntimeException("Test_1", this.testTrace[2]); this.testTrace[0] = new Exception("Test_0", this.testTrace[1]); - // Set up standard analyzer this.standardAnalyzer = new ThrowableAnalyzer(); - // Set up nonstandard analyzer this.nonstandardAnalyzer = new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -84,7 +80,6 @@ public class ThrowableAnalyzerTests { public void testRegisterExtractorWithInvalidExtractor() { try { new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -94,7 +89,6 @@ public class ThrowableAnalyzerTests { super.registerExtractor(Exception.class, null); } }; - fail("IllegalArgumentExpected"); } catch (IllegalArgumentException ex) { @@ -104,16 +98,12 @@ public class ThrowableAnalyzerTests { @Test public void testGetRegisteredTypes() { - Class[] registeredTypes = this.nonstandardAnalyzer.getRegisteredTypes(); - for (int i = 0; i < registeredTypes.length; ++i) { Class clazz = registeredTypes[i]; - // The most specific types have to occur first. for (int j = 0; j < i; ++j) { Class prevClazz = registeredTypes[j]; - assertThat(prevClazz.isAssignableFrom(clazz)) .withFailMessage( "Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz) @@ -125,7 +115,6 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithNoExtractors() { ThrowableAnalyzer analyzer = new ThrowableAnalyzer() { - /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ @@ -134,10 +123,8 @@ public class ThrowableAnalyzerTests { // skip default initialization } }; - assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") .isZero(); - Throwable t = this.testTrace[0]; Throwable[] chain = analyzer.determineCauseChain(t); // Without extractors only the root throwable is available @@ -148,12 +135,9 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithDefaultExtractors() { ThrowableAnalyzer analyzer = this.standardAnalyzer; - assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") .isEqualTo(2); - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - // Element at index 2 is a NonStandardException which cannot be analyzed further // by default assertThat(chain.length).as("Unexpected chain size").isEqualTo(3); @@ -165,9 +149,7 @@ public class ThrowableAnalyzerTests { @Test public void testDetermineCauseChainWithCustomExtractors() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - assertThat(chain.length).as("Unexpected chain size").isEqualTo(this.testTrace.length); for (int i = 0; i < chain.length; ++i) { assertThat(chain[i]).withFailMessage("Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]); @@ -177,11 +159,8 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithSuccess1() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - Throwable result = analyzer.getFirstThrowableOfType(Exception.class, chain); - assertThat(result).as("null not expected").isNotNull(); assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[0]); } @@ -189,11 +168,8 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithSuccess2() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - Throwable result = analyzer.getFirstThrowableOfType(NonStandardException.class, chain); - assertThat(result).as("null not expected").isNotNull(); assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[2]); } @@ -201,18 +177,14 @@ public class ThrowableAnalyzerTests { @Test public void testGetFirstThrowableOfTypeWithFailure() { ThrowableAnalyzer analyzer = this.nonstandardAnalyzer; - Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); - // IllegalStateException not in trace Throwable result = analyzer.getFirstThrowableOfType(IllegalStateException.class, chain); - assertThat(result).as("null expected").isNull(); } @Test public void testVerifyThrowableHierarchyWithExactType() { - Throwable throwable = new IllegalStateException("Test"); ThrowableAnalyzer.verifyThrowableHierarchy(throwable, IllegalStateException.class); // No exception expected @@ -220,7 +192,6 @@ public class ThrowableAnalyzerTests { @Test public void testVerifyThrowableHierarchyWithCompatibleType() { - Throwable throwable = new IllegalStateException("Test"); ThrowableAnalyzer.verifyThrowableHierarchy(throwable, Exception.class); // No exception expected @@ -239,7 +210,6 @@ public class ThrowableAnalyzerTests { @Test public void testVerifyThrowableHierarchyWithNonmatchingType() { - Throwable throwable = new IllegalStateException("Test"); try { ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class); diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java index f3a7671d50..a10b26b3e4 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java @@ -82,7 +82,6 @@ public class AndRequestMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new AndRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -91,7 +90,6 @@ public class AndRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(true); given(this.delegate2.matches(this.request)).willReturn(true); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -99,7 +97,6 @@ public class AndRequestMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -107,7 +104,6 @@ public class AndRequestMatcherTests { public void matchesMultiBothFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -116,7 +112,6 @@ public class AndRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(true); given(this.delegate2.matches(this.request)).willReturn(false); this.matcher = new AndRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java index 80696a0735..58398adfa8 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java @@ -43,7 +43,6 @@ public class AntPathRequestMatcherTests { public void matchesWhenUrlPathHelperThenMatchesOnRequestUri() { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/foo/bar", null, true, new UrlPathHelper()); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar"); - assertThat(matcher.matches(request)).isTrue(); } @@ -51,9 +50,7 @@ public class AntPathRequestMatcherTests { public void singleWildcardMatchesAnyPath() { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/**"); assertThat(matcher.getPattern()).isEqualTo("/**"); - assertThat(matcher.matches(createRequest("/blah"))).isTrue(); - matcher = new AntPathRequestMatcher("**"); assertThat(matcher.matches(createRequest("/blah"))).isTrue(); assertThat(matcher.matches(createRequest(""))).isTrue(); @@ -69,14 +66,11 @@ public class AntPathRequestMatcherTests { assertThat(matcher.matches(createRequest("/blah/blaha"))).isFalse(); assertThat(matcher.matches(createRequest("/blah/bleh/"))).isFalse(); MockHttpServletRequest request = createRequest("/blah/"); - request.setPathInfo("blah/bleh"); assertThat(matcher.matches(request)).isTrue(); - matcher = new AntPathRequestMatcher("/bl?h/blAh/**", null, false); assertThat(matcher.matches(createRequest("/BLAH/Blah/aaa/"))).isTrue(); assertThat(matcher.matches(createRequest("/bleh/Blah"))).isTrue(); - matcher = new AntPathRequestMatcher("/blAh/**/blah/**", null, false); assertThat(matcher.matches(createRequest("/blah/blah"))).isTrue(); assertThat(matcher.matches(createRequest("/blah/bleh"))).isFalse(); @@ -160,7 +154,6 @@ public class AntPathRequestMatcherTests { assertThat(new AntPathRequestMatcher("/upper", null, true).matches(request)).isFalse(); assertThat(new AntPathRequestMatcher("/upper", "POST", true).matches(request)).isFalse(); assertThat(new AntPathRequestMatcher("/upper", "GET", true).matches(request)).isFalse(); - assertThat(new AntPathRequestMatcher("/upper", null, false).matches(request)).isTrue(); assertThat(new AntPathRequestMatcher("/upper", "POST", false).matches(request)).isTrue(); } @@ -170,7 +163,6 @@ public class AntPathRequestMatcherTests { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/path/*/bar"); MockHttpServletRequest request = createRequest("/path /foo/bar"); assertThat(matcher.matches(request)).isFalse(); - matcher = new AntPathRequestMatcher("/path/foo"); request = createRequest("/path /foo"); assertThat(matcher.matches(request)).isFalse(); @@ -201,7 +193,6 @@ public class AntPathRequestMatcherTests { AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah", "GET"); MockHttpServletRequest request = createRequest("/blah"); request.setMethod("INVALID"); - assertThat(matcher.matches(request)).isFalse(); } @@ -215,7 +206,6 @@ public class AntPathRequestMatcherTests { request.setQueryString("doesntMatter"); request.setServletPath(path); request.setMethod("POST"); - return request; } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java index 4a71218ce9..d445c5c510 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java @@ -33,7 +33,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("1.1.1.1"); - assertThat(requestMatcher.matches(request)).isTrue(); } @@ -42,7 +41,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("1.1.1.2"); - assertThat(requestMatcher.matches(request)).isFalse(); } @@ -51,7 +49,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "MSIE"); - assertThat(requestMatcher.matches(request)).isTrue(); } @@ -61,14 +58,10 @@ public class ELRequestMatcherTests { "hasHeader('User-Agent','MSIE') or hasHeader('User-Agent','Mozilla')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "MSIE"); - assertThat(requestMatcher.matches(request)).isTrue(); - request = new MockHttpServletRequest(); request.addHeader("User-Agent", "Mozilla"); - assertThat(requestMatcher.matches(request)).isTrue(); - } @Test @@ -76,7 +69,6 @@ public class ELRequestMatcherTests { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("User-Agent", "wrong"); - assertThat(requestMatcher.matches(request)).isFalse(); } @@ -84,7 +76,6 @@ public class ELRequestMatcherTests { public void testHasHeaderNull() { ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')"); MockHttpServletRequest request = new MockHttpServletRequest(); - assertThat(requestMatcher.matches(request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java index b0f2594cf6..1ef1c66f2e 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java @@ -71,7 +71,6 @@ public class IpAddressMatcherTests { @Test public void ipv6RangeMatches() { IpAddressMatcher matcher = new IpAddressMatcher("2001:DB8::/48"); - assertThat(matcher.matches("2001:DB8:0:0:0:0:0:0")).isTrue(); assertThat(matcher.matches("2001:DB8:0:0:0:0:0:1")).isTrue(); assertThat(matcher.matches("2001:DB8:0:FFFF:FFFF:FFFF:FFFF:FFFF")).isTrue(); @@ -82,10 +81,8 @@ public class IpAddressMatcherTests { @Test public void zeroMaskMatchesAnything() { IpAddressMatcher matcher = new IpAddressMatcher("0.0.0.0/0"); - assertThat(matcher.matches("123.4.5.6")).isTrue(); assertThat(matcher.matches("192.168.0.159")).isTrue(); - matcher = new IpAddressMatcher("192.168.0.159/0"); assertThat(matcher.matches("123.4.5.6")).isTrue(); assertThat(matcher.matches("192.168.0.159")).isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java index df88943b00..39b210cb76 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java @@ -52,21 +52,17 @@ public class MediaTypeRequestMatcherRequestHCNSTests { public void mediaAllMatches() { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); - assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML); assertThat(this.matcher.matches(this.request)).isTrue(); } // ignoreMediaTypeAll - @Test public void mediaAllIgnoreMediaTypeAll() { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -75,18 +71,15 @@ public class MediaTypeRequestMatcherRequestHCNSTests { this.request.addHeader("Accept", MediaType.ALL_VALUE + "," + MediaType.TEXT_HTML_VALUE); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } // JavaDoc - @Test public void javadocJsonJson() { this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE); MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_JSON); - assertThat(matcher.matches(this.request)).isTrue(); } @@ -95,7 +88,6 @@ public class MediaTypeRequestMatcherRequestHCNSTests { this.request.addHeader("Accept", MediaType.ALL_VALUE); MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_JSON); - assertThat(matcher.matches(this.request)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java index 77567eb379..7a9fe12bfa 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java @@ -96,20 +96,16 @@ public class MediaTypeRequestMatcherTests { public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willThrow(new HttpMediaTypeNotAcceptableException("oops")); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL); assertThat(this.matcher.matches(this.request)).isFalse(); } @Test public void mediaAllMatches() throws Exception { - given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.ALL)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -190,15 +186,12 @@ public class MediaTypeRequestMatcherTests { public void multipleMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML, MediaType.APPLICATION_JSON); assertThat(this.matcher.matches(this.request)).isTrue(); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -208,7 +201,6 @@ public class MediaTypeRequestMatcherTests { public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -216,7 +208,6 @@ public class MediaTypeRequestMatcherTests { @Test public void matchWhenAcceptHeaderIsTextThenMediaTypeAllIsMatched() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*")); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -225,7 +216,6 @@ public class MediaTypeRequestMatcherTests { public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "*"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -233,18 +223,15 @@ public class MediaTypeRequestMatcherTests { @Test public void matchWhenAcceptHeaderIsTextWildcardThenMediaTypeTextIsMatched() { this.request.addHeader("Accept", "text/*"); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); assertThat(this.matcher.matches(this.request)).isTrue(); } // useEquals - @Test public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "*"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -253,7 +240,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeTextIsNotMatched() { this.request.addHeader("Accept", "text/*"); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -263,7 +249,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -272,7 +257,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeTextAllIsNotMatched() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -282,7 +266,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsSame() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -291,7 +274,6 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenMediaTypeIsMatchedWithEqualString() { this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE); - this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -301,7 +283,6 @@ public class MediaTypeRequestMatcherTests { public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(new MediaType("text", "unique"))); - this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -310,21 +291,18 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWhenTrueThenCustomMediaTypeIsMatched() { this.request.addHeader("Accept", "text/unique"); - this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "unique")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); } // ignoreMediaTypeAll - @Test public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) .willReturn(Arrays.asList(MediaType.ALL)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -333,7 +311,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.ALL_VALUE); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -343,7 +320,6 @@ public class MediaTypeRequestMatcherTests { .willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -352,7 +328,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.ALL_VALUE + ", " + MediaType.TEXT_HTML_VALUE); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -362,7 +337,6 @@ public class MediaTypeRequestMatcherTests { .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -371,7 +345,6 @@ public class MediaTypeRequestMatcherTests { this.request.addHeader("Accept", MediaType.TEXT_PLAIN + ", */*;q=0.8"); this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java index 7c9cbbae36..1a738c4a42 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java @@ -50,7 +50,6 @@ public class NegatedRequestMatcherTests { public void matchesDelegateFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new NegatedRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -58,7 +57,6 @@ public class NegatedRequestMatcherTests { public void matchesDelegateTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new NegatedRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java index 6783abef41..291b97c2fb 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java @@ -82,7 +82,6 @@ public class OrRequestMatcherTests { public void matchesSingleTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -90,7 +89,6 @@ public class OrRequestMatcherTests { public void matchesMultiTrue() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -98,7 +96,6 @@ public class OrRequestMatcherTests { public void matchesSingleFalse() { given(this.delegate.matches(this.request)).willReturn(false); this.matcher = new OrRequestMatcher(this.delegate); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -107,7 +104,6 @@ public class OrRequestMatcherTests { given(this.delegate.matches(this.request)).willReturn(false); given(this.delegate2.matches(this.request)).willReturn(false); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -115,7 +111,6 @@ public class OrRequestMatcherTests { public void matchesMultiSingleFalse() { given(this.delegate.matches(this.request)).willReturn(true); this.matcher = new OrRequestMatcher(this.delegate, this.delegate2); - assertThat(this.matcher.matches(this.request)).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java index 37d2b2fca4..24f686c28b 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java @@ -41,31 +41,25 @@ public class RegexRequestMatcherTests { @Test public void doesntMatchIfHttpMethodIsDifferent() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("POST", "/anything"); - assertThat(matcher.matches(request)).isFalse(); } @Test public void matchesIfHttpMethodAndPathMatch() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/anything"); request.setServletPath("/anything"); - assertThat(matcher.matches(request)).isTrue(); } @Test public void queryStringIsMatcherCorrectly() { RegexRequestMatcher matcher = new RegexRequestMatcher(".*\\?x=y", "GET"); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/any/path?x=y"); request.setServletPath("/any"); request.setPathInfo("/path"); request.setQueryString("x=y"); - assertThat(matcher.matches(request)).isTrue(); } @@ -104,7 +98,6 @@ public class RegexRequestMatcherTests { RegexRequestMatcher matcher = new RegexRequestMatcher("/blah", "GET"); MockHttpServletRequest request = new MockHttpServletRequest("INVALID", "/blah"); request.setMethod("INVALID"); - assertThat(matcher.matches(request)).isFalse(); }