From 2b960b074b8518c81a789214e542954d82deedb8 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Mon, 18 Feb 2019 09:24:17 -0700
Subject: [PATCH] Polish Eager Header Config Tests

In the Java config tests, there is a simplified way to configure
Spring, and that is with SpringTestRule.

Also, test names typically follow the when-then convention.

Issue: gh-6501
---
 .../HeadersConfigurerJavaTests.java           | 131 ------------------
 .../HeadersConfigurerEagerHeadersTests.java   |  78 +++++++++++
 2 files changed, 78 insertions(+), 131 deletions(-)
 delete mode 100644 config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/HeadersConfigurerJavaTests.java
 create mode 100644 config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java

diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/HeadersConfigurerJavaTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/HeadersConfigurerJavaTests.java
deleted file mode 100644
index 485cadf1dd..0000000000
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/HeadersConfigurerJavaTests.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright 2002-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.config.annotation.authentication.configurers;
-
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
-import java.io.IOException;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import org.springframework.mock.web.MockFilterChain;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.header.HeaderWriterFilter;
-import org.springframework.web.context.ConfigurableWebApplicationContext;
-import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Tests for {@link HeadersConfigurer}.
- *
- * @author Ankur Pathak
- */
-public class HeadersConfigurerJavaTests {
-
-	private boolean allowCircularReferences = false;
-	private MockServletContext servletContext;
-	private MockHttpServletRequest request;
-	private MockHttpServletResponse response;
-	private MockFilterChain chain;
-	private ConfigurableWebApplicationContext context;
-
-
-	@Before
-	public void setUp() {
-		this.servletContext = new MockServletContext();
-		this.request = new MockHttpServletRequest(this.servletContext, "GET", "");
-		this.response = new MockHttpServletResponse();
-		this.chain = new MockFilterChain();
-	}
-
-
-	@After
-	public void cleanup(){
-		if (this.context != null){
-			this.context.close();
-		}
-	}
-
-
-	@EnableWebSecurity
-	public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			http
-					.headers()
-					.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
-						@Override
-						public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
-							filter.setShouldWriteHeadersEagerly(true);
-							return filter;
-						}
-					});
-		}
-	}
-
-	@Test
-	public void headersWrittenAtBeginningOfRequest() throws IOException, ServletException {
-		this.context = loadConfig(HeadersAtTheBeginningOfRequestConfig.class);
-		this.request.setSecure(true);
-		getSpringSecurityFilterChain().doFilter(this.request, this.response, this.chain);
-		assertThat(getResponseHeaders()).containsAllEntriesOf(new LinkedHashMap<String, String>(){{
-			put("X-Content-Type-Options", "nosniff");
-			put("X-Frame-Options", "DENY");
-			put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains");
-			put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
-			put("Expires", "0");
-			put("Pragma", "no-cache");
-			put("X-XSS-Protection", "1; mode=block");
-		}});
-	}
-
-
-	@SuppressWarnings("unchecked")
-	private Map<String, String > getResponseHeaders() {
-		Map<String, String> headers = new LinkedHashMap<>();
-		this.response.getHeaderNames().forEach(name -> {
-			List values = this.response.getHeaderValues(name);
-			headers.put(name, String.join(",", values));
-		});
-		return headers;
-	}
-
-	private ConfigurableWebApplicationContext loadConfig(Class<?>... configs) {
-		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-		context.register(configs);
-		context.setAllowCircularReferences(this.allowCircularReferences);
-		context.setServletContext(this.servletContext);
-		context.refresh();
-		return context;
-	}
-
-	private Filter getSpringSecurityFilterChain() {
-		return this.context.getBean("springSecurityFilterChain", Filter.class);
-	}
-}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
new file mode 100644
index 0000000000..e6be12e10e
--- /dev/null
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.web.configurers;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.test.SpringTestRule;
+import org.springframework.security.web.header.HeaderWriterFilter;
+import org.springframework.test.web.servlet.MockMvc;
+
+import static org.springframework.http.HttpHeaders.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+
+/**
+ * Tests for {@link HeadersConfigurer}.
+ *
+ * @author Ankur Pathak
+ */
+public class HeadersConfigurerEagerHeadersTests {
+
+	@Rule
+	public final SpringTestRule spring = new SpringTestRule();
+
+	@Autowired
+	MockMvc mvc;
+
+	@EnableWebSecurity
+	public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			//@ formatter:off
+			http
+				.headers()
+					.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
+						@Override
+						public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
+							filter.setShouldWriteHeadersEagerly(true);
+							return filter;
+						}
+					});
+			//@ formatter:on
+		}
+	}
+
+	@Test
+	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
+		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
+
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("X-Content-Type-Options", "nosniff"))
+				.andExpect(header().string("X-Frame-Options", "DENY"))
+				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
+				.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
+				.andExpect(header().string(EXPIRES, "0"))
+				.andExpect(header().string(PRAGMA, "no-cache"))
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
+	}
+}